x2018 [Mon, 1 Nov 2021 12:36:54 +0000 (20:36 +0800)]
check the return value of BN_new() and BN_dup()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16948)
(cherry picked from commit
d99004fe5de934120765d342586f08d22131b8ed)
Pauli [Tue, 26 Oct 2021 22:30:51 +0000 (08:30 +1000)]
speed: range check the argument given to -multi for 1.1.1
Fixes #16899 for 1.1.1 branch.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16922)
Matt Caswell [Fri, 22 Oct 2021 09:17:14 +0000 (10:17 +0100)]
Fix a gcc 11.2.0 warning
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning
when compiling test/packettest.c, which causes --strict-warnings builds
to fail. A simple fix avoids the warning.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16887)
(cherry picked from commit
37467b2752f75ce80437120f704452982b7c1998)
Matt Caswell [Fri, 22 Oct 2021 15:09:44 +0000 (16:09 +0100)]
Fix no-cmac
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16894)
(cherry picked from commit
ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604)
Matt Caswell [Thu, 14 Oct 2021 16:31:36 +0000 (17:31 +0100)]
Fix the s_server psk_server_cb for use in DTLS
Commit
0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes #16707
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
(cherry picked from commit
8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)
Peiwei Hu [Sat, 9 Oct 2021 01:25:27 +0000 (09:25 +0800)]
Fix BIO_get_md_ctx return value check
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16792)
PW Hu [Sat, 9 Oct 2021 07:21:00 +0000 (15:21 +0800)]
Fix some documentation errors related to return values
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16794)
(cherry picked from commit
f1d077f1108b1bc2334350a4d53a46e29e082910)
Matt Caswell [Fri, 15 Oct 2021 15:30:45 +0000 (16:30 +0100)]
Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
commit related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
Matt Caswell [Fri, 15 Oct 2021 15:23:31 +0000 (16:23 +0100)]
Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
Peiwei Hu [Tue, 12 Oct 2021 02:50:12 +0000 (10:50 +0800)]
test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16806)
(cherry picked from commit
34563be5368fb8e6ade7d06d8376522ba83cd6ac)
Richard Levitte [Thu, 14 Oct 2021 16:49:11 +0000 (18:49 +0200)]
Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping the version info makes the
test work again.
Fixes #16810 (followup)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
(cherry picked from commit
73970cb91fdf8e7b4b434d479b875a47a0aa0dbc)
Richard Levitte [Wed, 13 Oct 2021 07:09:05 +0000 (09:09 +0200)]
Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries
It's a small change to the 'nm' call, to have it look at dynamic symbols
rather than the normal ones.
Fixes #16810
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16822)
(cherry picked from commit
a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c)
Matt Caswell [Mon, 20 Sep 2021 13:36:42 +0000 (14:36 +0100)]
Extend custom extension testing
Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit
0db3a9904fa00569905be130854a31dab7b8f49d)
Matt Caswell [Mon, 20 Sep 2021 13:15:18 +0000 (14:15 +0100)]
New extensions can be sent in a certificate request
Normally we expect a client to send new extensions in the ClientHello,
which may be echoed back by the server in subsequent messages. However the
server can also send a new extension in the certificate request message to
be echoed back in a certificate message
Fixes #16632
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit
cbb862fbaaa1ec5a3e33836bc92a6dbea97ceba0)
Dmitry Belyavskiy [Thu, 7 Oct 2021 17:14:50 +0000 (19:14 +0200)]
Bindhost/bindport should be freed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16775)
(cherry picked from commit
0ce0c455862ed29bd7f2acdbddbe8d0b1783c1c9)
Bernd Edlinger [Tue, 5 Oct 2021 19:38:55 +0000 (21:38 +0200)]
Fix double-free in e_dasync.c
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16751)
Bernd Edlinger [Wed, 6 Oct 2021 07:23:17 +0000 (09:23 +0200)]
Fix some possible memory leaks in EVP_CipherInit_ex
An EVP_CONTEXT with zero cipher but non-zero engine,
and/or cipher_data is possible if an error happens
in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling
will just clear the cipher in that case.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16756)
Bernd Edlinger [Mon, 4 Oct 2021 17:45:19 +0000 (19:45 +0200)]
Fix a memory leak in the afalg engine
Fixes: #16743
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16744)
(cherry picked from commit
6f6a5e0c7c41b6b3639e51f435cd98bb3ae061bc)
Bernd Edlinger [Thu, 30 Sep 2021 15:18:44 +0000 (17:18 +0200)]
Fix a NPD bug in engines/e_dasync.c
The dasync_aes_128_cbc_hmac_sha1 cipher depends on
EVP_aes_128_cbc_hmac_sha1() returning a NON-NULL value.
We should simply not advertise this cipher otherwise.
Fixes: #7950
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16722)
Dr. Matthias St. Pierre [Tue, 28 Sep 2021 14:12:32 +0000 (16:12 +0200)]
doc/man3/SSL_set_fd.pod: add note about Windows compiler warning
According to an old stackoverflow thread [1], citing an even older comment by
Andy Polyakov (
1875e6db29, Pull up Win64 support from 0.9.8., 2005-07-05),
a cast of 'SOCKET' (UINT_PTR) to 'int' does not create a problem, because although
the documentation [2] claims that the upper limit is INVALID_SOCKET-1 (2^64 - 2),
in practice the socket() implementation on Windows returns an index into the kernel
handle table, the size of which is limited to 2^24 [3].
Add this note to the manual page to avoid unnecessary roundtrips to StackOverflow.
[1] https://stackoverflow.com/questions/
1953639/is-it-safe-to-cast-socket-to-int-under-win64
[2] https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2
[3] https://docs.microsoft.com/en-us/windows/win32/sysinfo/kernel-objects
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16699)
(cherry picked from commit
f8dd5869bca047a23599ac925aace70efcf487ad)
Mingjun.Yang [Mon, 6 Sep 2021 07:30:19 +0000 (15:30 +0800)]
Add sm2 encryption test case from GM/T 0003.5-2012
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16511)
(cherry picked from commit
8ba65c35ea3af347c3b2adc8e665066b541a1c35)
Tianjia Zhang [Sun, 26 Sep 2021 23:44:29 +0000 (09:44 +1000)]
ssl: Correct filename in README
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16671)
Matt Caswell [Sat, 11 Sep 2021 08:58:52 +0000 (09:58 +0100)]
Correct the documentation for SSL_set_num_tickets()
The behaviour for what happens in a resumption connection was not quite
described correctly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit
4603b782e6dbed493d2f38db111abc05df66fb99)
Matt Caswell [Sat, 11 Sep 2021 09:02:21 +0000 (10:02 +0100)]
Clarify what SSL_get_session() does on the server side in TLSv1.3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit
9e51f877930dbd4216438a5da3c9612bf4d0a918)
Lenny Primak [Sat, 11 Sep 2021 23:53:45 +0000 (18:53 -0500)]
MacOS prior to 10.12 does not support random API correctly
Fixes #16517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16587)
Nikita Ivanov [Tue, 7 Sep 2021 08:31:17 +0000 (11:31 +0300)]
Fix nc_email to check ASN1 strings with NULL byte in the middle
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16524)
(cherry picked from commit
485d0790ac1a29a0d4e7391d804810d485890376)
Richard Levitte [Wed, 8 Sep 2021 08:49:27 +0000 (10:49 +0200)]
VMS: Fix misspelt type
'__int64', not 'int64_t'
Ref: commit
2e5cdbc18a1a26bfc817070a52689886fa0669c2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16557)
Richard Levitte [Tue, 7 Sep 2021 09:48:07 +0000 (11:48 +0200)]
DOCS: Update the page for 'openssl passwd' to not duplicate some info
The options -1 and -apr1 were mentioned in DESCRIPTION, not mentioning
any other options or even mentioning that there are more algorithms.
The simple fix is to remove that sentence and let the OPTIONS section
speak for itself.
Fixes #16529
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16531)
(cherry picked from commit
116799ff6a8fc803ec4685fc432c7329d0511e23)
Richard Levitte [Mon, 6 Sep 2021 11:40:43 +0000 (13:40 +0200)]
VMS: Compensate for compiler type incompatibility
The compiler says that 'unsigned long long' isn't the same as
'unsigned __int64'. Sure, and considering that crypto/rand/rand_vms.c
is specific VMS only code, it's easy to just change the type to the
exact same as what's specified in the system headers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15613)
Richard Levitte [Mon, 6 Sep 2021 09:26:56 +0000 (11:26 +0200)]
test/ec_internal_test: link with libapps.a too
Whenever the source from $target{apps_init_src} is added to the source
of a test program, it needs to be linked with libapps.a as well. Some
init sources depend on that.
Without this, builds break on VMS because of the unresolved symbol
'app_malloc'.
On platforms that do not need anything from libapps.a, adding it is a
no-op.
This is for OpenSSL 1.1.1 only. OpenSSL 3.0 and beyond have a
different solution.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16512)
Viktor Dukhovni [Mon, 30 Aug 2021 19:09:43 +0000 (15:09 -0400)]
Test for DANE cross cert fix
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
Viktor Dukhovni [Mon, 30 Aug 2021 18:17:16 +0000 (14:17 -0400)]
Prioritise DANE TLSA issuer certs over peer certs
When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.
This is important when the server sends a cross cert, but TLSA records include
the underlying root CA cert. We want to construct a chain with the issuer from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
Pauli [Tue, 31 Aug 2021 23:52:03 +0000 (09:52 +1000)]
doc: document the rsa_oaep_md: pkeyopt
This was missing but essential for using non-SHA1 digests with OAEP.
Fixes #15998
Manual backport of #16410
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16488)
Mattias Ellert [Tue, 31 Aug 2021 06:26:06 +0000 (08:26 +0200)]
Openssl fails to compile on Debian with kfreebsd kernels
(kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler
is:
../crypto/uid.c: In function 'OPENSSL_issetugid':
../crypto/uid.c:50:22: error: 'AT_SECURE' undeclared (first use in this function)
50 | return getauxval(AT_SECURE) != 0;
| ^~~~~~~~~
This commit changes the code to use the freebsd code in this case.
This fixes the compilation.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16477)
(cherry picked from commit
3a1fa0116a92235ba200228e4bb60d6a3a7f4113)
Tomas Mraz [Fri, 27 Aug 2021 09:41:04 +0000 (11:41 +0200)]
ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
Tomas Mraz [Fri, 27 Aug 2021 09:37:10 +0000 (11:37 +0200)]
Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
Fixes #16428
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
Bernd Edlinger [Fri, 20 Aug 2021 18:42:55 +0000 (20:42 +0200)]
Use applink to fix windows tests
(cherry picked from commit <https://github.com/bernd-edlinger/openssl/commit/
96a463cede0070aa5c86629d683a214657a9ba9e>)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12457)
Nicola Tuveri [Thu, 16 Jul 2020 00:23:26 +0000 (03:23 +0300)]
[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
This is a follow-up to https://github.com/openssl/openssl/pull/12312
(cherry picked from commit
7aa3dfc42104588f65301d20324388ac2c9a6b11)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
Nicola Tuveri [Wed, 15 Jul 2020 23:02:16 +0000 (02:02 +0300)]
Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
This commit fixes the public headers to reflect these changes.
Fixes #12443
(cherry picked from commit
cca8a4cedaafe63b0b5729b72133661ece24ff08)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
Nicola Tuveri [Wed, 15 Jul 2020 22:57:09 +0000 (01:57 +0300)]
Add tests for i2d_TYPE_fp and d2i_TYPE_fp
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
@@ Note: This commit limits to ECPKParameters as a type.
(cherry picked from commit
ea1128e94e36fa9fa25278dc6b3f5b42d8735782)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
Bernd Edlinger [Fri, 27 Aug 2021 19:34:37 +0000 (21:34 +0200)]
Fix no-tls1_3 tests
This recently added test needs DH2048 to work without tls1_3.
Fixes: #16335
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16453)
Daniel Krügler [Fri, 27 Aug 2021 16:32:20 +0000 (18:32 +0200)]
Ensure that _GNU_SOURCE is defined for bss_dgram.c
This fixes the following error with gcc10 under strict ANSI conditions:
.../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32'
CLA: trivial
Fixes #16449
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16451)
(cherry picked from commit
e8e1f6d1a9e599d575431f559200018b8f822e0f)
Bernd Edlinger [Fri, 27 Aug 2021 11:11:39 +0000 (13:11 +0200)]
Fix the "Out of memory" EVP KDF scrypt test
This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16446)
Bernd Edlinger [Thu, 26 Aug 2021 18:10:16 +0000 (20:10 +0200)]
Fix enable-asan with C++ buildtest
the following config:
./config no-shared enable-asan enable-buildtest-c++ enable-external-tests
fails to build with unresolved asan symbols when linking
test/ossl_shim/ossl_shim
Fixed by passing all sanitizer-flags to cxxflags.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16434)
Bernd Edlinger [Wed, 25 Aug 2021 12:30:12 +0000 (14:30 +0200)]
Fix instances of pointer addition with the NULL pointer
ubsan found undefined pointer addtions in
crypto/bio/bss_mem.c (mem_ctrl),
crypto/pem/pem_lib.c (PEM_read_bio_ex),
test/testutil/format_output.c (test_fail_string_common,
test_fail_memory_common).
Mostly a straight back-port-of:
a07dc81
Additionally enable the ubsan run-checker, to prevent regressions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16423)
zhaozg [Tue, 24 Aug 2021 14:43:18 +0000 (22:43 +0800)]
cms: fix memleaks in cms_env.c
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16403)
David Carlier [Tue, 24 Aug 2021 21:40:14 +0000 (22:40 +0100)]
Darwin platform allows to build on releases before Yosemite/ios 8.
issue #16407 #16408
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16409)
zhaozg [Wed, 18 Aug 2021 07:40:22 +0000 (15:40 +0800)]
ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16347)
(cherry picked from commit
62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33)
Bernd Edlinger [Mon, 23 Aug 2021 09:13:26 +0000 (11:13 +0200)]
Check for null-pointer dereference in dh_cms_set_peerkey
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16382)
Tianjia Zhang [Mon, 23 Aug 2021 09:40:22 +0000 (17:40 +0800)]
apps/ciphers: Fix wrong return value when using -convert parameter
Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16383)
(cherry picked from commit
8b4e9c5265ffd3457ad37133502a9d8a4e8daccd)
Bernd Edlinger [Sun, 22 Aug 2021 19:28:51 +0000 (21:28 +0200)]
Fix some strict gcc-12 warnings
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16375)
Bernd Edlinger [Mon, 23 Aug 2021 09:11:29 +0000 (11:11 +0200)]
Avoid using undefined value in generate_stateless_cookie_callback
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16381)
Bernd Edlinger [Mon, 23 Aug 2021 12:03:20 +0000 (14:03 +0200)]
Fix the array size of dtlsseq in tls1_enc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16385)
(cherry picked from commit
562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4)
Matt Caswell [Tue, 24 Aug 2021 13:39:03 +0000 (14:39 +0100)]
Prepare for 1.1.1m-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 24 Aug 2021 13:38:47 +0000 (14:38 +0100)]
Prepare for 1.1.1l release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 24 Aug 2021 13:32:25 +0000 (14:32 +0100)]
Run make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 24 Aug 2021 13:14:34 +0000 (14:14 +0100)]
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 24 Aug 2021 12:41:40 +0000 (13:41 +0100)]
Updates to CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Fri, 13 Aug 2021 15:58:21 +0000 (16:58 +0100)]
Check the plaintext buffer is large enough when decrypting SM2
Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 13 Aug 2021 13:49:47 +0000 (14:49 +0100)]
Extend tests for SM2 decryption
Check the case where C1y < 32 bytes in length (i.e. short overhead), and
also the case with longer plaintext and C1x and C1y > 32 bytes in length
(i.e. long overhead)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 13 Aug 2021 13:14:51 +0000 (14:14 +0100)]
Correctly calculate the length of SM2 plaintext given the ciphertext
Previously the length of the SM2 plaintext could be incorrectly calculated.
The plaintext length was calculated by taking the ciphertext length and
taking off an "overhead" value.
The overhead value was assumed to have a "fixed" element of 10 bytes.
This is incorrect since in some circumstances it can be more than 10 bytes.
Additionally the overhead included the length of two integers C1x and C1y,
which were assumed to be the same length as the field size (32 bytes for
the SM2 curve). However in some cases these integers can have an additional
padding byte when the msb is set, to disambiguate them from negative
integers. Additionally the integers can also be less than 32 bytes in
length in some cases.
If the calculated overhead is incorrect and larger than the actual value
this can result in the calculated plaintext length being too small.
Applications are likely to allocate buffer sizes based on this and therefore
a buffer overrun can occur.
CVE-2021-3711
Issue reported by John Ouyang.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Matt Caswell [Fri, 20 Aug 2021 14:23:32 +0000 (15:23 +0100)]
Fix the error handling in i2v_AUTHORITY_KEYID
Previously if an error path is entered a leak could result.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Thu, 19 Aug 2021 14:25:04 +0000 (15:25 +0100)]
Allow fuzz builds to detect string overruns
If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Thu, 19 Aug 2021 11:24:17 +0000 (12:24 +0100)]
Fix EC_GROUP_new_from_ecparameters to check the base length
Check that there's at least one byte in params->base before trying to
read it.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Thu, 19 Aug 2021 11:23:38 +0000 (12:23 +0100)]
Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 16:58:23 +0000 (17:58 +0100)]
Fix append_ia5 function to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 16:37:41 +0000 (17:37 +0100)]
Fix test code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 16:08:58 +0000 (17:08 +0100)]
Fix the name constraints code to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 13:02:40 +0000 (14:02 +0100)]
Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 11:31:38 +0000 (12:31 +0100)]
Fix POLICYINFO printing to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Matt Caswell [Wed, 18 Aug 2021 11:24:22 +0000 (12:24 +0100)]
Fix i2v_GENERAL_NAME to not assume NUL terminated strings
ASN.1 strings may not be NUL terminated. Don't assume they are.
CVE-2021-3712
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Pauli [Mon, 31 May 2021 05:33:22 +0000 (15:33 +1000)]
sparc: fix cross compile build
(cherry picked from commit
64fac96de81d3dc19cc0c9045c341f0dec818075)
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16336)
Nicola Tuveri [Wed, 18 Aug 2021 22:16:10 +0000 (01:16 +0300)]
Revert "[github-ci][cross-compiles.yml] Disable sparcv9"
This reverts commit
aa23aa759cf33b4f481fc719d42cb7bae8b2eaf0.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16336)
Pauli [Tue, 17 Aug 2021 13:34:52 +0000 (23:34 +1000)]
[github-ci] Add comment about our approach to GitHub Actions CI
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:54:08 +0000 (09:54 +0300)]
[github-ci][run-checker-merge.yml] Disable ubsan build
This commit temporarily disables the ubsan build,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 10:49:03 +0000 (13:49 +0300)]
[github-ci][ci.yml] Disable memory sanitizer build
In 1.1.1 currently we do not support running multiple tests in parallel,
and the `--debug -O1` msan build required more than 3h to run the tests.
This commit temporarily disables this build configuration.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 07:15:16 +0000 (10:15 +0300)]
[github-ci][run-checker-ci.yml] Disable no-tls1_3 tests
This commit temporarily disables tests for no-tls1_3,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:54:08 +0000 (09:54 +0300)]
[github-ci][ci.yml] Disable pyca external tests
This commit temporarily disables pyca external tests,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:53:08 +0000 (09:53 +0300)]
[github-ci][ci.yml] Disable krb5 external tests
This commit temporarily disables krb5 external tests,
due to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Sat, 7 Aug 2021 06:46:19 +0000 (09:46 +0300)]
[github-ci][cross-compiles.yml] Disable sparcv9
This commit temporarily disables cross-compiling tests for sparcv9, due
to failures to be investigated in a dedicated PR.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:37:02 +0000 (18:37 +0300)]
[github-ci] Import run-checker daily workflow from master
The daily run-checker is scheduled to start at 6:42, instead of the
start of the hour.
The official GitHub documentation remarks the following regarding
scheduled workflows:
> Note: The schedule event can be delayed during periods of high loads
> of GitHub Actions workflow runs. High load times include the start of
> every hour. To decrease the chance of delay, schedule your workflow to
> run at a different time of the hour.
42, obviously, has been picked because it is the answer to the ultimate
question of life, the universe, and everything.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:37:02 +0000 (18:37 +0300)]
[github-ci] Import run-checker workflows from master
This commit does not include the daily run-checker workflow.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 15:26:11 +0000 (18:26 +0300)]
[github-ci] Import cross-compiles.yml workflow from master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 14:55:31 +0000 (17:55 +0300)]
[github-ci] Import windows.yml workflow from master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Nicola Tuveri [Fri, 6 Aug 2021 14:49:32 +0000 (17:49 +0300)]
[github-ci] Sync ci.yml workflow with master
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16252)
Pauli [Tue, 17 Aug 2021 03:19:32 +0000 (13:19 +1000)]
pkcs12: check for zero length digest to avoid division by zero
Fixes #16331
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16333)
Ingo Franzki [Wed, 11 Aug 2021 10:53:09 +0000 (12:53 +0200)]
Test EVP Cipher updating the context's IV
Ensure that an EVP_CipherUpdate operation updates the context's
IV for AES CBC, CFB, OFB, and CTR. An application can get the
updated IV via EVP_CIPHER_CTX_iv().
The s390x implementation of the CFB and OFB ciphers did not
update the IV in the context, but only within its s390x specific
context data.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16292)
Ingo Franzki [Wed, 11 Aug 2021 07:39:46 +0000 (09:39 +0200)]
s390x: AES OFB/CFB: Maintain running IV from cipher context
Copy the current IV from the cipher context into the kmo/kmf param before
the operation, and copy the modified IV back to the context afterwards.
Without this, an application that obtains the running IV from the context
would still get the original IV, but not the updated one.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16292)
Todd Short [Fri, 13 Aug 2021 13:59:59 +0000 (09:59 -0400)]
Fix potential double-free
The `sk` variable is assigned to `s->session->peer_chain`.
If `ssl3_digest_cached_records()` were to fail, then `sk` would still be
non-NULL, and subsequently freed on the error return. When the session
is freed, it will then attempt to free `s->session->peer_chain`,
resulting in a double-free (of `sk`).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16309)
(cherry picked from commit
0449702abc95a3af24c049cb02c01ca6a8015cef)
Tomas Mraz [Fri, 13 Aug 2021 11:01:38 +0000 (13:01 +0200)]
Revert "TEST: Check that i2d refuses to encode non-optional items with no content"
This reverts commit
12e9b74c513a8ed3c1c260cf25221a465ae14b84.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:37 +0000 (13:01 +0200)]
Revert "ASN.1: Refuse to encode to DER if non-optional items are missing"
This reverts commit
006906cddda37e24a66443199444ef4476697477.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:35 +0000 (13:01 +0200)]
Revert "Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN"
This reverts commit
5434acb6c4d56507d761b28f7e142ccab808a8fa.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:34 +0000 (13:01 +0200)]
Revert "Fix test/asn1_encode_test.c to handle encoding/decoding failure"
This reverts commit
f1d97905bbd8679b7647c992b97f526791069040.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Tomas Mraz [Fri, 13 Aug 2021 11:01:29 +0000 (13:01 +0200)]
Revert "make update (adds a new function code)"
This reverts commit
ea26844c4f624ef515d9228d3b623761a369b049.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16308)
Billy Brumley [Wed, 4 Aug 2021 07:45:52 +0000 (10:45 +0300)]
[doc/man3] documentation: BN_cmp manpage updates
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16214)
(cherry picked from commit
3d4ca443b4778e3230ff23f17625f58f815a9142)
Tomas Mraz [Wed, 21 Jul 2021 16:45:01 +0000 (18:45 +0200)]
DSA/RSA_print(): Fix potential memory leak
Fixes #10777
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16130)
(cherry picked from commit
40184c96103a388209939c1c19920971c05bb78c)
Ingo Schwarze [Sun, 18 Jul 2021 15:48:06 +0000 (17:48 +0200)]
Fix a read buffer overrun in X509_aux_print().
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.
I found this bug while writing manual pages for X509_print_ex(3)
and related functions. Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see
http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9
As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others. But let's stay focussed. Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)
(cherry picked from commit
c5dc9ab965f2a69bca964c709e648158f3e4cd67)
Matt Caswell [Thu, 15 Jul 2021 13:08:56 +0000 (14:08 +0100)]
Fix some minor record layer issues
Various comments referred to s->packet and s->packet_length instead of
s->rlayer.packet and s->rlayer.packet_length. Also fixed is a spot where
RECORD_LAYER_write_pending() should have been used. Based on the review
comments in #16077.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(cherry picked from commit
ca001524971ccd595bc0e9843611e6784adfc981)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16105)
Matt Caswell [Tue, 13 Jul 2021 16:44:44 +0000 (17:44 +0100)]
Disallow SSL_key_update() if there are writes pending
If an application is halfway through writing application data it should
not be allowed to attempt an SSL_key_update() operation. Instead the
SSL_write() operation should be completed.
Fixes #12485
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16098)
Matt Caswell [Tue, 13 Jul 2021 16:19:12 +0000 (17:19 +0100)]
Don't reset the packet pointer in ssl3_setup_read_buffer
Sometimes this function gets called when the buffers have already been
set up. If there is already a partial packet in the read buffer then the
packet pointer will be set to an incorrect value. The packet pointer already
gets reset to the correct value when we first read a packet anyway, so we
don't also need to do it in ssl3_setup_read_buffer.
Fixes #13729
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16098)