Matt Caswell [Wed, 18 Aug 2021 11:24:22 +0000 (12:24 +0100)]
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Pauli [Mon, 31 May 2021 05:33:22 +0000 (15:33 +1000)]
sparc: fix cross compile build
(cherry picked from commit
64fac96de81d3dc19cc0c9045c341f0dec818075)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16336)
Nicola Tuveri [Wed, 18 Aug 2021 22:16:10 +0000 (01:16 +0300)]
Revert "[github-ci][cross-compiles.yml] Disable sparcv9"
This reverts commit
aa23aa759cf33b4f481fc719d42cb7bae8b2eaf0.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16336)
Pauli [Tue, 17 Aug 2021 13:34:52 +0000 (23:34 +1000)]
[github-ci] Add comment about our approach to GitHub Actions CI
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:54:08 +0000 (09:54 +0300)]
[github-ci][run-checker-merge.yml] Disable ubsan build
This commit temporarily disables the ubsan build,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 10:49:03 +0000 (13:49 +0300)]
[github-ci][ci.yml] Disable memory sanitizer build
In 1.1.1 currently we do not support running multiple tests in parallel,
and the `--debug -O1` msan build required more than 3h to run the tests.
This commit temporarily disables this build configuration.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 07:15:16 +0000 (10:15 +0300)]
[github-ci][run-checker-ci.yml] Disable no-tls1_3 tests
This commit temporarily disables tests for no-tls1_3,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:54:08 +0000 (09:54 +0300)]
[github-ci][ci.yml] Disable pyca external tests
This commit temporarily disables pyca external tests,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:53:08 +0000 (09:53 +0300)]
[github-ci][ci.yml] Disable krb5 external tests
This commit temporarily disables krb5 external tests,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:46:19 +0000 (09:46 +0300)]
[github-ci][cross-compiles.yml] Disable sparcv9
This commit temporarily disables cross-compiling tests for sparcv9, due
to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:37:02 +0000 (18:37 +0300)]
[github-ci] Import run-checker daily workflow from master
The daily run-checker is scheduled to start at 6:42, instead of the
start of the hour.
The official GitHub documentation remarks the following regarding
scheduled workflows:
> Note: The schedule event can be delayed during periods of high loads
> of GitHub Actions workflow runs. High load times include the start of
> every hour. To decrease the chance of delay, schedule your workflow to
> run at a different time of the hour.
42, obviously, has been picked because it is the answer to the ultimate
question of life, the universe, and everything.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:37:02 +0000 (18:37 +0300)]
[github-ci] Import run-checker workflows from master
This commit does not include the daily run-checker workflow.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:26:11 +0000 (18:26 +0300)]
[github-ci] Import cross-compiles.yml workflow from master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 14:55:31 +0000 (17:55 +0300)]
[github-ci] Import windows.yml workflow from master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 14:49:32 +0000 (17:49 +0300)]
[github-ci] Sync ci.yml workflow with master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Pauli [Tue, 17 Aug 2021 03:19:32 +0000 (13:19 +1000)]
pkcs12: check for zero length digest to avoid division by zero
Fixes #16331
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16333)
Ingo Franzki [Wed, 11 Aug 2021 10:53:09 +0000 (12:53 +0200)]
Test EVP Cipher updating the context's IV
Ensure that an EVP_CipherUpdate operation updates the context's
IV for AES CBC, CFB, OFB, and CTR. An application can get the
updated IV via EVP_CIPHER_CTX_iv().
The s390x implementation of the CFB and OFB ciphers did not
update the IV in the context, but only within its s390x specific
context data.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16292)
Ingo Franzki [Wed, 11 Aug 2021 07:39:46 +0000 (09:39 +0200)]
s390x: AES OFB/CFB: Maintain running IV from cipher context
Copy the current IV from the cipher context into the kmo/kmf param before
the operation, and copy the modified IV back to the context afterwards.
Without this, an application that obtains the running IV from the context
would still get the original IV, but not the updated one.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16292)
Todd Short [Fri, 13 Aug 2021 13:59:59 +0000 (09:59 -0400)]
Fix potential double-free
The `sk` variable is assigned to `s->session->peer_chain`.
If `ssl3_digest_cached_records()` were to fail, then `sk` would still be
non-NULL, and subsequently freed on the error return. When the session
is freed, it will then attempt to free `s->session->peer_chain`,
resulting in a double-free (of `sk`).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16309)
(cherry picked from commit
0449702abc95a3af24c049cb02c01ca6a8015cef)
Tomas Mraz [Fri, 13 Aug 2021 11:01:38 +0000 (13:01 +0200)]
Revert "TEST: Check that i2d refuses to encode non-optional items with no content"
This reverts commit
12e9b74c513a8ed3c1c260cf25221a465ae14b84.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:37 +0000 (13:01 +0200)]
Revert "ASN.1: Refuse to encode to DER if non-optional items are missing"
This reverts commit
006906cddda37e24a66443199444ef4476697477.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:35 +0000 (13:01 +0200)]
Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN"
This reverts commit
5434acb6c4d56507d761b28f7e142ccab808a8fa.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:34 +0000 (13:01 +0200)]
Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure"
This reverts commit
f1d97905bbd8679b7647c992b97f526791069040.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:29 +0000 (13:01 +0200)]
Revert "make update (adds a new function code)"
This reverts commit
ea26844c4f624ef515d9228d3b623761a369b049.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Billy Brumley [Wed, 4 Aug 2021 07:45:52 +0000 (10:45 +0300)]
[doc/man3] documentation: BN_cmp manpage updates
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16214)
(cherry picked from commit
3d4ca443b4778e3230ff23f17625f58f815a9142)
Tomas Mraz [Wed, 21 Jul 2021 16:45:01 +0000 (18:45 +0200)]
DSA/RSA_print(): Fix potential memory leak
Fixes #10777
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16130)
(cherry picked from commit
40184c96103a388209939c1c19920971c05bb78c)
Ingo Schwarze [Sun, 18 Jul 2021 15:48:06 +0000 (17:48 +0200)]
Fix a read buffer overrun in X509_aux_print().
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.
I found this bug while writing manual pages for X509_print_ex(3)
and related functions. Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see
http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others. But let's stay focussed. Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)
(cherry picked from commit
c5dc9ab965f2a69bca964c709e648158f3e4cd67)
Matt Caswell [Thu, 15 Jul 2021 13:08:56 +0000 (14:08 +0100)]
Fix some minor record layer issues
Various comments referred to s->packet and s->packet_length instead of
s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where
RECORD_LAYER_write_pending() should have been used. Based on the review
comments in #16077.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(cherry picked from commit
ca001524971ccd595bc0e9843611e6784adfc981)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16105)
Matt Caswell [Tue, 13 Jul 2021 16:44:44 +0000 (17:44 +0100)]
Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.
Fixes #12485
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16098)
Matt Caswell [Tue, 13 Jul 2021 16:19:12 +0000 (17:19 +0100)]
Don't reset the packet pointer in ssl3_setup_read_buffer
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.
Fixes #13729
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16098)
Daiki Ueno [Wed, 14 Jul 2021 09:15:34 +0000 (11:15 +0200)]
apps: Use the first detected address family if IPv6 is not available
This is a follow up of
15729bef385211bc2a0497e2d53a45c45d677d2c. Even
when the host does not support IPv6 at all, BIO_lookup_ex may now
return IN6ADDR_ANY in addition to INADDR_ANY, as the second element of
the ai_next field.
After
eee8a40aa5e06841eed6fa8eb4f6109238d59aea, the do_server function
prefers the IPv6 address and fails on the BIO_socket call. This adds
a fallback code to retry with the IPv4 address returned as the first
element to avoid the error.
The failure had been partially avoided in the previous code with
AI_ADDRCONFIG, because getaddrinfo returns only IPv4 address if no
IPv6 address is associated with external interface. However, it would
be still a problem if the external interface has an IPv6 address
assigned, while the loopback interface doesn't.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16078)
Richard Levitte [Mon, 12 Jul 2021 05:26:36 +0000 (07:26 +0200)]
Avoid empty lines in nmake rule bodies
nmake is tolerant of those empty lines, but jom isn't. That tolerance
isn't standard make behaviour, so we lean towards avoiding them.
We simply use '@rem' instead.
Fixes #16014
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16047)
Daiki Ueno [Thu, 8 Jul 2021 17:22:36 +0000 (19:22 +0200)]
BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given
The flag only affects which record types are queried via DNS (A or
AAAA, or both). When node is NULL and AF_UNSPEC is used, it prevents
getaddrinfo returning the right address associated with the loopback
interface.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16039)
Matt Caswell [Wed, 23 Jun 2021 07:54:12 +0000 (08:54 +0100)]
Avoid "excessive message size" for session tickets
We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the theoretical
maximum. The server may put any data it likes in the session ticket
including (for example) the full certificate chain so we should be able to
handle longer tickets. Update the value to the maximum allowed by the spec.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15877)
(cherry picked from commit
e54f0c9b2fe3dd2dcb5e8100e2c69e5b2f6eb681)
Richard Levitte [Fri, 9 Jul 2021 07:14:11 +0000 (09:14 +0200)]
make update (adds a new function code)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
Richard Levitte [Fri, 9 Jul 2021 06:51:55 +0000 (08:51 +0200)]
Fix test/asn1_encode_test.c to handle encoding/decoding failure
Make it only report (and fail on) encoding/decoding failures when success
is expected.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
Richard Levitte [Fri, 9 Jul 2021 06:31:24 +0000 (08:31 +0200)]
Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items.
This test program used it for non-optional items, which doesn't encode
well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
Richard Levitte [Thu, 8 Jul 2021 11:38:45 +0000 (13:38 +0200)]
ASN.1: Refuse to encode to DER if non-optional items are missing
Fixes #16026
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
Richard Levitte [Thu, 8 Jul 2021 11:33:28 +0000 (13:33 +0200)]
TEST: Check that i2d refuses to encode non-optional items with no content
The test case creates an RSA public key and tries to pass it through
i2d_PrivateKey(). This SHOULD fail, since the private bits are missing.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16027)
Matt Caswell [Tue, 6 Jul 2021 15:24:07 +0000 (16:24 +0100)]
Fix s_server PSK handling
Issue #15951 describes a scenario which causes s_server to fail when using
a PSK. In the originally described issue this only impacted master and not
1.1.1. However, in fact this issue does also impact 1.1.1 - but only if you
additionally supply the option "-no_ticket" to the s_server command line.
The difference between the behaviour in master and 1.1.1 is due to
9c13b49,
which changed PSK_MAX_IDENTITY_LEN from 128 to 256. It just so happens that
a default OpenSSL TLSv1.3 ticket length happens to fall between those 2
values. Tickets are presented in TLSv1.3 as a PSK "identity". Passing
"no_ticket" doesn't actually stop TLSv1.3 tickets completely, it just
forces the use of "session ids as a ticket" instead. This significantly
reduces the ticket size to below 128 in 1.1.1.
The problem was due to s_server setting a TLSv1.2 PSK callback and a
TLSv1.3 PSK callback. For backwards compat reasons the TLSv1.2 PSK
callbacks also work in TLSv1.3 but are not preferred. In the described
scenario we use a PSK to create the initial connection. Subsequent to that
we attempt a resumption using a TLSv1.3 ticket (psk). If the psk length is
below PSK_MAX_IDENTITY_LEN then we first call the TLSv1.2 PSK callback.
Subsequently we call the TLSv1.3 PSK callback. Unfortunately s_server's
TLSv1.2 PSK callback accepts the identity regardless, even though it is an
unexpected value, and hence the binder subsequently fails to verify.
The fix is to bail early in the TLSv1.2 callback if we detect we are being
called from a TLSv1.3 connection.
Fixes #15951
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16008)
(cherry picked from commit
0007ff257c95f5cd046799e492436f41caf4ecb2)
Pauli [Sat, 19 Jun 2021 06:17:38 +0000 (16:17 +1000)]
test: add test for auto DH security level meets the minimum
Manual merge from https://github.com/openssl/openssl/pull/15818
Commit id
d0e5230dcecc6013d351545ceb275aa2ba5baa80
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15832)
Pauli [Sat, 19 Jun 2021 06:16:36 +0000 (16:16 +1000)]
ssl: do not choose auto DH groups that are weaker than the security level
manual merge from https://github.com/openssl/openssl/pull/15818
id
d7b5c648d682b499b71320a03747602a6ba4dec3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15832)
Oliver Mihatsch [Mon, 5 Jul 2021 14:23:03 +0000 (16:23 +0200)]
Fix memory leak in i2d_ASN1_bio_stream
When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream().
This results in calling asn1_bio_flush_ex cleanup but will only
reset retry flags as the state is not ASN1_STATE_POST_COPY.
Therefore 48 bytes (Linux x86_64) leaked since the
ndef_prefix_free / ndef_suffix_free callbacks are not executed
and the ndef_aux structure is not freed.
By always calling free function callback in asn1_bio_free() the
memory leak is fixed.
(cherry picked from commit
3a1d2b59522163ebb83bb68e13c896188dc222c6)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15999)
Pauli [Mon, 5 Jul 2021 01:01:59 +0000 (11:01 +1000)]
bn: procduce correct sign for result of BN_mod()
There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect. The problem only
occurs if the dividend and the quotient are the same BIGNUM.
Fixes #15982
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15991)
(cherry picked from commit
105c83150f15af3f78ea0758859062842bdbe30e)
Tomas Mraz [Wed, 30 Jun 2021 09:17:09 +0000 (11:17 +0200)]
doc: Mention the update of der data pointers in d2i/i2d
Fixes #15958
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15973)
David Benjamin [Tue, 29 Jun 2021 18:41:12 +0000 (14:41 -0400)]
Fix use of uninitialized memory in test_rsa_oaep
48f1739600f33c92387debce2002acec6e365f1d did not convert the RSA OAEP
tests correctly. The corrupted ciphertext and truncation tests were
really decrypting uninitialized memory, rather than the sample
ciphertext. This results in an error in tools like MSan.
The test is somewhat roundabout. In the original version, before the
conversion, ctext_ex was an OAEP test vector from key1(), etc.,
functions. The test would:
1. Encrypt ptext_ex as ctext.
2. Decrypt ctext and check it gives ptext_ex.
3. Decrypt ctext_ex and check it gives ptext_ex.
4. Try corrupted and truncated versions of ctext.
48f1739600f33c92387debce2002acec6e365f1d then moved steps 1 and 2 into
test_rsa_simple, which meant ctext is no longer available for step 4. It
then mistakenly left the variable around, but uninitialized, so the test
wasn't testing anything. (Confusingly, test_rsa_simple outputs ctext_ex
to the caller, but doesn't do anything with it. The ctext_ex output is
also only usable for OAEP, not PKCS#1 v1.5.)
It doesn't really matter whether we use ctext or ctext_ex for step 4, so
this PR fixes it by using ctext_ex instead.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15950)
(cherry picked from commit
36a4637e158508f5d2fb7750e4870888072a56f9)
David CARLIER [Mon, 28 Jun 2021 08:55:22 +0000 (09:55 +0100)]
apple getentropy removal
backport of #15924
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15935)
luyahan [Mon, 29 Mar 2021 07:33:23 +0000 (16:33 +0900)]
Add riscv64 target
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14724)
Lars Immisch [Thu, 5 Mar 2020 10:26:06 +0000 (11:26 +0100)]
Use getauxval on Android with API level > 18
We received analytics that devices of the device family Oppo A37x
are crashing with SIGILL when trying to load libcrypto.so.
These crashes were fixed by using the system-supplied getauxval function.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15763)
yunh [Wed, 23 Jun 2021 01:46:42 +0000 (09:46 +0800)]
enable getauxval on android 10
Fixes #9498
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15870)
Richard Levitte [Thu, 10 Jun 2021 07:43:07 +0000 (09:43 +0200)]
Clean away remaining Travis related files
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15693)
Patrick Steuer [Tue, 8 Jun 2021 08:22:53 +0000 (10:22 +0200)]
Test EVP_CipherInit sequences and resets
Various EVP_CipherInit sequences including partial inits and initializations
with different "enc" flags caused problems on s390x. Similarly, cipher
reinitialization and especially GCM reinitialization with different tag length
led to wrong results. Add some unit tests to cover these rather exotic use
cases.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14900)
Patrick Steuer [Fri, 16 Apr 2021 15:09:46 +0000 (15:09 +0000)]
s390x: cipher must set EVP_CIPH_ALWAYS_CALL_INIT flag
The s390x cipher implementations must call their init function
even if the key argument is NULL to allow initializing the
cipher operation's context in any order.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14900)
Matt Caswell [Wed, 2 Jun 2021 16:19:23 +0000 (17:19 +0100)]
Only call dtls1_start_timer() once
The function dtls1_handle_timeout() calls dtls1_double_timeout() which
was calling dtls1_start_timer(). However dtls1_start_timer() is also
called directly by dtls1_handle_timeout(). We only need to start the timer
once.
Fixes #15561
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15595)
(cherry picked from commit
f570d33b02d824e2a3f676f718c4692572f45333)
bonniegong [Wed, 2 Jun 2021 07:35:18 +0000 (15:35 +0800)]
Check the return value of ASN1_STRING_length
ASN1_STRING_length gets the field 'length' of msg, which
can be manipulated through a crafted input.
Add a check to avoid error execution of OPENSSL_malloc().
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15583)
(cherry picked from commit
effb0dcf864110a4595f1a243adb9c1dd09eb516)
Dr. David von Oheimb [Thu, 27 May 2021 17:35:53 +0000 (19:35 +0200)]
ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15505)
Trev Larock [Fri, 28 May 2021 02:26:41 +0000 (02:26 +0000)]
Modify ssl_handshake_hash to call SSLfatal
When EVP_MD_CTX_new fails call SSLfatal before the goto err.
This resolves a state machine issue on the out of memory condition:
ssl/statem/statem.c:643: OpenSSL internal error: Assertion failed:
(s)->statem.in_init && (s)->statem.state == MSG_FLOW_ERROR
Fixes #15491.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15511)
Tomas Mraz [Fri, 28 May 2021 12:12:12 +0000 (14:12 +0200)]
Put init_ec_point_formats() inside #ifndef OPENSSL_NO_EC
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15518)
Todd Short [Wed, 26 May 2021 14:03:35 +0000 (10:03 -0400)]
Call SSLfatal when the generate_ticket_cb returns 0
Otherwise, the state machine ends up being in a bad state:
```
SSL routines:write_state_machine:missing fatal:ssl/statem/statem.c:850:
```
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15485)
Shane Lontis [Fri, 18 Sep 2020 02:45:14 +0000 (12:45 +1000)]
s_client.pod: Fix grammar in NOTES section.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12907)
Dmitry Belyavskiy [Thu, 20 May 2021 14:03:05 +0000 (16:03 +0200)]
Cleanup the peer point formats on regotiation
Fixes #14875
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15383)
(cherry picked from commit
3f987381929ee725daf4746591144dde18f313e1)
Jean-Philippe Boivin [Mon, 17 May 2021 20:38:14 +0000 (16:38 -0400)]
Properly restore XMM registers in ChaCha20's AVX-512(VL) assembly
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15315)
(cherry picked from commit
6d3f798cba8075e700003aaf34f1e72bb930086c)
Christian Heimes [Tue, 30 Mar 2021 10:02:42 +0000 (12:02 +0200)]
Inherit hostflags verify params even without hosts
X509_VERIFY_PARAM_inherit() now copies hostflags independently of hosts.
Previously hostflags were only copied when at least one host was set.
Typically applications don't configure hosts on SSL_CTX. The change
enables applications to configure hostflags on SSL_CTX and have OpenSSL
copy the flags from SSL_CTX to SSL.
Fixes: https://github.com/openssl/openssl/issues/14579
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14856)
Theo Buehler [Sat, 1 May 2021 11:09:10 +0000 (13:09 +0200)]
Test oct2point for hybrid point encoding of (0, y)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15112)
Theo Buehler [Sat, 1 May 2021 10:25:50 +0000 (12:25 +0200)]
Avoid division by zero in hybrid point encoding
In hybrid and compressed point encodings, the form octet contains a bit
of information allowing to calculate y from x. For a point on a binary
curve, this bit is zero if x is zero, otherwise it must match the
rightmost bit of of the field element y / x. The existing code only
considers the second possibility. It could thus incorrecly fail with a
division by zero error as found by Guido Vranken's cryptofuzz.
This commit adds a few explanatory comments to oct2point. The only
actual code change is in the last hunk which adds a BN_is_zero(x)
check to avoid the division by zero.
Fixes #15021
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15112)
Benjamin Kaduk [Tue, 30 Mar 2021 06:05:22 +0000 (23:05 -0700)]
Update expected results for tls13kexmodes tests
One of the scenarios constructed in these tests was erroneously
producing successful handshakes until the previous commits, but should
have been failing. Update our expected behavior to match the
specification requirements, and adjust the commentary slightly for
a test case relevant for the other preceding commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
80c25611abd7067815943187f36f5e1879201678)
(Merged from https://github.com/openssl/openssl/pull/15255)
Benjamin Kaduk [Tue, 30 Mar 2021 04:27:49 +0000 (21:27 -0700)]
Don't send key_share for PSK-only key exchange
TLS 1.3 allows for the "psk_ke" and "psk_dhe_ke" key-exchange modes.
Only the latter mode introduces a new ephemeral (Diffie-Hellman)
key exchange, with the PSK being the only key material used in the
former case.
It's a compliance requirement of RFC 8446 that the server MUST NOT
send a KeyShareEntry when using the "psk_ke" mode, but prior to
this commit we would send a key-share based solely on whether the
client sent one. This bug goes unnoticed in our internal test suite
since openssl communicating with openssl can never negotiate the
PSK-only key-exchange mode. However, we should still be compliant
with the spec, so check whether the DHE mode was offered and don't
send a key-share if it wasn't.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
e776858bce32d473bd7a69c616ad7f6c2f979dfc)
(Merged from https://github.com/openssl/openssl/pull/15255)
Benjamin Kaduk [Tue, 30 Mar 2021 06:08:10 +0000 (23:08 -0700)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15255)
Benjamin Kaduk [Tue, 30 Mar 2021 06:03:49 +0000 (23:03 -0700)]
Improve RFC 8446 PSK key exchange mode compliance
It's a MUST-level requirement that if the client sends a pre_shared_key
extension not accompanied by a psk_key_exchange_modes extension, the
server must abort the handshake. Prior to this commit the server
would continue on.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit
efe0f315354b020213097885c79ce856a2f5ac68)
(Merged from https://github.com/openssl/openssl/pull/15255)
bonniegong [Mon, 12 Apr 2021 02:43:13 +0000 (10:43 +0800)]
check i2d_ASN1_TYPE return value
add a length check to the return value of function i2d_ASN1_TYPE. Return an error instead of trying to malloc a negative number.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14828)
(cherry picked from commit
c65abf2213117eb5348a46fbc18f706aca052e85)
Dmitry Belyavskiy [Fri, 30 Apr 2021 16:13:14 +0000 (18:13 +0200)]
Testing private keys with extra attributes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15075)
Dmitry Belyavskiy [Wed, 28 Apr 2021 18:43:35 +0000 (21:43 +0300)]
Try to parse private key as PKCS#8 first, fallback afterwards
Fixes #15022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15075)
David Carlier [Sat, 24 Apr 2021 15:13:26 +0000 (16:13 +0100)]
BIO_listen: disable setting ipv6_v6only on OpenBSD as it is a read only data and true
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15015)
(cherry picked from commit
f7f0632b01cf16efccb133e395cf115c194bd003)
Dmitry Belyavskiy [Wed, 5 May 2021 12:29:28 +0000 (14:29 +0200)]
Avoid sending alerts after shutdown
Fixes #11388
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15159)
(cherry picked from commit
22d1138fe2fde9a16e80b81de1d848ae6fa879ef)
Fred Hornsey [Wed, 18 Nov 2020 04:20:43 +0000 (22:20 -0600)]
Support for Android NDK r22
This is a backport of #13434, Fixes #13685.
I think builds using standalone toolchain are fine so I left them alone,
but `Configure` will fail if using the NDK directly because the
`platforms` and `sysroot` directories were removed.
If `sysroot` is missing, omit the `--sysroot` and `-gcc-toolchain`
arguments and use the triplet form clang command.
Also since `platforms` was being used for the default API level, use
`meta/platforms.json` instead if needed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13694)
Dmitry Belyavskiy [Sat, 1 May 2021 11:29:05 +0000 (13:29 +0200)]
Use OCSP-specific error code for clarity
Fixes #12735 for 1.1.1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15109)
Hubert Kario [Fri, 30 Apr 2021 14:41:17 +0000 (16:41 +0200)]
man: s_server: fix typo in -alpn option description
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15098)
Shane Lontis [Wed, 21 Apr 2021 03:49:29 +0000 (13:49 +1000)]
Test that we don't have a memory leak in d2i_ASN1_OBJECT.
Fixes #14667
Reworked test supplied by @smcpeak into a unit test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14938)
Richard Levitte [Tue, 20 Apr 2021 06:43:30 +0000 (08:43 +0200)]
ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
The 'sn' and 'ln' strings may be dynamically allocated, and the
ASN1_OBJECT flags have a bit set to say this. If an ASN1_OBJECT with
such strings is passed to d2i_ASN1_OBJECT() for reuse, the strings
must be freed, or there is a memory leak.
Fixes #14667
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14938)
Richard Levitte [Thu, 22 Apr 2021 12:37:40 +0000 (14:37 +0200)]
Don't remove $(TARFILE) when cleaning
This file is outside the source tree, so we have no business removing
it. This is especially concerning if that was the tarball the user
had to create the source tree.
Fixes #14981
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14985)
(cherry picked from commit
f58f7ec9397de7b752aa547e2677933559a657db)
Tomas Mraz [Thu, 22 Apr 2021 10:45:39 +0000 (12:45 +0200)]
Correct the return value on match and mismatch for MAC pkeys
Fixes #14147
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14982)
Tomas Mraz [Thu, 22 Apr 2021 09:16:37 +0000 (11:16 +0200)]
Test that EVP_PKEY_cmp() returns 1 when comparing a key to itself
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14982)
Niclas Rosenvik [Tue, 20 Apr 2021 17:14:27 +0000 (19:14 +0200)]
Some compilers define __STDC_VERSION__ in c++
Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ .
This causes c++ code that uses openssl to break on these compilers since
_Noreturn is not a keyword in c++ .
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14944)
(cherry picked from commit
1f3b58d8413cfa3824e9c0a146dee6ceedbc367e)
Pauli [Sun, 18 Apr 2021 22:57:18 +0000 (08:57 +1000)]
engine: fix double free on error path.
In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8.
In the nop8 branch, p8 is freed again at line 491.
Bug reported by @Yunlongs
Fixes #14915
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)
(cherry picked from commit
efe8d69daa1a68be0a7f0f73220947c848e7ed1d)
Pauli [Sun, 18 Apr 2021 22:55:37 +0000 (08:55 +1000)]
ts: fix double free on error path.
In function int_ts_RESP_verify_token, if (flags & TS_VFY_DATA) is true, function ts_compute_imprint() will be called at line 299.
In the implementation of ts_compute_imprint, it allocates md_alg at line 406.
But after the allocation, if the execution goto err, then md_alg will be freed in the first time by X509_ALGOR_free at line 439.
After that, ts_compute_imprint returns 0 and the execution goto err branch of int_ts_RESP_verify_token.
In the err branch, md_alg will be freed in the second time at line 320.
Bug reported by @Yunlongs
Fixes #14914
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)
(cherry picked from commit
db78c84eb2fa9c41124690bcc2ea50e05f5fc7b7)
Pauli [Sun, 18 Apr 2021 22:51:38 +0000 (08:51 +1000)]
srp: fix double free,
In function SRP_create_verifier_ex, it calls SRP_create_verifier_BN_ex(..., &v, ..) at line 653.
In the implementation of SRP_create_verifier_BN_ex(), *verify (which is the paremeter of v) is allocated a pointer via BN_new() at line 738.
And *verify is freed via BN_clear_free() at line 743, and return 0.
Then the execution continues up to goto err at line 655, and the freed v is freed again at line 687.
Bug reported by @Yunlongs
Fixes #14913
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)
(cherry picked from commit
b06450bcf763735a89b65ca3ec176600fe7fceed)
Todd Short [Mon, 22 Mar 2021 16:56:36 +0000 (12:56 -0400)]
Handle set_alpn_protos inputs better.
It's possible to set an invalid protocol list that will be sent in a
ClientHello. This validates the inputs to make sure this does not
happen.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14679)
Dave Coombs [Tue, 6 Apr 2021 16:49:21 +0000 (12:49 -0400)]
crl2pkcs7 shouldn't include empty optional sets
If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include
the implicitly tagged [0] certs and [1] crls sets as they are marked
optional and would be empty.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14781)
(cherry picked from commit
d3a5898a7f4980bc0fa6345c408f88007573c405)
Nan Xiao [Wed, 7 Apr 2021 01:18:29 +0000 (09:18 +0800)]
Fix typos in x509.pod
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14783)
(cherry picked from commit
4c979cbeeb9792b170670fa15e29d077597e7ee0)
Nan Xiao [Thu, 1 Apr 2021 05:55:04 +0000 (13:55 +0800)]
Fix potential double free in sslapitest.c
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14758)
(cherry picked from commit
493e78986f9677c2b321273da51c276b9a8182d8)
Nan Xiao [Mon, 29 Mar 2021 09:24:01 +0000 (17:24 +0800)]
Remove unnecessary BIO_do_handshake()s
Since BIO_do_connect() and BIO_do_handshake() are same, no
need to invoke BIO_do_handshake() once more after BIO_do_connect().
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14725)
(cherry picked from commit
975e37cd016f86985d16f1ee646e88213494854a)
Mohamed Akram [Wed, 10 Mar 2021 14:59:13 +0000 (18:59 +0400)]
doc: fix enc -z option documentation
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14499)
(cherry picked from commit
6635ea531e9f7709e5880dd77fd4c3403a5c3db7)
Alex Yursha [Tue, 9 Mar 2021 20:07:26 +0000 (10:07 -1000)]
Print correct error message in utils/mkdir-p.pl
Commit
70a56b914772e6b21cda2a5742817ae4bb7290f1 introduced a regression.
If utils/mkdir-p.pl fails to create a target dir because of insufficient file system
permissions, the subsequent test for dir existence always fails and overwrites
the system error. As a result, a user is presented with a misleading error message.
E.g. if a user tries to create a dir under /usr/local and does not have permissions
for it, the reported error message is "Cannot create directory /usr/local/lib: No such file or directory",
whereas the expected error message is "Cannot create directory /usr/local/lib: Permission denied".
This commit introduces a fix by declaring an additional local variable to cache
the original error message from mkdir. If -d check fails and overwrites the system
error, the user is still presented with the original error from mkdir.
CLA: Trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14487)
(cherry picked from commit
af2e1e9c81110ca1a156430686e2f171e80ebfa0)
Nan Xiao [Mon, 29 Mar 2021 04:05:27 +0000 (12:05 +0800)]
Fix typo in BIO_push.pod
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14718)
(cherry picked from commit
2db9bef264ba39e173d6b6a3a800595e15eef31b)
Nan Xiao [Mon, 29 Mar 2021 04:24:08 +0000 (12:24 +0800)]
Fix BIO_new_ssl_connect() to not leak memory
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14719)
(cherry picked from commit
7947a1eb13c221bbc034796bd394ba00b0e2387d)
Matt Caswell [Thu, 25 Mar 2021 13:28:48 +0000 (13:28 +0000)]
Prepare for 1.1.1l-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 25 Mar 2021 13:28:38 +0000 (13:28 +0000)]
Prepare for 1.1.1k release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 25 Mar 2021 13:21:32 +0000 (13:21 +0000)]
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 25 Mar 2021 10:29:55 +0000 (10:29 +0000)]
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Matt Caswell [Thu, 18 Mar 2021 16:52:10 +0000 (16:52 +0000)]
Ensure buffer/length pairs are always in sync
Following on from CVE-2021-3449 which was caused by a non-zero length
associated with a NULL buffer, other buffer/length pairs are updated to
ensure that they too are always in sync.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>