Pauli [Thu, 5 Oct 2023 23:26:23 +0000 (10:26 +1100)]
evp: process key length and iv length early if present
evp_cipher_init_internal() takes a params array argument and this is processed
late in the initialisation process for some ciphers (AEAD ones).
This means that changing the IV length as a parameter will either truncate the
IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised
bytes.
Truncation is very bad if SP 800-38d section 8.2.1 is being used to
contruct a deterministic IV. This leads to an instant loss of confidentiality.
Grabbing extra bytes isn't so serious, it will most likely result in a bad
decryption.
Problem reported by Tony Battersby of Cybernetics.com but earlier discovered
and raised as issue #19822.
Fixes CVE-2023-5363
Fixes #19822
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Tomas Mraz [Thu, 19 Oct 2023 06:37:47 +0000 (08:37 +0200)]
Fix Coverity
1547856: memset() uses only the lowest byte of c
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22430)
(cherry picked from commit
0bf18140f491024232beca4e139c8feecfe207e9)
Matthias St. Pierre [Sun, 15 Oct 2023 23:35:48 +0000 (01:35 +0200)]
rand: fix seeding from a weak entropy source
The 'rand_generate' method is not well suited for being used with
weak entropy sources in the 'get_entropy' callback, because the
caller needs to provide a preallocated buffer without knowing
how much bytes are actually needed to collect the required entropy.
Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods
which were exactly designed for this purpose: it's the callee who
allocates and fills the buffer, and finally cleans it up again.
The 'rand_get_seed' and 'rand_clear_seed' methods are currently
optional for a provided random generator. We could fall back to
using 'rand_generate' if those methods are not implemented.
However, imo it would be better to simply make them an officially
documented requirement for seed sources.
Fixes #22332
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
(cherry picked from commit
7998e7dc07d8f1f516af32887f2490c03cd8c594)
Richard Levitte [Wed, 11 Oct 2023 01:19:23 +0000 (12:19 +1100)]
rand: improve error message for rand pool overflows
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22394)
(cherry picked from commit
0a8faac3c7cc2e88f46a8bdce5bd039dc22abdec)
наб [Wed, 18 Oct 2023 13:35:55 +0000 (15:35 +0200)]
Reference the non-"legacy" provider names directly from EVP_md5(3) &c.
Earlier today, it took me five manuals! to find what on earth the
"Performance"/"EVP_MD_fetch(3)" crosslinks actually mean:
EVP_sha1(3)
crypto(7)
EVP_MD_fetch(3) (but not there! don't read that!)
OSSL_PROVIDER-default(7)
EVP_MD-SHA1(7)
If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/,
which it should do, since it's supposed to be what you're replacing it
with, but it doesn't actually say that, maybe people would use it.
I know I didn't because it's basically just deadass buried
As found by git grep -l 'and should consider using'
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22420)
(cherry picked from commit
b6eb95fa4439ea6254a5330487dabb2a499fb6c8)
Matthias St. Pierre [Mon, 16 Oct 2023 21:48:03 +0000 (23:48 +0200)]
rand: add callbacks to cleanup the user entropy resp. nonce
The `get_user_{entropy,nonce}` callbacks were add recently to the
dispatch table in commit
4cde7585ce8e. Instead of adding corresponding
`cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}`
callbacks were reused. This can cause a problem in the case where the
seed source is replaced by a provider: the buffer gets allocated by
the provider but cleared by the core.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22423)
(cherry picked from commit
5516d20226c496c2b22fa741698b4d48dad0428f)
Tomas Mraz [Thu, 19 Oct 2023 08:30:15 +0000 (10:30 +0200)]
load_key_certs_crls(): There is no quiet argument
This fixes broken cherry-pick from the master branch
where there is a quiet argument.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22434)
Tomas Mraz [Thu, 19 Oct 2023 07:23:43 +0000 (09:23 +0200)]
cms_enc.c: Include crypto/asn1.h for struct asn1_object_st
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22432)
(cherry picked from commit
fa9e6ad46860ea92aa2e1ba997b20c6dff76b42c)
Tomas Mraz [Mon, 9 Oct 2023 09:36:50 +0000 (11:36 +0200)]
apps: Print out a proper message when a store cannot be opened
Fixes #22306
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22318)
(cherry picked from commit
edc2b6e3b1950ab0fb71e2d7dca0836b43a9ec3b)
Neil Horman [Wed, 11 Oct 2023 16:45:44 +0000 (12:45 -0400)]
Add a test to confirm that legacy rsa keys work
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
(cherry picked from commit
e62097f48c3d0b8b61ca6a061b8098b0086b3fbc)
Neil Horman [Tue, 10 Oct 2023 15:06:44 +0000 (11:06 -0400)]
Dont require CRT params on ossl_rsa_set0_all_params
Its not required that crt params be available in an RSA key, so don't
perform an error check on them
Fixes #29135
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
(cherry picked from commit
2647726bd3ca63dc5f07ae3f10e16dff35d95626)
Neil Horman [Tue, 5 Sep 2023 16:08:19 +0000 (12:08 -0400)]
remove sanity check from ossl_rsa_todata
Theres no reason we should gate ossl_rsa_todata on there being a minimum
set of parameters. EVP_PKEY_todata makes no guarantees about the
validity of a key, it only returns the parameters that are set in the
requested key, whatever they may be. Remove the check.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22334)
(cherry picked from commit
4ad3a44ba45a4026170336161228d435f6784564)
Tomas Mraz [Mon, 4 Sep 2023 09:10:42 +0000 (11:10 +0200)]
ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs
This makes them zeroes otherwise
where NULLs actually mean the values aren't present.
Fixes #21935
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22334)
(cherry picked from commit
15a39e7025e0ed4e31664c499894006e41582068)
Neil Horman [Wed, 11 Oct 2023 13:34:02 +0000 (09:34 -0400)]
ensure that ossl_obj_nid_lock is allocated before use
external calls to OBJ_new_nid will fail on an attempt to lock the
ossl_obj_nid_lock as it won't have been initalized yet.
Bifurcate OBJ_new_nid into an external and internal variant, in which
the former calls ossl_obj_write_lock (ensuring that the nid_lock is
initalized), while OBJ_create (the sole internal caller) uses the latter
to avoid having to drop and re-acquire the lock
Fixes #22337
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22350)
(cherry picked from commit
cd920f8fa1bb603a620bea697027f5573fadc12e)
James Muir [Sat, 14 Oct 2023 23:36:57 +0000 (19:36 -0400)]
cms encrypt, better OBJ_nid2obj() return check
Fixes #22225
In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to
the special "undefined" ASN1_OBJECT is returned. Check for the
undefined-ASN1_OBJECT and return an error. Also, add a test for this
in 80-test_cms.t.
Testing:
#!/bin/bash -x
shopt -s expand_aliases
alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl"
echo "This is a confidential message. It should be encrypted." > msg.txt
## this should fail b/c there is no OID for aes-256-ctr
openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem
echo $?
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22392)
(cherry picked from commit
bd160912dcc5e39bcdc925d9aa6538f20e37ad16)
Pavel Stetsuk [Thu, 14 Sep 2023 20:05:49 +0000 (23:05 +0300)]
fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined)
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22108)
(cherry picked from commit
a47fc4ed401da4e2d84e035cc4add566e85b03d0)
Daiki Ueno [Mon, 16 Oct 2023 05:42:12 +0000 (14:42 +0900)]
rsa: Accept NULL OAEP label for backward compatibility
According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label()
should accept NULL as the label argument, though the function
currently rejects it while setting the corresponding octet string
parameter with OSSL_PARAM_construct_octet_string, which expects
non-NULL input. This adds a workaround to the caller for backward
compatibility.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22397)
(cherry picked from commit
21b98da9d80c561b6273b0c51c259196d6740e70)
James Muir [Tue, 10 Oct 2023 16:41:59 +0000 (12:41 -0400)]
Update unix Makefile template to handle paths with spaces
Fixes #4668 (on unix-like platforms)
Testing:
rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace"
make -j6 update
make -j6
make install
make test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22386)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:27:31 +0000 (22:27 +0200)]
EVP shake_ctrl(): add missing NULL evp_ctx check
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
(cherry picked from commit
410c80dc7bf2085167553ab9fa517189eed2b3a6)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:12:22 +0000 (22:12 +0200)]
CMS_add1_signer(): add missing ERR_raise() calls
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
(cherry picked from commit
72a99ef665b26fa207c0eee6e7e4842d1e42752c)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:39:25 +0000 (22:39 +0200)]
CMS_add1_signer.pod: add missing info on CMS_SignerInfo_sign() return values
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
(cherry picked from commit
2c581eb2fd92e997dfe0761b086eb690271cefc2)
Dr. David von Oheimb [Fri, 13 Oct 2023 20:30:31 +0000 (22:30 +0200)]
PKCS7_SIGNER_INFO: point out confusing names of digest_enc_alg and enc_digest fields
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22390)
(cherry picked from commit
e15891b477fe9c3d3dc6f331812c9e8afc48dc05)
Pauli [Wed, 11 Oct 2023 21:46:19 +0000 (08:46 +1100)]
cmp: add null pointer check in tear_down test function
problem reported by: 2ourc3
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22355)
(cherry picked from commit
91a5c0e40cf272d18b65c9e4c9a0268f244758a8)
James Muir [Wed, 11 Oct 2023 22:11:42 +0000 (18:11 -0400)]
Fix parenthesis, use a colon
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22356)
(cherry picked from commit
008ca01e506d85acf0cc06ea8f219a883328344c)
Tomas Mraz [Wed, 11 Oct 2023 09:20:02 +0000 (11:20 +0200)]
Windows: use srand() instead of srandom()
This is used for memory allocation failure debugging only
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
(cherry picked from commit
3b107b86ca7d1c6309bc7071ead59acb8c098f3b)
Tomas Mraz [Wed, 11 Oct 2023 09:05:37 +0000 (11:05 +0200)]
Windows CI: Add some non-default options to check they are working
Some of the non-default options that enable more
code to be built need to be enabled in one of the
Windows builds to avoid regressions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22347)
(cherry picked from commit
10767fd9db14b6eedfb0827f9e404c0d4b94424b)
Tomas Mraz [Thu, 5 Oct 2023 09:11:16 +0000 (11:11 +0200)]
DH_check_pub_key() should not fail when setting result code
The semantics of ossl_ffc_validate_public_key() and
ossl_ffc_validate_public_key_partial() needs to be changed
to not return error on non-fatal problems.
Fixes #22287
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22291)
(cherry picked from commit
eaee1765a49c6a8ba728e3e2d18bb67bff8aaa55)
Richard Levitte [Tue, 10 Oct 2023 10:32:40 +0000 (12:32 +0200)]
test/recipes/05-test_rand.t: replace 'and' with '&&'
The lower priority 'and' seems to have some "interesting" interactions with
function argument parsing in some perl versions (presumably because 'and' is
lower priority than the comma).
For the lines that are changed here, perl v5.20.1 says this:
Useless use of string eq in void context at [.test.recipes]05-test_rand.t line 33.
Useless use of numeric eq (==) in void context at [.test.recipes]05-test_rand.t line 39.
Replacing 'and' with '&&' in these two cases fixes the problem.
Replacing
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22331)
(cherry picked from commit
715242b1ca2b7267a70fb13c3544a84b947a6e81)
Bernd Edlinger [Mon, 18 Sep 2023 06:16:01 +0000 (08:16 +0200)]
Improve Malloc Failure Test
Allow 2 digits after the comma in percentage in OPENSSL_MALLOC_FAILURES.
Add OPENSSL_MALLOC_SEED to allow for some randomization.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22127)
(cherry picked from commit
3df5736cf303d2c69654ba1c295a9772b738608e)
Klavishnik [Thu, 10 Aug 2023 10:56:24 +0000 (13:56 +0300)]
Added check for the return value of the RAND_bytes() function
Call app_bail_out if RAND_bytes() fails.
Also changed the output parameter of RAND_bytes() to inp as
writing to encrypted output buffer does not make sense.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21706)
(cherry picked from commit
8d120aef951d7bb7deac0b8b559f8003f5ea6384)
Klavishnik [Wed, 9 Aug 2023 14:05:03 +0000 (17:05 +0300)]
Avoid divide-by-zero in kmac_prov.c's bytepad()
This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21698)
(cherry picked from commit
91895e39b10033178e662fc7427a09d7562cf8e1)
Tomas Mraz [Tue, 26 Sep 2023 15:39:50 +0000 (17:39 +0200)]
Optimize out unneeded up_ref/free of EVP_CIPHER
Fixes #22189
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22198)
(cherry picked from commit
8ed76c62b5d3214e807e684c06efd69c6471c800)
Tomas Mraz [Tue, 3 Oct 2023 13:45:13 +0000 (15:45 +0200)]
d2i_X509.pod: Better document using the reuse capability for libctx setup
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22265)
(cherry picked from commit
4ca56f51803a8ae010423180ac80ef991cf78fc5)
Tomas Mraz [Wed, 4 Oct 2023 07:30:43 +0000 (09:30 +0200)]
BN_gcd(): Avoid shifts of negative values
Fixes #22216
Thanks to Leland Mills for investigation and testing.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22272)
(cherry picked from commit
0f7a3b0caa33a87c900536dc1c02fa553d2193cc)
Tomas Mraz [Tue, 3 Oct 2023 12:43:13 +0000 (14:43 +0200)]
DH_check: Emphasize the importance of return value check
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22262)
(cherry picked from commit
f7b80136a3df4396b19ebb86d4814d8cefe6d6db)
Pauli [Sun, 24 Sep 2023 23:34:07 +0000 (09:34 +1000)]
ossl_property_list_to_string: handle quoted strings
ossl_property_list_to_string() didn't quote strings correctly which
could result in a generated property string being unparsable.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22182)
(cherry picked from commit
fb20e66c6b2651067f50bab8cf098c71e2caed4b)
Tomas Mraz [Wed, 4 Oct 2023 10:30:22 +0000 (12:30 +0200)]
d2i_PKCS8PrivateKey_bio.pod: evp.h include is unnecessary
It is also not allowed by doc nits check to have
multiple includes.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22276)
(cherry picked from commit
831602922f19a8f39d0c0fae425b81e9ab402c69)
Matthias St. Pierre [Mon, 2 Oct 2023 10:10:01 +0000 (12:10 +0200)]
Don't (re-)initialize the FFC_PARAMs in dh_init and dsa_init
The initialization was introduced in commit
dc8de3e6f1ee and
changes the behaviour of the `init` method for DSA and DH
between 1.1.1 and 3.0, while the behaviour for RSA and EC_KEY
remains unchanged.
The initialization is not necessary in 3.x and master imho and
breaks the use-case of intercepting the methods of an existing
key.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
(cherry picked from commit
706512ecbc31585d447b53c3aa89acdf6951f996)
Matthias St. Pierre [Sat, 23 Sep 2023 23:13:20 +0000 (01:13 +0200)]
test: evp_extra: test signing with legacy app method based keys
This commit adds `test_EVP_PKEY_sign_with_app_method`, a regression
test for the bug fix in commit
1acc3e8cc3c6 (pull request #22163).
It is analogous to `test_EVP_PKEY_sign`, only with a fake app method
based key. (The EC key test case was omitted, because there is no
`EC_KEY_METHOD_dup` method.)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
(cherry picked from commit
860e36d0dd72f4aa4791e88aa185cb42065a30c4)
Matthias St. Pierre [Sat, 23 Sep 2023 23:24:59 +0000 (01:24 +0200)]
test: evp_extra: fix indentation error
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22185)
(cherry picked from commit
b49cafd86b295aa5e177d6c1368b06a1202ec2b3)
Sumitra Sharma [Tue, 3 Oct 2023 03:58:44 +0000 (09:28 +0530)]
Correct documentation for PKCS5_PBKDF2_HMAC
In OpenSSL 3.x, the documentation for PKCS5_PBKDF2_HMAC incorrectly states
that an iter value less than 1 is treated as a single iteration. Upon further
investigation in providers/implementations/kdfs/pbkdf2.c, it appears that
invalid iter values will result in failure and raise the
PROV_R_INVALID_ITERATION_COUNT error. This commit corrects the documentation
to accurately reflect the behavior in OpenSSL 3.x.
Closes openssl#22168
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22252)
(cherry picked from commit
82496b8663f20ff12f02adbe46a060a94b0cbfc5)
Richard Levitte [Mon, 2 Oct 2023 07:12:12 +0000 (09:12 +0200)]
Restore the meaning of EVP_PKEY_print_private()
With pre-3.0 OpenSSL, EVP_PKEY_print_private() calls the EVP_PKEY_ASN1_METHOD
function "priv_print", effectively asking the backend to print whatever it
regards as private key components.
In all backends that were built into libcrypto, this function printed what
was included in the private key structure, which usually includes the
public key components as well.
With OpenSSL 3.0, some of the corresponding key2text encoders got a
slightly different behavior, where the presence of the selector
OSSL_KEYMGMT_SELECT_PRIVATE_KEY without the presence of the selector
OSSL_KEYMGMT_SELECT_PUBLIC_KEY would only get what would intuitively be
regarded as private key components printed. This isn't entirely consistent,
though, as the RSA key2text encoder will still print the public key
components regardless.
To compensate for the changed backend behavior, EVP_PKEY_print_private()
was made to ask the encoder to print the keypair rather than just the
private key, thereby moving the backend semantics to the application API.
Unfortunately, this causes confusion for providers where the key2text
encoder really should print the private key only.
This change restores the built-in 1.1.1 backend behavior in the encoders
that OpenSSL provides, and renders EVP_PKEY_print_private() more true to its
documented behavior, leaving it to the backend to decide what it regards as
"private key components".
Fixes #22233
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22237)
(cherry picked from commit
1296c2ec7866a4f2f4d210432c771142e8de33a0)
Dmitry Belyavskiy [Mon, 26 Dec 2022 19:38:44 +0000 (20:38 +0100)]
Improved detection of engine-provided private "classic" keys
Resolves #17092 (?)
Resolves #17286 (?)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19965)
(cherry picked from commit
2b74e75331a27fc89cad9c8ea6a26c70019300b5)
Frederik Wedel-Heinen [Mon, 2 Oct 2023 08:58:48 +0000 (10:58 +0200)]
Remove duplicates of EVP_aes_xxx_wrap() from EVP_aes_128_gcm.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22236)
(cherry picked from commit
5c20c202699ba9c08183c5227df0ad4352e0974b)
Matthias St. Pierre [Tue, 26 Sep 2023 16:25:27 +0000 (18:25 +0200)]
doc/man3: fix misnamed function name
Rename `DSA_generate_prime[_ex]` to `DSA_generate_parameters[_ex]`,
fixing a copy&paste error from the `BN_generate_prime[_ex]` paragraph
in commit
b3696a55a5ed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22242)
(cherry picked from commit
515856f5ceb1ef0065466ac85164766623457000)
Sumitra Sharma [Mon, 2 Oct 2023 15:23:52 +0000 (20:53 +0530)]
Add openssl/pem.h inclusion for d2i_PKCS8PrivateKey
Include the necessary header file openssl/pem.h in the
documentation to ensure that all functions related to
d2i_PKCS8PrivateKey are correctly defined.
Closes openssl#22188
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22253)
(cherry picked from commit
cda2e7c914bffc904e3ee79f360953fd370e19e9)
Tomas Mraz [Mon, 2 Oct 2023 13:43:22 +0000 (15:43 +0200)]
All lh_stats functions were deprecated not just some
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22248)
Pauli [Thu, 28 Sep 2023 01:47:35 +0000 (11:47 +1000)]
Coverity
1545175: use after free
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22211)
(cherry picked from commit
6bd07949e54f9958eb8a0f9a597ceb3910753ab0)
Pauli [Thu, 28 Sep 2023 01:45:01 +0000 (11:45 +1000)]
Coverity
1545174: calling risky function
Remove the call to rand() and replace with an xor-shift RNG.
There are no security implications to worry about here. This RNG is
used during testing only.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22211)
(cherry picked from commit
eaf08794398ac3caaadffcfd670854bf51f610fa)
Pauli [Thu, 28 Sep 2023 01:34:48 +0000 (11:34 +1000)]
Coverity
1545176: dereference before NULL check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22211)
(cherry picked from commit
15410839c668f97b5c03ee1a1bc1a2bf4315715f)
Pauli [Wed, 27 Sep 2023 23:41:23 +0000 (09:41 +1000)]
rand: add extra error code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Matt Caswell [Mon, 25 Sep 2023 15:44:47 +0000 (16:44 +0100)]
Fix a mem leak when the FIPS provider is used in a different thread
We were neglecting to register the main thread to receive thread stop
notifications. This is important if the thread that starts the FIPS
provider is not the same one that is used when OPENSSL_cleanup() is
called.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Pauli [Tue, 5 Sep 2023 02:51:05 +0000 (12:51 +1000)]
fips: use seed source requested
Fixes #21909
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Pauli [Tue, 5 Sep 2023 00:16:49 +0000 (10:16 +1000)]
fips selftest: avoid relying on a real RNG for self tests
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Pauli [Mon, 4 Sep 2023 04:37:09 +0000 (14:37 +1000)]
remove redundant free of NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
dependabot[bot] [Mon, 2 Oct 2023 17:23:41 +0000 (17:23 +0000)]
Bump actions/setup-python from 4.7.0 to 4.7.1
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 4.7.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.7.0...v4.7.1)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22254)
(cherry picked from commit
f7e7bbcd7850b96d02dd0f4dd49b3365b320776c)
Matthias St. Pierre [Fri, 29 Sep 2023 13:31:37 +0000 (15:31 +0200)]
doc: correct the SSL_CTX_set_info_callback(3) manual page
The info callback is not prototyped correctly, and the code
example fails to compile because of const-incorrectness.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22224)
(cherry picked from commit
92986c0be56bc8bf9c414dab59d4f1e128f1e843)
Matthias St. Pierre [Thu, 21 Sep 2023 14:43:43 +0000 (16:43 +0200)]
no-engine: fix signing with legacy app method based keys
Signing with an app method based key (i.e. an `EVP_PKEY` which wraps an
`RSA` key with an application defined `RSA_METHOD`) used to work in 1.1.1.
That feature was broken in commit
60488d2434, but later on fixed by @t8m
in commit
b247113c05 (see #14859).
This commit corrects a minor flaw of the fix, which affects only
`no-engine` builds: the special treatment for foreign keys is guarded
by an `OPENSSL_NO_ENGINE` check.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22163)
(cherry picked from commit
1acc3e8cc3c69187b55cc557c1bc03278ab38063)
Huiyue Xu [Thu, 14 Sep 2023 08:21:35 +0000 (16:21 +0800)]
Do not include sparse_array.o in libssl
sparse_array.o is not needed in libssl at 3.0.x version.
Signed-off-by: Huiyue Xu <xuhuiyue@huawei.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22111)
(cherry picked from commit
a31cd07af1ca34cdbbd2b077a933208d447ed0b2)
Steffen Klee [Tue, 19 Sep 2023 22:04:18 +0000 (00:04 +0200)]
Fix test_cms if DSA is not supported
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22150)
(cherry picked from commit
dee2129802d9694d72e8745aec2d8bd4577ee4ee)
Bernd Edlinger [Wed, 20 Sep 2023 13:45:56 +0000 (15:45 +0200)]
Fix error handling in lhash contract
When the realloc fails in contract, this not a fatal
error, since the memory is only shrinked. It is also no
option to exit the function at this point, since that
would leave the hash table in an inconsistent state.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22154)
(cherry picked from commit
5fbfd641aeebdf4b29a0749e13a79a1e59502878)
Bernd Edlinger [Tue, 19 Sep 2023 18:15:18 +0000 (20:15 +0200)]
Fix error handling in CRYPTO_get_ex_new_index
If an out of memory error happens when the index zero
is reserved in a newly created ip->meth stack object,
that reservation is not done in a second attempt, which makes
various X_set_ex_data overwrite the value of X_set_app_data.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22149)
(cherry picked from commit
d4f22a915ac50570015a23ad794032c4fb9496cb)
Bernd Edlinger [Mon, 11 Sep 2023 04:38:31 +0000 (06:38 +0200)]
Fix some memory leaks in the openssl app
In some error cases the normal cleanup did not
happen, but instead an exit(1) which caused some
memory leaks, as reported in #22049.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22055)
(cherry picked from commit
8c040c086ca11a519975c58961a5dc933aa6524a)
Pauli [Tue, 19 Sep 2023 01:07:21 +0000 (11:07 +1000)]
coverity: NULL dereference
Fixes coverity
1544699.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/22138)
(cherry picked from commit
be01f609f98a8930f2c91b813715e515a88f4d54)
Sumitra Sharma [Mon, 18 Sep 2023 11:08:11 +0000 (16:38 +0530)]
Add documentation for the function SSL_CONF_CTX_finish.
Add documentation for the function SSL_CONF_CTX_finish() in man3.
Fixes #22084
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22128)
(cherry picked from commit
955c133ccccd2b6e3f5a1b1342045111fe8b3e86)
Mathieu Tortuyaux [Mon, 18 Sep 2023 14:02:21 +0000 (16:02 +0200)]
enc: "bad decrypt" only in decryption
CLA: trivial
Signed-off-by: Mathieu Tortuyaux <mathieu.tortuyaux@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22134)
(cherry picked from commit
0e138b7b591f160a50aff22f662254d1b39c9cac)
Richard Levitte [Tue, 19 Sep 2023 13:02:32 +0000 (15:02 +0200)]
Prepare for 3.1.4
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
Richard Levitte [Tue, 19 Sep 2023 13:01:49 +0000 (15:01 +0200)]
Prepare for release of 3.1.3
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
Richard Levitte [Tue, 19 Sep 2023 13:01:36 +0000 (15:01 +0200)]
make update
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
Richard Levitte [Tue, 19 Sep 2023 12:57:48 +0000 (14:57 +0200)]
Copyright year updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
Dr. David von Oheimb [Sat, 3 Jun 2023 15:17:14 +0000 (17:17 +0200)]
CMP app and API doc: add note on critical server auth on receiving trust anchor certs
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21138)
(cherry picked from commit
5e721ecee5a8c9c27e392fb3770d221709bde1a7)
Dr. David von Oheimb [Sat, 3 Jun 2023 15:15:06 +0000 (17:15 +0200)]
CMP doc: various small corrections, mostly on PBM vs. MAC-based protection
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21138)
(cherry picked from commit
4a1073981fcff530d3f810b536514eb45d5d0bae)
Sumitra Sharma [Tue, 12 Sep 2023 06:30:21 +0000 (12:00 +0530)]
Enhance code safety and readability in SSL_get_shared_ciphers()
This commit introduces two key improvements:
1. Improve code safety by replacing the conditional statement with
`if (n >= size)` and using OPENSSL_strnlen() instead of strlen().
This change ensures proper buffer size handling and adheres to
secure coding practices.
2. Enhance code readability by substituting `strcpy(p, c->name)` with
`memcpy(p, c->name, n)`. This adjustment prioritizes code clarity and
maintenance, even while mitigating a minimal buffer overflow risk.
These enhancements bolster the code's robustness and comprehensibility,
aligning with secure coding principles and best practices.
Fixes #19837
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21934)
(cherry picked from commit
2743594d73e65c38375c619e89ec62579e2c24a9)
Olga Batyshkina [Mon, 7 Aug 2023 13:14:53 +0000 (15:14 +0200)]
Fix PKCS#12 creation error when certificate contains auxiliary data
Prefer friendly name passed by the caller and calculated local
key id to ones found in certificate auxiliary data when creating
PKCS#12.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21675)
(cherry picked from commit
388a8e731445d190a46ec27b2ff5b4bf334d526b)
Bernd Edlinger [Fri, 15 Sep 2023 07:56:01 +0000 (09:56 +0200)]
Fix a merge mistake in engne_list_add
master version increments the struct_ref early
and needs to decrement the struct_ref on error,
while 3.1 and 3.0 increment the struct_ref later.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22115)
Bernd Edlinger [Tue, 5 Sep 2023 14:59:45 +0000 (16:59 +0200)]
Fix engine cleanup error handling
Error handling in engine_cleanup_add_first/last was
broken and caused memory leaks.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21971)
(cherry picked from commit
00f2efccf5b9671a7af2b12571068258e9c255a5)
Bernd Edlinger [Mon, 11 Sep 2023 10:26:46 +0000 (12:26 +0200)]
Fix memory leaks in ssl_old_test.c
This fixes a few memory leaks reported in #22049.
If SSL_CTX_set0_tmp_dh_pkey rejects the temp dh key
due to security restrictions (even when @SECLEVEL=0 is used!)
then the caller has to delete the PKEY object.
That is different to how the deprecated
SSL_CTX_set_tmp_dh_pkey was designed to work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22060)
(cherry picked from commit
21f0b80cd4b32ba80843b812b01a6056daf14093)
Tomas Mraz [Tue, 12 Sep 2023 16:54:55 +0000 (18:54 +0200)]
Revert "make inability to dup/clone ciphers an error"
This reverts commit
d739b3e05e749d4310b7310c007a4f3b8d5f8556.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22081)
Tomas Mraz [Tue, 12 Sep 2023 16:54:55 +0000 (18:54 +0200)]
Revert "Add dupctx support to aead ciphers"
This reverts commit
a982016c56f8c631e0906b0a33f4feaf3d20a2ff.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22081)
Tomas Mraz [Tue, 12 Sep 2023 16:54:54 +0000 (18:54 +0200)]
Revert "implement dupctx for aes_WRAP methods"
This reverts commit
819ae76bb76540a4321e548851e23099ddf71e8e.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22081)
Tomas Mraz [Tue, 12 Sep 2023 16:54:53 +0000 (18:54 +0200)]
Revert "implement dupctx for chacha20_poly1305"
This reverts commit
603b4c332f817cfc14a0d8b30d1e5a198f575644.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22081)
Tomas Mraz [Tue, 12 Sep 2023 16:54:48 +0000 (18:54 +0200)]
Revert "Add dupctx support to rc4_hmac_md5 algo"
This reverts commit
d9f84aef6033804e4c7ebf28ee88fcd2c63161d6.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22081)
Tomas Mraz [Mon, 11 Sep 2023 15:23:46 +0000 (17:23 +0200)]
d2i_ECPKParameters and i2d_ECPKParameters are not deprecated
So do not document them as such.
Fixes #22068
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22069)
(cherry picked from commit
2508629765403375b3075300a0951705ec26fe27)
Dimitri Papadopoulos [Mon, 11 Sep 2023 11:35:27 +0000 (13:35 +0200)]
Fix typos found by codespell in openssl-3.1
Only modify doc/man* in the openssl-3.1 branch.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22065)
Bernd Edlinger [Mon, 11 Sep 2023 10:34:02 +0000 (12:34 +0200)]
Fix a memleak in prepare_rsa_params
This affects only RSA-PSS keys with params using
negative salt legth, or in case of out of memory.
This fixes a memory leak reported in #22049.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22061)
(cherry picked from commit
46def829afa4d8bed8f53d484bdf842d65f0e176)
Neil Horman [Fri, 1 Sep 2023 17:47:15 +0000 (13:47 -0400)]
Add dupctx support to rc4_hmac_md5 algo
Pretty straightforward, just clone the requested context, no pointers to
fixup
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit
123c85864fa7fe97d8ae3a09989d410501d957a5)
Neil Horman [Fri, 1 Sep 2023 17:22:03 +0000 (13:22 -0400)]
implement dupctx for chacha20_poly1305
Same as chacha20 in the last commit, just clone the ctx and its
underlying tlsmac array if its allocated
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit
df93b3c9e72571876bd01e5a50a5ba8368c6c77f)
Neil Horman [Fri, 1 Sep 2023 15:28:33 +0000 (11:28 -0400)]
implement dupctx for aes_WRAP methods
create a dupctx method for aes_WRAP implementations of all sizes
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit
2c021e7d11f03ede2330398c4fd8e8c7bd8768ee)
Neil Horman [Fri, 1 Sep 2023 13:10:35 +0000 (09:10 -0400)]
Add dupctx support to aead ciphers
Add dupctx method support to to ciphers implemented with IMPLEMENT_aead_cipher
This includes:
aes-<kbits>-gcm
aria-<kbits>-ccm
aria-<kbits>-gcm
sm4-<kibs>-gcm
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit
0239fb3db77e9de2031c5054854cba8e417c1b72)
Neil Horman [Tue, 29 Aug 2023 19:42:48 +0000 (15:42 -0400)]
make inability to dup/clone ciphers an error
There should be no reason that a cipher can't be duplicated
Fixes #21887
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21933)
(cherry picked from commit
39d857bb610d25b3de4e414264246ec41753c446)
Vladimir Kotal [Tue, 5 Sep 2023 09:13:47 +0000 (11:13 +0200)]
augment man pages with information about PKCS12KDF in FIPS mode
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21965)
(cherry picked from commit
4ee8c1fb51687ea811fc2abf87e173c70d018bc2)
Tomas Mraz [Fri, 8 Sep 2023 13:28:45 +0000 (15:28 +0200)]
Add CVE-2023-4807 fix to CHANGES.md and NEWS.md
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22033)
(cherry picked from commit
0be7510f49e498532708fd03628fc3fc62ee7875)
Bernd Edlinger [Thu, 7 Sep 2023 17:22:25 +0000 (19:22 +0200)]
Fix a possible memleak in rsa_pub_encode
That seems to be only an issue for RSA-PSS with parameters.
Spotted by code review, so it looks like there is no test coverage for this.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22032)
(cherry picked from commit
285eb1688f05ad477fefc681bf05d0afedc46d40)
Dmitry Misharov [Thu, 7 Sep 2023 11:52:46 +0000 (13:52 +0200)]
remove unused Appveyour config
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22000)
(cherry picked from commit
8ac32e1e1b1a786366333acf897d332339610e6b)
Bernd Edlinger [Fri, 8 Sep 2023 08:33:24 +0000 (10:33 +0200)]
Fix output corruption in req command
when used in conjunction with -out and -modulus options.
Fixes #21403
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22026)
(cherry picked from commit
d2873946dfaff5537ea3d1adf3890e33a3f276ff)
Bernd Edlinger [Wed, 6 Sep 2023 12:06:52 +0000 (14:06 +0200)]
Fix a possible memleak in SRP_VBASE_new
In the error handling case the memory in
vb->users_pwd was accidentally not released.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21981)
(cherry picked from commit
68e95f7840d0d8ac4e5e03381cf9d305578dd1c7)
Richard Levitte [Wed, 6 Sep 2023 05:13:26 +0000 (07:13 +0200)]
OSSL_STORE: Fix error flag clearing and setting (provider path only)
When the provider's load function returned with an error, the libcrypto
error flag was only set if EOF hadn't been reached. This is troublesome,
as an error can very well occur during the last load before EOF is reached!
Also, the error flag was never reset, even though documentation specifies
that it should indicate an error in the last load (i.e. not the one before
that).
Fixes #21968
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21976)
(cherry picked from commit
17dd9a2c6262c00800301fddd9441a9c590a630e)
Pauli [Thu, 7 Sep 2023 02:35:10 +0000 (12:35 +1000)]
Add test case for #21986
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21988)
(cherry picked from commit
c870a465864259f0bdec0953ad085da31941bc27)
Pauli [Wed, 6 Sep 2023 23:27:37 +0000 (09:27 +1000)]
Check error return from cms_sd_asn1_ctrl() correctly.
Fixes #21986
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21988)
(cherry picked from commit
00a413e2483257a17239cef5dde52df14926284c)
wangcheng [Wed, 6 Sep 2023 13:29:38 +0000 (21:29 +0800)]
Modify the dkeyform type to support engine
The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function.
This the valtype value of dkeyform should be changed to "f".
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21982)
(cherry picked from commit
b9a189ce87fde1de4bf691031624538262f005c5)