Matt Caswell [Fri, 5 Nov 2021 13:42:40 +0000 (13:42 +0000)]
Don't attempt to deactive child providers if we don't need to
If a provider doesn't have any child providers then there is no need
to attempt to remove them - so we should not do so. This removes some
potentialy thread races.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)
Matt Caswell [Fri, 5 Nov 2021 13:29:41 +0000 (13:29 +0000)]
Don't write to the globals ossl_property_true and ossl_property_false
These global variables were previously overwritten with the same value
every time we created a new OSSL_LIB_CTX. Instead we preinitialise them
with the correct values, and then confirm that settings for each
OSSL_LIB_CTX agree with the preinitialised values.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17018)
Tomas Mraz [Fri, 12 Nov 2021 15:31:35 +0000 (16:31 +0100)]
Add null digest implementation to the default provider
This is necessary to keep compatibility with 1.1.1.
Fixes #16660
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17016)
(cherry picked from commit
bef9b48e5071cdd2b41a4f486d1bcb5e14b2a5c3)
Tomas Mraz [Fri, 5 Nov 2021 13:14:45 +0000 (14:14 +0100)]
doc: Document outcome of multiple digestsign/digestverify calls
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit
3641f04fb06e9679a67da113bab65e5f1bb5e9ba)
Tomas Mraz [Fri, 5 Nov 2021 13:04:25 +0000 (14:04 +0100)]
evp_extra_test: Add SIPHASH MAC digestsign test with reinitialization
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit
8cbfc4f67b4e97d423ab4784dbbb54d454c6342a)
Tomas Mraz [Thu, 4 Nov 2021 14:38:51 +0000 (15:38 +0100)]
providers: Allow possible reinitialization in all signature algorithms
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit
3ffd23e9529d725903bc97fd45489a77b831876f)
Tomas Mraz [Thu, 4 Nov 2021 14:35:40 +0000 (15:35 +0100)]
test: Add testing of reinitialization via EVP_DigestSignInit()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit
816f72d08834ee35ba2615f624b4a29f2717d1c7)
Tomas Mraz [Thu, 4 Nov 2021 10:06:26 +0000 (11:06 +0100)]
do_sigver_init: Allow reinitialization of an existing operation.
Fixes #16936
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
(cherry picked from commit
ae6b68b761b9c5f30897747487ea943ccfab53ba)
PW Hu [Fri, 5 Nov 2021 09:33:32 +0000 (17:33 +0800)]
Fix return value checking of BN_check_prime invocations
Negative return value indicates an error so we bail out.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16975)
(cherry picked from commit
680827a15f12c3b37a6335fcb992555cf300730e)
Pauli [Wed, 10 Nov 2021 20:49:49 +0000 (06:49 +1000)]
Add return value NULL checks that were missing
Issues located by Brian Carpenter of Geeknik's Farm.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17007)
(cherry picked from commit
ed5b26ce0b34ec00bdd53d15854a22bccbb4d415)
Xiaofei Bai [Wed, 3 Nov 2021 03:28:23 +0000 (03:28 +0000)]
Fix sigsize usage in apps/speed.c
In a recent upstream change
(
43da9a14f0e73f42f28ae34219929b44df5d1a11)
the parameter sigsize become a read/write input in
EVP_PKEY_sign(), and after signing, sigsize will be overwritten with
the actual size and used in the verify step. As the speed program
calls EVP_PKEY_sign() on the same context repeatedly, sigsize value is
no longer the initial available size, and may fail in later buffer
size checks.
This fix adds a new buflen member in struct loopargs (which is only
used within apps/speed.c), to save available buffer size and
to be used as sigsize input in EVP_PKEY_sign() calls.
Sigsize still contains the signature size for the verify step.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16991)
(cherry picked from commit
e7414634a59aa61c7917193a31382ced95d40eeb)
PW Hu [Fri, 5 Nov 2021 09:56:50 +0000 (17:56 +0800)]
Fix: invoking X509_self_signed improperly
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16976)
(cherry picked from commit
64c428c35053a101a452c42d5d0a9a8342493606)
Richard Levitte [Sun, 7 Nov 2021 05:18:16 +0000 (06:18 +0100)]
Fix DER encoder implementations for output structures "EC" and "SM2"
These DER encoder implementations are supposed to be aliases for the
"type-specific" output structure, but were made different in so far
that they would output a "type specific" public key, which turns out
to be garbage (it called i2o_ECPublicKey()). The "type-specific"
output structure doesn't support that, and shouldn't.
Fixes #16977
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16983)
PW Hu [Fri, 5 Nov 2021 09:16:03 +0000 (17:16 +0800)]
Fix: invoking x509_name_cannon improperly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16974)
(cherry picked from commit
09235289c377ff998964bb6b074bb2a3ad768fd2)
Dr. David von Oheimb [Fri, 27 Aug 2021 09:34:23 +0000 (11:34 +0200)]
APPS/x509: Fix generation of AKID via v2i_AUTHORITY_KEYID()
Fixes #16300
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16442)
(cherry picked from commit
9bf1061c44c81059102cd4749f6078b6ce71da9d)
Tianjia Zhang [Thu, 4 Nov 2021 07:42:46 +0000 (15:42 +0800)]
KTLS: use EVP_CIPHER_is_a instead of nid
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/16963)
Matt Caswell [Fri, 5 Nov 2021 08:43:10 +0000 (08:43 +0000)]
Fix errors in EVP_PKEY_fromdata examples
The EVP_PKEY_fromdata man page has some code examples with various
errors in them. This fixes those errors.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16973)
(cherry picked from commit
4ce64ed79d301939c7f2844a9e5e5fdd2033605f)
Pauli [Fri, 5 Nov 2021 03:10:10 +0000 (13:10 +1000)]
Fix data race setting `default_DSO_meth`
The global variable `default_DSO_meth` was potentially set multiple times by
different threads. It turns out that it could only be set to a single value
so the race is harmless but still better avoided. The fix here simply removes
the global and accesses the value it was set to via the `DSO_METHOD_openssl()`
call.
Problem discovered via #16970, but this does not resolve that issue because
there are other concerns.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16972)
(cherry picked from commit
e6a10b074e90f1ce3d8e9ae0ca740a835ff29bb9)
Pauli [Thu, 4 Nov 2021 05:05:59 +0000 (15:05 +1000)]
Address Coverity
1493362 resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
(cherry picked from commit
1b4d9967a24154f1dc00f471eb843203ec7bb7d4)
Pauli [Thu, 4 Nov 2021 02:52:00 +0000 (12:52 +1000)]
Address coverity
1493382 argument cannot be negative
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
(cherry picked from commit
fe4125382301201e42a3251544cda429bba0c9d7)
Pauli [Thu, 4 Nov 2021 02:46:58 +0000 (12:46 +1000)]
Address Coverity
1493387 Logically dead code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
(cherry picked from commit
182cc644b3a3690bddfecba925486fefa421d6ec)
Pauli [Thu, 4 Nov 2021 01:59:55 +0000 (11:59 +1000)]
Fix coverity
1493364 &
1493375: unchecked return value
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
(cherry picked from commit
73a815defe428e42ccc27fdc9d5be507f980278b)
PW Hu [Mon, 1 Nov 2021 07:00:54 +0000 (15:00 +0800)]
Fix incorrect return check of BN_bn2binpad
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16942)
(cherry picked from commit
098f2627c8d283a518a6e6e60e7893664c7510e0)
Pauli [Wed, 3 Nov 2021 22:23:32 +0000 (08:23 +1000)]
avoid a NULL dereference when getting digest
Fixes #16961
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/16969)
(cherry picked from commit
ab547fc005307ecf48451638e947cdabca147159)
slontis [Mon, 11 Oct 2021 02:00:12 +0000 (12:00 +1000)]
Fix tests to check for negative results when calling EVP_PKEY_fromdata_init
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16801)
(cherry picked from commit
884400d78992d1da1573a3677876b06421b797eb)
Phil Mesnier [Wed, 27 Oct 2021 09:26:45 +0000 (04:26 -0500)]
Fix for a segv interrupt that occurs when fix_dh_rfc5114 is called with
ctx->p2 being a null pointer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16913)
Pauli [Wed, 3 Nov 2021 00:34:36 +0000 (10:34 +1000)]
Add unit tests for weak key and key parity checks
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16953)
(cherry picked from commit
cc350c882218b1053a636d01eb36573b3e7b20c2)
Pauli [Wed, 3 Nov 2021 00:33:06 +0000 (10:33 +1000)]
Convert the weak key and key parity tests to be constant time.
Fixes #16944
Fixes #16859
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16953)
(cherry picked from commit
8db9d07508e201d95e40f8006ede3a76494bbef3)
Bernd Edlinger [Wed, 3 Nov 2021 08:19:39 +0000 (09:19 +0100)]
Fix a memory leak in ssl_create_cipher_list
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16954)
(cherry picked from commit
3a069c1b0b4857b838186aeb55378195dfa50823)
Bernd Edlinger [Wed, 3 Nov 2021 08:40:59 +0000 (09:40 +0100)]
Fix a memory leak in tls_parse_stoc_key_share
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16956)
(cherry picked from commit
b3c34401c088dc247b8b54ea812e7cdde6caf361)
Tom Cosgrove [Tue, 2 Nov 2021 15:26:21 +0000 (15:26 +0000)]
Fix builds on Armv8 systems without AArch64
This fixes "undefined reference to `aes_gcm_dec_128_kernel' in function
`armv8_aes_gcm_decrypt'" and similar
Fixes #16949
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16951)
(cherry picked from commit
3841d0f6f02e1ad3a54beabf1d5395bd1c383254)
x2018 [Mon, 1 Nov 2021 12:36:54 +0000 (20:36 +0800)]
check the return value of BN_new() and BN_dup()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16948)
(cherry picked from commit
d99004fe5de934120765d342586f08d22131b8ed)
Tomas Mraz [Mon, 1 Nov 2021 07:39:21 +0000 (08:39 +0100)]
DES_set_key(): return values as DES_set_key_checked() but always set
This avoids using accidentally uninitialized key schedule in
applications that use DES_set_key() not expecting it to check the key
which is the default on OpenSSL <= 1.1.1
Fixes #16859
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16944)
(cherry picked from commit
6450ea27ffdc22194f27e90796ce5538af2d81e2)
Mingjun.Yang [Thu, 28 Oct 2021 02:14:55 +0000 (10:14 +0800)]
Add missing check according to SM2 Digital Signature generation algorithm
The process should be conforming to clause 6.1 and 6.2 of GMT 0003.2-2012.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16931)
(cherry picked from commit
e81c81c9af8a5d22658110d2dc753582eb87a58e)
PW Hu [Mon, 1 Nov 2021 08:40:27 +0000 (16:40 +0800)]
update doc: BN_bn2lebinpad() and BN_bn2nativepad()
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16943)
(cherry picked from commit
aedc5a819ee3f5267a7ec5c795b97481a1c63dc6)
PW Hu [Mon, 1 Nov 2021 07:08:51 +0000 (15:08 +0800)]
Fix incorrect return check of BN_bn2nativepad
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16943)
(cherry picked from commit
944fcfc69d16dfd20decdd9cd105436f0043dbe0)
Pauli [Tue, 26 Oct 2021 22:22:09 +0000 (08:22 +1000)]
Remove redundant RAND_get0_private() call
The test called this twice which doesn't hurt but isn't ideal.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16921)
(cherry picked from commit
a87c3247ca641f2593391bf44d47e3dccc7f8d73)
PW Hu [Fri, 22 Oct 2021 10:10:17 +0000 (18:10 +0800)]
Fix return value error in doc, and an error test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16889)
[edited to remove end of line whitespace and wrap lines to eighty columns]
(cherry picked from commit
8b7d7789dc4ea0de11331cb4045bcb03ab0864fc)
Richard Levitte [Thu, 21 Oct 2021 07:35:07 +0000 (09:35 +0200)]
Configurations/windows-makefile.tmpl: obj2bin(): use the resource file too
When remaking how programs were linked, the variable `$ress` was forgotten.
Unfortunately, perl treats this with silence.
Fixes #16870
Fixes #16667
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16875)
(cherry picked from commit
01451721afebabd0b7bdcd4cb3a183c9b590d266)
Matt Caswell [Fri, 22 Oct 2021 09:17:14 +0000 (10:17 +0100)]
Fix a gcc 11.2.0 warning
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning
when compiling test/packettest.c, which causes --strict-warnings builds
to fail. A simple fix avoids the warning.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16887)
(cherry picked from commit
37467b2752f75ce80437120f704452982b7c1998)
Matt Caswell [Fri, 22 Oct 2021 14:34:19 +0000 (15:34 +0100)]
Clarify the documentation for the "byname" functions
Make it clear that the cipher/digest objects returned from
EVP_get_cipherbyname() and EVP_get_digestbyname() functions have no
associated implementation fetched from a provider.
Fixes #16864
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16893)
(cherry picked from commit
971dbab4ad20193c27e8c3865e92e8f487b89334)
Tomas Mraz [Wed, 6 Oct 2021 17:21:53 +0000 (19:21 +0200)]
test: fetching proper signature provider for non-exportable keys
Co-author: Selva Nair <selva.nair@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
051228353a9842eede597294603cc06a55e3a22c)
Richard Levitte [Mon, 4 Oct 2021 13:33:37 +0000 (15:33 +0200)]
CORE: Encure that cached fetches can be done per provider
This mostly entails passing around a provider pointer, and handling
queries that includes a pointer to a provider, where NULL means "any".
This also means that there's a need to pass the provider pointer, not
just down to the cache functions, but also be able to get it from
ossl_method_store_fetch(). To this end, that function's OSSL_PROVIDER
pointer argument is modified to be a pointer reference, so the
function can answer back what provider the method comes from.
Test added.
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
dc010ca6ec01d313a84c3c4b040232655a1772ad)
Richard Levitte [Fri, 1 Oct 2021 13:02:15 +0000 (15:02 +0200)]
EVP: For all operations that use an EVP_PKEY, check that there is one
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
433e13455ede1a39d415b690b8a564b4f36b8dee)
Richard Levitte [Fri, 1 Oct 2021 12:05:02 +0000 (14:05 +0200)]
EVP: Allow a fallback for operations that work with an EVP_PKEY
Functions like EVP_PKEY_sign_init() do an implicit fetch of the
operation implementation (EVP_SIGNATURE in this case), then get the
KEYMGMT from the same provider, and tries to export the key there if
necessary.
If an export of the key isn't possible (because the provider that
holds the key is an HSM and therefore can't export), we would simply
fail without looking any further.
This change modifies the behaviour a bit by trying a second fetch of
the operation implementation, but specifically from the provider of
the EVP_PKEY that's being used. This is done with the same properties
that were used with the initial operation implementation fetch, and
should therefore be safe, allowing only what those properties allow.
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
839ffdd11cd48d329a1d89565d62e0be082f9d08)
Richard Levitte [Fri, 1 Oct 2021 10:06:52 +0000 (12:06 +0200)]
EVP: Add internal functions to fetch type specific EVP methods from provider
Added functions:
evp_signature_fetch_from_prov(), evp_asym_cipher_fetch_from_prov(),
evp_keyexch_fetch_from_prov(), evp_kem_fetch_from_prov()
These are all like the public conterparts, except they all take a
provider instead of a library context as first argument.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
ff7781462dd04ab99c159136b47672252bad7fa8)
Richard Levitte [Fri, 1 Oct 2021 06:57:03 +0000 (08:57 +0200)]
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
5246183e7a9f9fb1819d50ab40e2fecc68235e0d)
Richard Levitte [Thu, 30 Sep 2021 15:40:16 +0000 (17:40 +0200)]
EVP: Add evp_keymgmt_fetch_from_prov()
This is an internal function to fetch a keymgmt method from a specific
provider.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
33561e0d5b89a06d1c03b952196d008b5014914a)
Richard Levitte [Thu, 30 Sep 2021 07:44:10 +0000 (09:44 +0200)]
EVP: Add the internal function evp_generic_fetch_from_prov()
This function leverages the generic possibility to fetch EVP methods
from a specific provider.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
2fd3392c8f4e2f3481fa4d7e6a683dc19c6c1cd2)
Richard Levitte [Thu, 30 Sep 2021 07:32:57 +0000 (09:32 +0200)]
CORE: add a provider argument to ossl_method_construct()
This makes it possible to limit the search of methods to that
particular provider. This uses already available possibilities in
ossl_algorithm_do_all().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
(cherry picked from commit
cfce50f791511c8fee7dec90c57f02d9410d039f)
Jiasheng Jiang [Tue, 26 Oct 2021 02:40:20 +0000 (02:40 +0000)]
test/ssl_old_test.c: Do NULL pointer check before its use
In openssl-3.0.0 and system provided, it is not reasonable to
check null pointer after use. The order was accidentally reversed.
Therefore, it is better to correct it.
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16915)
(cherry picked from commit
8c590a219fe30b97cfde2efdd8ea94c03a90a8c6)
x2018 [Tue, 26 Oct 2021 03:31:11 +0000 (11:31 +0800)]
free the Post-Handshake Auth digest when there is an error saving the digest
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16917)
(cherry picked from commit
963eb12dbd551df71d7eb054e095c1b85f4aaab9)
Matt Caswell [Mon, 25 Oct 2021 13:34:38 +0000 (14:34 +0100)]
Test that a key is usable after an EVP_PKEY_fromdata call
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)
(cherry picked from commit
fd19fc4c2726b08282b8db15f9bace2f04712498)
Matt Caswell [Mon, 25 Oct 2021 12:07:01 +0000 (13:07 +0100)]
Don't crash encoding a public key with no public key value
If asked to encode an EC_KEY public key, but no public key value is present
in the structure, we should fail rather than crash.
Fixes the crash seen here:
https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.html
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)
(cherry picked from commit
6187d9eac2738e873d23c0c91f9769333b1bb6af)
x2018 [Fri, 22 Oct 2021 14:50:27 +0000 (22:50 +0800)]
add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(),
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16892)
(cherry picked from commit
9dddcd90a1350fa63486cbf3226c3eee79f9aff5)
Pauli [Mon, 25 Oct 2021 01:16:01 +0000 (11:16 +1000)]
speed: range check the argument given to -multi
For machines where sizeof(size_t) == sizeof(int) there is a possible overflow
which could cause a crash.
For machines where sizeof(size_t) > sizeof(int), the existing checks adequately
detect the situation.
Fixes #16899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16904)
(cherry picked from commit
7220085f22cf6c49933ea8287eb15db57f7ab0db)
Kinshuk Dua [Fri, 22 Oct 2021 07:32:23 +0000 (13:02 +0530)]
Doc: replace `NULL` terminated with `NUL`
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16885)
(cherry picked from commit
089df6f135b7cef4e7d0e7b7acecb1d90f5ef3ed)
PW Hu [Fri, 22 Oct 2021 06:01:36 +0000 (14:01 +0800)]
doc: Fix some function signature errors
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16897)
(cherry picked from commit
1e4cef5fde59e28f10ec555801349d06471d1da0)
Pauli [Mon, 25 Oct 2021 02:01:11 +0000 (12:01 +1000)]
test-rand: return failure on not enough data, allow parent
The test-rand RNG was returning success when it had some but insufficient data.
Now, it returns failure and doesn't advance the data pointer.
The test-rand RNG was failing when a parent was specified. This case is now
ignored.
Fixes #16785
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16905)
(cherry picked from commit
d4dfd983e32b32b633aaa9edec422cc30419c6f7)
Tomas Mraz [Thu, 21 Oct 2021 15:40:22 +0000 (17:40 +0200)]
migration_guide: Mention ERR_GET_FUNC() and function code removal
Fixes #16817
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16879)
(cherry picked from commit
b387274d0fb3097d3a252d397226b86b8f98f30d)
Tomas Mraz [Wed, 13 Oct 2021 07:00:31 +0000 (09:00 +0200)]
cmp.c: Avoid dereference with negative index and use memcpy
This prevents a compile-time warning on newer gcc.
Also fix the related warning message.
Fixes #16814
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16821)
(cherry picked from commit
767db672c429aeb98a68b0e310dea15f1b48eb84)
Tomas Mraz [Fri, 22 Oct 2021 12:22:57 +0000 (14:22 +0200)]
X509_PUBKEY_dup: Do not just up-ref the EVP_PKEY
We try EVP_PKEY_dup() and if it fails we re-decode it using the
legacy method as provided keys should be duplicable.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)
(cherry picked from commit
7e35458b511f042d9a37d49227b01096c444e575)
Tomas Mraz [Thu, 21 Oct 2021 17:06:55 +0000 (19:06 +0200)]
X509_dup: Avoid duplicating the embedded EVP_PKEY
The EVP_PKEY will be recreated from scratch which is OK.
Fixes #16606
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)
(cherry picked from commit
e0c5184a56b6580127b39774f9e4e0f2caef696e)
Tomas Mraz [Wed, 22 Sep 2021 15:24:09 +0000 (17:24 +0200)]
tests: Add test for X509_dup with ENGINE based key
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)
(cherry picked from commit
bf585c9c071ec606ebb4606e749e63354140ca30)
Matt Caswell [Fri, 22 Oct 2021 15:09:44 +0000 (16:09 +0100)]
Fix no-cmac
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16894)
(cherry picked from commit
ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604)
Tomas Mraz [Fri, 22 Oct 2021 07:38:18 +0000 (09:38 +0200)]
OCSP_sendreq_bio: Avoid doublefree of mem BIO
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16886)
(cherry picked from commit
f99b34957f4173f68d6f19d0d9fac37d797b7e0c)
PW Hu [Thu, 21 Oct 2021 07:16:17 +0000 (15:16 +0800)]
doc: Fix some function signature errors
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16874)
(cherry picked from commit
7b2bde500dfdad6628b15c5faa641d0f6602110e)
Dr. David von Oheimb [Fri, 22 Oct 2021 10:04:35 +0000 (12:04 +0200)]
OSSL_HTTP_transfer.pod: clarify that resulting BIO must be freed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16888)
(cherry picked from commit
a26c089ba3637a3283cc0e76ea9529e90d18ba0d)
Dr. David von Oheimb [Fri, 22 Oct 2021 10:04:11 +0000 (12:04 +0200)]
OSSL_HTTP_REQ_CTX.pod: clarify that resulting BIO must not be freed
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16888)
(cherry picked from commit
4258845e4eb86854f723c0160c051a727ec08a56)
Arne Schwabe [Wed, 13 Oct 2021 13:16:58 +0000 (15:16 +0200)]
Note that SHA1 and MD5 x509 signatures are also forbidden at security level 1
The exclusion of SHA1 for X509 signatures is not obvious as the "intuative"
idea is that SHA1 should have 80 security bits. However the security bits
of SHA1 are explicitly set to 63 to avoid the it being strong enough for
security level 1. x509_set.c has the comment:
/*
* SHA1 and MD5 are known to be broken. Reduce security bits so that
* they're no longer accepted at security level 1.
* The real values don't really matter as long as they're lower than 80,
* which is our security level 1.
*/
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16828)
Kinshuk Dua [Thu, 21 Oct 2021 13:17:53 +0000 (18:47 +0530)]
Doc: be explicit about NUL in max_identity_len
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16877)
(cherry picked from commit
25ead551aa31feae91cab91b648a2ca16bc7a8dc)
Matt Caswell [Thu, 14 Oct 2021 16:31:36 +0000 (17:31 +0100)]
Fix the s_server psk_server_cb for use in DTLS
Commit
0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes #16707
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
(cherry picked from commit
8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)
yuanjungong [Wed, 1 Sep 2021 03:33:34 +0000 (11:33 +0800)]
Clean up on failed BIO creation
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16316)
(cherry picked from commit
f11c01a666e9d5b97e859cbc74586802549dee00)
PW Hu [Thu, 7 Oct 2021 03:40:49 +0000 (11:40 +0800)]
Fix documentation errors, mainly caused by return values of BIO_ctrl
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16767)
(cherry picked from commit
5001287c0dcd8ca4ffc564b360f86df79bba40c1)
PW Hu [Sat, 9 Oct 2021 07:21:00 +0000 (15:21 +0800)]
Fix some documentation errors related to return values
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16794)
(cherry picked from commit
f1d077f1108b1bc2334350a4d53a46e29e082910)
Tomas Mraz [Fri, 15 Oct 2021 12:50:17 +0000 (14:50 +0200)]
doc: EVP_PKEY_get_utf8/octet_string_param() clarify NULL buffer behavior
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16843)
(cherry picked from commit
cde5a12d5e83ba0d7c5b2dd7bafa4d2abe2d45bf)
Tomas Mraz [Wed, 20 Oct 2021 16:27:47 +0000 (18:27 +0200)]
doc: Document the type of label EVP_PKEY_CTX_set0_rsa_oaep_label properly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16869)
(cherry picked from commit
3d63315366f673328b41750a6e1708d3d6cf11a0)
Matt Caswell [Wed, 20 Oct 2021 14:47:22 +0000 (15:47 +0100)]
Update pyca-cryptography sub-module
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
7cce994d3e57345ba729388b9321d9bf8b661b4f)
Matt Caswell [Mon, 11 Oct 2021 12:43:19 +0000 (13:43 +0100)]
Fix acvp_test sig_gen
Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
1b327433e52c8acd6db0a69bc772d4bd1800a109)
Matt Caswell [Mon, 11 Oct 2021 12:12:49 +0000 (13:12 +0100)]
Fix test_CMAC_keygen
Make sure we correctly pass through the size of the buffer to
EVP_DigestSignFinal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
cff7d58eb4c8e0ef43e2fd0b12bc067bd3540e2c)
Matt Caswell [Mon, 11 Oct 2021 11:08:29 +0000 (12:08 +0100)]
Fix a bug in signature self tests in the FIPS module
When calling EVP_PKEY_sign(), the size of the signature buffer must
be passed in *siglen.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
61adb6cf950b65a7bfce9a8d78a7744dfae9f978)
Matt Caswell [Fri, 8 Oct 2021 13:43:17 +0000 (14:43 +0100)]
Add an additional note to EVP_DigestSign() documentation
Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
dc3f057ce1701d5fd77cc4fcc1d14afe3e3122a3)
Matt Caswell [Thu, 7 Oct 2021 13:15:47 +0000 (14:15 +0100)]
Test short buffers
Test that calling EVP_DigestSign(), EVP_DigestSignFinal(),
EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or
EVP_PKEY_get_raw_public_key() with a short output buffer results in a
failure.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
15ff7d7c2569a1aceaf6e85b61aee62422628fc9)
Matt Caswell [Thu, 7 Oct 2021 13:14:52 +0000 (14:14 +0100)]
Fix SSKDF to not claim a buffer size that is too small for the MAC
We also check that our buffer is sufficiently sized for the MAC output
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
7be8ba546267787c1b0df8a4fddaf9cb29944cbb)
Matt Caswell [Thu, 7 Oct 2021 13:06:32 +0000 (14:06 +0100)]
Enforce a size check in EVP_MAC_final()
Make sure that the outsize for the buffer is large enough for the
output from the MAC.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
b97f4dd73b4711eebf731ae0efa6e9b77c7f3304)
Matt Caswell [Thu, 7 Oct 2021 10:33:17 +0000 (11:33 +0100)]
Prevent an overflow if an application supplies a buffer that is too small
If an application bug means that a buffer smaller than is necessary is
passed to various functions then OpenSSL does not spot that the buffer
is too small and fills it anyway. This PR prevents that.
Since it requires an application bug to hit this problem, no CVE is
allocated.
Thanks to David Benjamin for reporting this issue.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
(cherry picked from commit
43da9a14f0e73f42f28ae34219929b44df5d1a11)
Tomas Mraz [Wed, 20 Oct 2021 11:33:27 +0000 (13:33 +0200)]
Add missing define to enable AES-NI usage on x86 platform
Fixes #16858
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16866)
(cherry picked from commit
d92c696d82b55552da62d6fb71942645315e307a)
PW Hu [Mon, 18 Oct 2021 08:49:14 +0000 (16:49 +0800)]
Fix function signature error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/16852)
(cherry picked from commit
10343fa52731c6a66a761b578d2aa37a364083c8)
Matt Caswell [Fri, 15 Oct 2021 15:30:45 +0000 (16:30 +0100)]
Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
3 commits related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
(cherry picked from commit
0299094c52ddb66f9a22cfff4e7d70c139112832)
Matt Caswell [Fri, 15 Oct 2021 15:28:53 +0000 (16:28 +0100)]
Update provider_util.c to correctly handle ENGINE references
provider_util.c failed to free ENGINE references when clearing a cipher
or a digest. Additionally ciphers and digests were not copied correctly,
which would lead to double-frees if it were not for the previously
mentioned leaks.
Fixes #16845
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
(cherry picked from commit
86c15ba87488f88e6191f098ff154f79ce91847b)
Matt Caswell [Fri, 15 Oct 2021 15:23:31 +0000 (16:23 +0100)]
Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
(cherry picked from commit
f7d6868d0d48fedd5d9daad0c3e0cbcaef423ff3)
Matt Caswell [Fri, 15 Oct 2021 15:06:28 +0000 (16:06 +0100)]
Make sure EVP_CIPHER_CTX_copy works with the dasync engine
Ciphers in the daysnc engine were failing to copy their context properly
in the event of EVP_CIPHER_CTX_copy() because they did not define the
flag EVP_CIPH_CUSTOM_FLAG
Fixes #16844
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16846)
(cherry picked from commit
a0cbc2d222743fc4ffd276b97bd5f8aeacf01122)
jwalch [Fri, 15 Oct 2021 23:03:17 +0000 (19:03 -0400)]
Avoid NULL+X UB in bss_mem.c
Fixes #16816
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16818)
(cherry picked from commit
a98b26588b683eb024ab81f3bb3549c43acd5188)
Matt Caswell [Thu, 14 Oct 2021 16:04:16 +0000 (17:04 +0100)]
Fix the signature newctx documentation
The documentation omitted the propq parameter
Fixes #16755
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16836)
(cherry picked from commit
5fdc95e443b4d62a3d1f7094ae6d6ae4682b77e0)
Richard Levitte [Sat, 16 Oct 2021 08:22:42 +0000 (10:22 +0200)]
Fix lock leak in evp_keymgmt_util_export_to_provider()
Fixes #16847
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16849)
(cherry picked from commit
fb0f65fff831d9294e34b6ef6f579c157db54b04)
Tomas Mraz [Thu, 14 Oct 2021 09:02:36 +0000 (11:02 +0200)]
Raise error when invalid digest used with SM2
Otherwise commands like openssl req -newkey sm2 fail silently without
reporting any error unless -sm3 option is added.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16833)
(cherry picked from commit
d5d95daba59adc41ab60ea86acd513f255fca3c0)
Peiwei Hu [Tue, 12 Oct 2021 02:50:12 +0000 (10:50 +0800)]
test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16806)
(cherry picked from commit
34563be5368fb8e6ade7d06d8376522ba83cd6ac)
Richard Levitte [Thu, 14 Oct 2021 16:49:11 +0000 (18:49 +0200)]
Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping the version info makes the
test work again.
Fixes #16810 (followup)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
(cherry picked from commit
73970cb91fdf8e7b4b434d479b875a47a0aa0dbc)
Bernd Edlinger [Wed, 13 Oct 2021 04:37:46 +0000 (06:37 +0200)]
Fix another memory leak reported in CIFuzz
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)
(cherry picked from commit
19b30f1c596a8df2a522f9d6dfc1c1782790fc78)
Bernd Edlinger [Tue, 12 Oct 2021 17:38:14 +0000 (19:38 +0200)]
Fix a memory leak reported in CIFuzz
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
#3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
#4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
#5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
#6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp
#10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp
#12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16813)
(cherry picked from commit
74b485848a608383d8d37c04480821ea7b613110)