Richard Levitte [Fri, 10 Jun 2022 17:50:01 +0000 (19:50 +0200)]
test/recipes/*.t: setup() doesn't play well with spaces in the argument
The argument translates into a directory name, and there are platforms
that don't allow spaces (at least not easily), which makes the test fail.
This modifies it to conform a bit better to the usual form for that arg.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18531)
Michael Baentsch [Tue, 7 Jun 2022 06:28:26 +0000 (08:28 +0200)]
Fix for OSSL_PARAM sample code referencing OSSL_PARAM_UTF8_PTR
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18490)
Tomas Mraz [Thu, 9 Jun 2022 14:20:05 +0000 (16:20 +0200)]
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18510)
Tomas Mraz [Thu, 9 Jun 2022 10:34:55 +0000 (12:34 +0200)]
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/
13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18510)
Jiasheng Jiang [Tue, 14 Jun 2022 09:15:05 +0000 (17:15 +0800)]
test/ssl_old_test.c: Add check for OPENSSL_malloc
As the potential failure of the OPENSSL_malloc(),
it should be better to add the check and return
error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18555)
Kan [Sun, 12 Jun 2022 13:11:01 +0000 (21:11 +0800)]
Add sensitive memory clean in priv encode
Fixed #18540
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18541)
Jiasheng Jiang [Tue, 14 Jun 2022 07:06:23 +0000 (15:06 +0800)]
test/ssl_old_test.c: Add check for OPENSSL_zalloc
As the potential failure of the OPENSSL_zalloc(),
it should be better to add the check and return
error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18552)
K1 [Wed, 8 Jun 2022 08:41:16 +0000 (16:41 +0800)]
Fix a mem leak in evp_pkey_export_to_provider
If keymgmt is NULL, tmp_keymgmt is allocated and will not be freed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18499)
Matt Caswell [Thu, 9 Jun 2022 15:57:30 +0000 (16:57 +0100)]
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
Richard Levitte [Sat, 11 Jun 2022 05:40:40 +0000 (07:40 +0200)]
providers/implementations/exchange/kdf_exch.c: Fix kdf_derive()
kdf_derive() calls EVP_KDF_derive(), but didn't do enough to adapt its input
buffer length arguments to fit the requirements to call EVP_KDF_derive().
Fixes #18517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
(cherry picked from commit
e906eab8d863ac7bdadc671e8d0686fead88c4bf)
Richard Levitte [Sun, 12 Jun 2022 04:03:50 +0000 (06:03 +0200)]
test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests
EVP_PKEY_derive() should be able to cope with a too big buffer for fixed
size outputs. However, we don't test that.
This change modifies the PKEYKDF tests to ask EVP_PKEY_derive() what the
desired output buffer size is, and as long as the returned value isn't
absurd (indicating that anything goes), the output buffer is made to be
twice as big as what is expected.
Tests #18517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
(cherry picked from commit
a0587aaeff7391b8cf4ee4c6a233d0f4dca7d62f)
Matt Caswell [Thu, 9 Jun 2022 11:02:37 +0000 (12:02 +0100)]
Fix the export routines to not return success if param alloc failed
We fix the dsa, dh, ec and rsa export routines so that they are
consistent with each other and do not report success if the allocation
of parameters failed.
This is essentially the same fix as applied in #18483 but applied to all
relevant key types.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18507)
Tomas Mraz [Wed, 13 Apr 2022 10:44:34 +0000 (12:44 +0200)]
test_pkey_check: Positive testcase for private key with unknown parameters
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18099)
Tomas Mraz [Tue, 12 Apr 2022 13:36:05 +0000 (15:36 +0200)]
ossl_dh_check_priv_key: Do not fail on private keys without q
Fixes #18098
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18099)
Tomas Mraz [Fri, 10 Jun 2022 12:41:27 +0000 (14:41 +0200)]
Testcase for regression by PPC64 fixed length montgomery multiplication
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18512)
Tomas Mraz [Thu, 9 Jun 2022 14:42:37 +0000 (16:42 +0200)]
Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"
This reverts commit
0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79.
It was found that the computation produces incorrect results in some
cases.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18512)
Tomas Mraz [Mon, 13 Jun 2022 13:50:18 +0000 (15:50 +0200)]
Avoid reusing the init_lock for a different purpose
Otherwise we might cause a recursive locking.
Fixes #18535
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18545)
Pauli [Thu, 9 Jun 2022 00:23:58 +0000 (10:23 +1000)]
init: fix defined but unused warning/error
The #ifdefs weren't quite correct at times.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18503)
slontis [Mon, 30 May 2022 08:07:40 +0000 (18:07 +1000)]
RSA keygen update: Raise an error if no prime candidate q is found.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
slontis [Mon, 30 May 2022 08:03:11 +0000 (18:03 +1000)]
RSA Keygen update - When using the default provider fallback to default multiprime keygen if e is < 65537
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
slontis [Mon, 30 May 2022 07:56:53 +0000 (17:56 +1000)]
RSA keygen fixes
Fixes #18321
Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm update made in FIPS 186-5.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
Billy Brumley [Thu, 9 Jun 2022 21:03:23 +0000 (00:03 +0300)]
[crypto/bn] BN_consttime_swap: remove superfluous early exit
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18518)
Tomas Mraz [Wed, 8 Jun 2022 15:48:39 +0000 (17:48 +0200)]
sm2_dupctx: Avoid potential use after free of the md
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
Tomas Mraz [Tue, 7 Jun 2022 16:49:29 +0000 (18:49 +0200)]
Check return of BIO_new() and always free pkey from evp_pkey_copy_downgraded()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
Tomas Mraz [Tue, 7 Jun 2022 12:17:32 +0000 (14:17 +0200)]
add_provider_groups: Clean up algorithm pointer on failure
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
Tomas Mraz [Tue, 7 Jun 2022 12:16:30 +0000 (14:16 +0200)]
parse_unquoted: Check returned value from ossl_property_value()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18494)
Bernd Edlinger [Wed, 8 Jun 2022 15:36:52 +0000 (17:36 +0200)]
Fix a use after free in error handling of hmac_dup
dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.
Fixes #18493
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18502)
Hongren (Zenithal) Zheng [Sat, 30 Apr 2022 09:59:05 +0000 (17:59 +0800)]
providers: cipher: aes: add riscv64 zkn support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Tested-by: Jiatai He <jiatai2021@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Hongren (Zenithal) Zheng [Fri, 29 Apr 2022 16:11:28 +0000 (00:11 +0800)]
aes_platform: add riscv64 zkn asm support
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Hongren (Zenithal) Zheng [Fri, 29 Apr 2022 16:18:29 +0000 (00:18 +0800)]
Add riscv scalar crypto extension capability
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Hongren (Zenithal) Zheng [Sat, 30 Apr 2022 09:37:46 +0000 (17:37 +0800)]
add build support for riscv64 aes zkn
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Hongren (Zenithal) Zheng [Wed, 27 Apr 2022 18:41:22 +0000 (02:41 +0800)]
Add AES implementation in riscv64 zkn asm
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Matt Caswell [Mon, 6 Jun 2022 09:06:57 +0000 (10:06 +0100)]
Assert that a property definition cache entry is the first
When adding a property definition cache entry for a given property query
string we add an assert that we are not replacing an existing entry. If we
are then that indicates a bug in the caller.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
Matt Caswell [Thu, 2 Jun 2022 10:14:32 +0000 (11:14 +0100)]
Fix a memory leak in ossl_method_store_add()
If the call to ossl_prop_defn_set() fails then the OSSL_PROPERTY_LIST
we just created will leak.
Found as a result of:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1139499881
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
Todd Short [Mon, 6 Jun 2022 15:46:36 +0000 (11:46 -0400)]
Update SIV mode documentation
Fixes #18440
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18485)
Matt Caswell [Mon, 6 Jun 2022 09:32:49 +0000 (10:32 +0100)]
Don't report success from ec_export if OSSL_PARAM_BLD_to_param failed
If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was
reporting success, even though it has never called the param_cb.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1145993650
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18483)
Matt Caswell [Fri, 3 Jun 2022 13:01:22 +0000 (14:01 +0100)]
Fix a mem leak in evp_pkey_copy_downgraded()
If we get a failure during evp_pkey_copy_downgraded() and on entry *dest
was NULL then we leak the EVP_PKEY that was automatically allocated and
stored in *dest.
Found due to this comment:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1145028315
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18470)
Tomas Mraz [Tue, 24 May 2022 15:31:00 +0000 (17:31 +0200)]
High level overview of QUIC Implementation
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18406)
Tomas Mraz [Thu, 2 Jun 2022 14:50:15 +0000 (16:50 +0200)]
Check return value of ossl_parse_property()
Also check if we have d2i_public_key() function pointer.
Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-
1144893289
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18462)
Matt Caswell [Thu, 2 Jun 2022 12:54:45 +0000 (13:54 +0100)]
CONF_modules_unload should fail if CONF_modules_finish fails
The module_list_lock is used by CONF_modules_unload(). That function relies
on the RUN_ONCE in CONF_modules_finish() to initialise that lock. However
if the RUN_ONCE fails that failure is not propagated to
CONF_modules_unload() and so it erroneously tries to use the lock anyway.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1144734604
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18460)
Clemens Lang [Fri, 3 Jun 2022 11:23:36 +0000 (13:23 +0200)]
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com>
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18469)
Tomas Mraz [Thu, 2 Jun 2022 16:12:05 +0000 (18:12 +0200)]
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms and the
SM2 certificates will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18467)
Bernd Edlinger [Wed, 1 Jun 2022 14:37:05 +0000 (16:37 +0200)]
Change the SCT issuer key to RSA 2048
This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18450)
Tomas Mraz [Tue, 29 Mar 2022 11:31:34 +0000 (13:31 +0200)]
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
Tomas Mraz [Fri, 25 Mar 2022 14:26:13 +0000 (15:26 +0100)]
Enable setting SSL_CERT_FLAG_TLS_STRICT with ssl config
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17989)
Tomas Mraz [Tue, 17 May 2022 14:56:48 +0000 (16:56 +0200)]
CI: Add enable-quic to some of the builds
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Tomas Mraz [Mon, 16 May 2022 16:08:54 +0000 (18:08 +0200)]
Add a test_ssl_new testcase
This requires some code being pulled into the empty protocol
implementation so the state machinery works.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Tomas Mraz [Fri, 13 May 2022 14:45:07 +0000 (16:45 +0200)]
First working empty protocol test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Tomas Mraz [Fri, 13 May 2022 13:34:22 +0000 (15:34 +0200)]
Add empty implementations of quic method functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Tomas Mraz [Thu, 12 May 2022 13:41:51 +0000 (15:41 +0200)]
Add OSSL_QUIC methods to headers and manual pages
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Tomas Mraz [Thu, 12 May 2022 12:54:08 +0000 (14:54 +0200)]
Configure: Add disablable for QUIC, disabled by default
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Nikolas [Sun, 12 Sep 2021 18:54:43 +0000 (21:54 +0300)]
Revert unnecessary PKCS7_verify() performance optimization
It appears that creating temporary read-only mem BIO won't increase performance significally
anymore. But it increases PKCS7_verify() complexity, so should be removed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16590)
slontis [Tue, 31 May 2022 23:28:55 +0000 (09:28 +1000)]
Add VERSIONINFO resource to legacy provider if it is not builtin
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
slontis [Fri, 27 May 2022 04:40:18 +0000 (14:40 +1000)]
Add Windows VERSIONINFO resource to fips provider dll.
Fixes #18388
This just looks like an omission, as this is added to libcrypto and libssl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18416)
Peiwei Hu [Sat, 28 May 2022 16:07:04 +0000 (00:07 +0800)]
Fix the checks of BIO_get_cipher_status
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 16:05:28 +0000 (00:05 +0800)]
Fix the checks of EVP_PKEY_param_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 16:02:37 +0000 (00:02 +0800)]
Fix the checks of UI_add_input_string
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 15:59:36 +0000 (23:59 +0800)]
Fix the checks of EVP_PKEY_private_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 15:56:02 +0000 (23:56 +0800)]
Fix the checks of EVP_PKEY_public_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 15:53:19 +0000 (23:53 +0800)]
Fix the checks of EVP_PKEY_pairwise_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 15:51:32 +0000 (23:51 +0800)]
Fix the checks of EVP_PKEY_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Peiwei Hu [Sat, 28 May 2022 15:46:33 +0000 (23:46 +0800)]
Fix the checks of RAND_bytes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
Tomas Mraz [Mon, 30 May 2022 15:02:03 +0000 (17:02 +0200)]
CTLOG_new_ex: Fix copy&paste error when setting propq
Fixes #18431
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18432)
Zhou Qingyang [Fri, 25 Mar 2022 12:28:32 +0000 (20:28 +0800)]
Fix possible null pointer dereference of evp_pkey_get_legacy()
evp_pkey_get_legacy() will return NULL on failure, however several
uses of it or its wrappers does not check the return value of
evp_pkey_get_legacy(), which could lead to NULL pointer dereference.
Fix those possible bugs by adding NULL checking.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17967)
Matt Caswell [Fri, 27 May 2022 10:07:37 +0000 (11:07 +0100)]
Don't call ossl_provider_free() without first setting refcnt
The function ossl_provider_free() decrements the refcnt of the
provider and frees it if it has reached 0. This only works if the
refcnt has already been initialised. We must only call
ossl_provider_free() after this initialisation - otherwise it will fail
to free the provider correctly.
Addresses the issue mentioned here:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1138741857
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18417)
Matt Caswell [Thu, 26 May 2022 14:34:38 +0000 (15:34 +0100)]
Fix a memory leak is ossl_provider_doall_activated
If the callback fails then we don't correctly free providers that were
already in our stack and that we up-refed earlier.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18413)
Matt Caswell [Thu, 26 May 2022 10:30:09 +0000 (11:30 +0100)]
Fix another decoder mem leak on an error path
If pushing the decoder onto a stack fails then we should free the ref
we just created.
Found due to the error report here:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1138205688
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18411)
Matt Caswell [Thu, 26 May 2022 10:09:58 +0000 (11:09 +0100)]
Fix a decoder mem leak on an error path
If an error condition occurs then the the decoder that was up-refed in
ossl_decoder_instance_new can be leaked.
Found due to the error report here:
https://github.com/openssl/openssl/pull/18355#issuecomment-
1138205688
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18410)
Peiwei Hu [Tue, 24 May 2022 15:57:33 +0000 (23:57 +0800)]
Fix the checks of EVP_PKEY_CTX_set/get_* functions
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18399)
Peiwei Hu [Tue, 24 May 2022 15:40:12 +0000 (23:40 +0800)]
Fix the check of evp_pkey_ctx_set_params_strict
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18399)
Peiwei Hu [Tue, 24 May 2022 15:38:39 +0000 (23:38 +0800)]
Fix the checks of EVP_PKEY_CTX_get/set_rsa_pss_saltlen
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18399)
Peiwei Hu [Tue, 24 May 2022 15:27:49 +0000 (23:27 +0800)]
Fix the erroneous checks of EVP_PKEY_CTX_set_group_name
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18399)
Jiuhai Zhang [Thu, 26 May 2022 11:10:31 +0000 (11:10 +0000)]
Fix code format: BLOCK_CIPHER_custom
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18412)
Ladislav Marko [Sat, 28 May 2022 10:59:34 +0000 (12:59 +0200)]
doc: Fix keymgmt functions parameters
CLA: trivial
Make OSSL_FUNC_keymgmt_import and OSSL_FUNC_keymgmt_export documentation correspond to core_dispatch.h signatures
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18423)
Tomas Mraz [Wed, 1 Jun 2022 10:06:33 +0000 (12:06 +0200)]
Update expired SCT issuer certificate
Fixes #15179
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18444)
Hugo Landau [Tue, 17 May 2022 12:47:57 +0000 (13:47 +0100)]
Make OSSL_LIB_CTX_load_config thread safe
Fixes #18226.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18331)
Pauli [Tue, 24 May 2022 07:29:32 +0000 (17:29 +1000)]
changes: add note saying the locale based strcasecmp has been replaced
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18389)
Dr. David von Oheimb [Tue, 24 May 2022 18:33:32 +0000 (20:33 +0200)]
OSSL_trace_enabled.pod and OSSL_trace_set_channel.pod: improve doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18386)
Dr. David von Oheimb [Mon, 23 May 2022 17:43:56 +0000 (19:43 +0200)]
http_client.c: Dump response on error when tracing is enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18386)
Samuel Lee [Mon, 11 Apr 2022 14:36:16 +0000 (15:36 +0100)]
Move types.h #undefs for wincrypt.h compatibility
+ Always undef the symbols that may have been #define-d
by wincrypt.h after the first inclusion of types.h to
avoid errors from wincrypt.h symbols being used to
compile OpenSSL code
+ Also need to remove #pragma once for this approach to work
+ Define WINCRYPT_USE_SYMBOL_PREFIX to enable wincrypt
symbol prefix at some point in future
Fixes #9981
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/18131)
Bernd Edlinger [Tue, 24 May 2022 16:48:02 +0000 (18:48 +0200)]
Fix visual glitch in non-verbose test output
This fixes a glitch in the non-verbose test output
$ make test
[...]
80-test_ciphername.t .... ok
80-test_cmp_http.t ...... 5/?
80-test_cmp_http.t ...... ok 611
80-test_cms.t ........... ok
80-test_cmsapi.t ........ ok
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18401)
Todd Short [Wed, 25 May 2022 15:39:20 +0000 (11:39 -0400)]
Make running individual ssl-test easier
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18407)
Tomas Mraz [Thu, 12 May 2022 10:11:08 +0000 (12:11 +0200)]
Check that UnsafeLegacyServerConnect option exists
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)
Tomas Mraz [Thu, 12 May 2022 09:53:27 +0000 (11:53 +0200)]
The -no_legacy_server_connect option applies to client
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)
Tomas Mraz [Thu, 12 May 2022 06:41:14 +0000 (08:41 +0200)]
Actually implement UnsafeLegacyServerConnect as documented
Fixes #18295
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18296)
Richard Levitte [Wed, 25 May 2022 02:54:54 +0000 (04:54 +0200)]
Configurations/gentemplate.pm: Generate generators too, when necessary
A generator in a `GENERATE[generated]=generator` build.info statement may
itself be generated. That needs to be taken into account.
This was always meant to be, but we missed the spot, for lack of use cases.
Now we have one.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18263)
Tomas Mraz [Tue, 24 May 2022 15:06:13 +0000 (17:06 +0200)]
Generate the preprocessed .s files for chacha and poly 1305 on ia64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18263)
Tomas Mraz [Fri, 6 May 2022 14:48:49 +0000 (16:48 +0200)]
Revert "Use .s extension for ia64 assembler"
This reverts commit
6009997abd2594d5a7c0606176f404190922b74d.
The .s extension is incorrect as the assembler files contain
preprocessor directives.
Fixes #18259
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18263)
Tom Hughes [Mon, 23 May 2022 11:55:10 +0000 (12:55 +0100)]
Don't include sys/select.h on HP-UX as it doesn't exist
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18395)
Hugo Landau [Mon, 23 May 2022 09:42:03 +0000 (10:42 +0100)]
QUIC wire format support
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18382)
Peiwei Hu [Tue, 24 May 2022 15:10:29 +0000 (23:10 +0800)]
Fix the check of UI_method_set_ex_data
UI_method_set_ex_data returns 0 and 1 instead of negative numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)
Peiwei Hu [Tue, 24 May 2022 14:59:41 +0000 (22:59 +0800)]
Fix the incorrect checks of EVP_CIPHER_CTX_rand_key
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)
Peiwei Hu [Tue, 24 May 2022 14:57:53 +0000 (22:57 +0800)]
Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)
Peiwei Hu [Sat, 21 May 2022 07:27:04 +0000 (15:27 +0800)]
Fix the defective check of EVP_PKEY_get_params
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18367)
Peiwei Hu [Sat, 21 May 2022 08:38:58 +0000 (16:38 +0800)]
Fix check of dtls1_process_record
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18369)
Richard Levitte [Tue, 24 May 2022 15:20:52 +0000 (17:20 +0200)]
Remove include/openssl/configuration.h from mandatory dependencies
Since this file is generated by configdata.pm, there's no need to include it
among the mandatory dependencies (which end up in the `GENERATE_MANDATORY`
Makefile variable). In fact, it shouldn't be there any more, as that would
also cause it to be removed by `make clean`.
To compensate, we add an explicit removal of that file in the `distclean`
target on all platform families.
Fixes #18396
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18398)
Bernd Edlinger [Mon, 23 May 2022 15:26:15 +0000 (17:26 +0200)]
Fix style nits in crl_set_issuers
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18385)
Bernd Edlinger [Sat, 21 May 2022 05:50:46 +0000 (07:50 +0200)]
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=
1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/
3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-
3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=
1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
Hongren (Zenithal) Zheng [Fri, 13 May 2022 19:35:27 +0000 (03:35 +0800)]
Add riscv64 asm_arch to BSD-riscv64 target
Following
cb2764f2a8 Add riscv64 asm_arch to linux64-riscv64 target
Current ASM does not have Linux specific thing thus this is
suitable for BSD
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18309)
Dmitry Belyavskiy [Mon, 23 May 2022 09:06:19 +0000 (11:06 +0200)]
Update gost-engine to the last changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18381)