Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.#12
Closed
robstradling wants to merge 6 commits intoopenssl:OpenSSL_1_0_2-stablefrom
robstradling:OpenSSL_1_0_2-stable
Closed
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.#12robstradling wants to merge 6 commits intoopenssl:OpenSSL_1_0_2-stablefrom robstradling:OpenSSL_1_0_2-stable
robstradling wants to merge 6 commits intoopenssl:OpenSSL_1_0_2-stablefrom
robstradling:OpenSSL_1_0_2-stable
Conversation
added 6 commits
September 9, 2013 10:44
… on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Contributor
|
Merged at 86a66de. |
tomato42
referenced
this pull request
in tomato42/openssl
May 24, 2015
Disable ChaCha20/Poly1305 when using DTLS
mattcaswell
added a commit
to mattcaswell/web
that referenced
this pull request
Jun 13, 2017
Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl/openssl#12)
levitte
added a commit
to openssl/tools
that referenced
this pull request
Feb 13, 2018
Use 'git diff-tree --name-status' to get the current status of each file. Reviewed-by: Rich Salz <[email protected]> (Merged from openssl/openssl#12)
levitte
added a commit
to openssl/tools
that referenced
this pull request
Feb 13, 2018
To make sure we don't lose file permissions, use sed -i Reviewed-by: Rich Salz <[email protected]> (Merged from openssl/openssl#12)
Closed
This was referenced Jul 24, 2019
Closed
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Nov 21, 2022
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Dec 6, 2022
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Dec 17, 2022
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Dec 23, 2022
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
beldmit
pushed a commit
to beldmit/openssl
that referenced
this pull request
Dec 26, 2022
Leak sanitizer reports following leak for ssl-test-new subtest
4-tlsv1_2-both-compress:
==335733==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
openssl#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
openssl#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
openssl#12 0x100e85b in do_handshake_internal test/helpers/handshake.c:1544
openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543
openssl#15 0x1027875 in run_tests test/testutil/driver.c:370
openssl#16 0x1008393 in main test/testutil/main.c:30
openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
openssl#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
openssl#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
openssl#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
openssl#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
openssl#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
openssl#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
openssl#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
openssl#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
openssl#12 0x1010b09 in do_handshake_internal test/helpers/handshake.c:1550
openssl#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
openssl#14 0x101d1a7 in test_handshake test/ssl_test.c:543
openssl#15 0x1027875 in run_tests test/testutil/driver.c:370
openssl#16 0x1008393 in main test/testutil/main.c:30
openssl#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
openssl#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
openssl#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
SUMMARY: AddressSanitizer: 35456 byte(s) leaked in 2 allocation(s).
Fix this by freeing the SSL3_RECORD structure inside the OSSL_RECORD_LAYER.
Signed-off-by: Juergen Christ <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#19030)
mamckee
pushed a commit
to mamckee/openssl
that referenced
this pull request
Dec 28, 2022
* Update copyright year Reviewed-by: Richard Levitte <[email protected]> * Run make update Reviewed-by: Richard Levitte <[email protected]> * Prepare for 1.1.1l release Reviewed-by: Richard Levitte <[email protected]> * Prepare for 1.1.1m-dev Reviewed-by: Richard Levitte <[email protected]> * Fix the array size of dtlsseq in tls1_enc Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16385) (cherry picked from commit 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4) * Avoid using undefined value in generate_stateless_cookie_callback Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16381) * Fix some strict gcc-12 warnings Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16375) * apps/ciphers: Fix wrong return value when using -convert parameter Command 'openssl ciphers -convert <name>' always returns failure, this patch set the correct return value. Signed-off-by: Tianjia Zhang <[email protected]> Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16383) (cherry picked from commit 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd) * Check for null-pointer dereference in dh_cms_set_peerkey Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16382) * ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint CLA: trivial Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16347) (cherry picked from commit 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33) * Darwin platform allows to build on releases before Yosemite/ios 8. issue #16407 #16408 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16409) * cms: fix memleaks in cms_env.c CLA: trivial Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16403) * Fix instances of pointer addition with the NULL pointer ubsan found undefined pointer addtions in crypto/bio/bss_mem.c (mem_ctrl), crypto/pem/pem_lib.c (PEM_read_bio_ex), test/testutil/format_output.c (test_fail_string_common, test_fail_memory_common). Mostly a straight back-port-of: a07dc81 Additionally enable the ubsan run-checker, to prevent regressions. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Nicola Tuveri <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16423) * Fix enable-asan with C++ buildtest the following config: ./config no-shared enable-asan enable-buildtest-c++ enable-external-tests fails to build with unresolved asan symbols when linking test/ossl_shim/ossl_shim Fixed by passing all sanitizer-flags to cxxflags. Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16434) * Fix the "Out of memory" EVP KDF scrypt test This test did not really execute, since usually the OPENSSL_malloc(0) will fail and prevent the execution of the KDF. Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16446) * Ensure that _GNU_SOURCE is defined for bss_dgram.c This fixes the following error with gcc10 under strict ANSI conditions: .../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32' CLA: trivial Fixes #16449 Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16451) (cherry picked from commit e8e1f6d1a9e599d575431f559200018b8f822e0f) * Fix no-tls1_3 tests This recently added test needs DH2048 to work without tls1_3. Fixes: #16335 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16453) * Add tests for i2d_TYPE_fp and d2i_TYPE_fp These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. @@ Note: This commit limits to ECPKParameters as a type. (cherry picked from commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782) Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/12457) * Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros These functions are part of the public API but we don't have tests covering their usage. They are actually implemented as macros and the absence of tests has caused them to fall out-of-sync with the latest changes to ASN1 related functions and cause compilation warnings. This commit fixes the public headers to reflect these changes. Fixes #12443 (cherry picked from commit cca8a4cedaafe63b0b5729b72133661ece24ff08) Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/12457) * [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID Some curves don't have an associated OID: for those we should not default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. This is a follow-up to https://github.com/openssl/openssl/pull/12312 (cherry picked from commit 7aa3dfc42104588f65301d20324388ac2c9a6b11) Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/12457) * Use applink to fix windows tests (cherry picked from commit <https://github.com/bernd-edlinger/openssl/commit/96a463cede0070aa5c86629d683a214657a9ba9e>) Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Nicola Tuveri <[email protected]> (Merged from https://github.com/openssl/openssl/pull/12457) * Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests Fixes #16428 Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16441) * ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16441) * Openssl fails to compile on Debian with kfreebsd kernels (kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler is: ../crypto/uid.c: In function 'OPENSSL_issetugid': ../crypto/uid.c:50:22: error: 'AT_SECURE' undeclared (first use in this function) 50 | return getauxval(AT_SECURE) != 0; | ^~~~~~~~~ This commit changes the code to use the freebsd code in this case. This fixes the compilation. CLA: trivial Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16477) (cherry picked from commit 3a1fa0116a92235ba200228e4bb60d6a3a7f4113) * doc: document the rsa_oaep_md: pkeyopt This was missing but essential for using non-SHA1 digests with OAEP. Fixes #15998 Manual backport of #16410 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16488) * Prioritise DANE TLSA issuer certs over peer certs When building the certificate chain, prioritise any Cert(0) Full(0) certificates from TLSA records over certificates received from the peer. This is important when the server sends a cross cert, but TLSA records include the underlying root CA cert. We want to construct a chain with the issuer from the TLSA record, which can then match the TLSA records (while the associated cross cert may not). Reviewed-by: Tomáš Mráz <[email protected]> * Test for DANE cross cert fix Reviewed-by: Tomáš Mráz <[email protected]> * test/ec_internal_test: link with libapps.a too Whenever the source from $target{apps_init_src} is added to the source of a test program, it needs to be linked with libapps.a as well. Some init sources depend on that. Without this, builds break on VMS because of the unresolved symbol 'app_malloc'. On platforms that do not need anything from libapps.a, adding it is a no-op. This is for OpenSSL 1.1.1 only. OpenSSL 3.0 and beyond have a different solution. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16512) * VMS: Compensate for compiler type incompatibility The compiler says that 'unsigned long long' isn't the same as 'unsigned __int64'. Sure, and considering that crypto/rand/rand_vms.c is specific VMS only code, it's easy to just change the type to the exact same as what's specified in the system headers. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/15613) * DOCS: Update the page for 'openssl passwd' to not duplicate some info The options -1 and -apr1 were mentioned in DESCRIPTION, not mentioning any other options or even mentioning that there are more algorithms. The simple fix is to remove that sentence and let the OPTIONS section speak for itself. Fixes #16529 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16531) (cherry picked from commit 116799ff6a8fc803ec4685fc432c7329d0511e23) * VMS: Fix misspelt type '__int64', not 'int64_t' Ref: commit 2e5cdbc18a1a26bfc817070a52689886fa0669c2 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16557) * Fix nc_email to check ASN1 strings with NULL byte in the middle Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16524) (cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376) * MacOS prior to 10.12 does not support random API correctly Fixes #16517 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16587) * Clarify what SSL_get_session() does on the server side in TLSv1.3 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16582) (cherry picked from commit 9e51f877930dbd4216438a5da3c9612bf4d0a918) * Correct the documentation for SSL_set_num_tickets() The behaviour for what happens in a resumption connection was not quite described correctly. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16582) (cherry picked from commit 4603b782e6dbed493d2f38db111abc05df66fb99) * ssl: Correct filename in README Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16671) * Add sm2 encryption test case from GM/T 0003.5-2012 Reviewed-by: Nicola Tuveri <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16511) (cherry picked from commit 8ba65c35ea3af347c3b2adc8e665066b541a1c35) * doc/man3/SSL_set_fd.pod: add note about Windows compiler warning According to an old stackoverflow thread [1], citing an even older comment by Andy Polyakov (1875e6db29, Pull up Win64 support from 0.9.8., 2005-07-05), a cast of 'SOCKET' (UINT_PTR) to 'int' does not create a problem, because although the documentation [2] claims that the upper limit is INVALID_SOCKET-1 (2^64 - 2), in practice the socket() implementation on Windows returns an index into the kernel handle table, the size of which is limited to 2^24 [3]. Add this note to the manual page to avoid unnecessary roundtrips to StackOverflow. [1] https://stackoverflow.com/questions/1953639/is-it-safe-to-cast-socket-to-int-under-win64 [2] https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2 [3] https://docs.microsoft.com/en-us/windows/win32/sysinfo/kernel-objects Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16699) (cherry picked from commit f8dd5869bca047a23599ac925aace70efcf487ad) * Fix a NPD bug in engines/e_dasync.c The dasync_aes_128_cbc_hmac_sha1 cipher depends on EVP_aes_128_cbc_hmac_sha1() returning a NON-NULL value. We should simply not advertise this cipher otherwise. Fixes: #7950 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16722) * Fix a memory leak in the afalg engine Fixes: #16743 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16744) (cherry picked from commit 6f6a5e0c7c41b6b3639e51f435cd98bb3ae061bc) * Fix some possible memory leaks in EVP_CipherInit_ex An EVP_CONTEXT with zero cipher but non-zero engine, and/or cipher_data is possible if an error happens in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling will just clear the cipher in that case. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16756) * Fix double-free in e_dasync.c When the cipher is copied, the inner_cihper_data need to be copied as well, using the EVP_CTRL_COPY method. The EVP_CIPH_CUSTOM_COPY bit needs to be set as well. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16751) * Bindhost/bindport should be freed Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16775) (cherry picked from commit 0ce0c455862ed29bd7f2acdbddbe8d0b1783c1c9) * New extensions can be sent in a certificate request Normally we expect a client to send new extensions in the ClientHello, which may be echoed back by the server in subsequent messages. However the server can also send a new extension in the certificate request message to be echoed back in a certificate message Fixes #16632 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16634) (cherry picked from commit cbb862fbaaa1ec5a3e33836bc92a6dbea97ceba0) * Extend custom extension testing Test the scenario where we add a custom extension to a cetificate request and expect a response in the client's certificate message. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16634) (cherry picked from commit 0db3a9904fa00569905be130854a31dab7b8f49d) * Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries It's a small change to the 'nm' call, to have it look at dynamic symbols rather than the normal ones. Fixes #16810 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16822) (cherry picked from commit a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c) * Fix test/recipes/01-test_symbol_presence.t to disregard version info The output of 'nm -DPg' contains version info attached to the symbols, which makes the test fail. Simply dropping the version info makes the test work again. Fixes #16810 (followup) Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16840) (cherry picked from commit 73970cb91fdf8e7b4b434d479b875a47a0aa0dbc) * test/ssl_old_test.c: Fix potential leak Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16806) (cherry picked from commit 34563be5368fb8e6ade7d06d8376522ba83cd6ac) * Ensure pkey_set_type handles ENGINE references correctly pkey_set_type should not consume the ENGINE references that may be passed to it. Fixes #16757 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16860) * Add tests for ENGINE problems Add some tests which would have caught the issues fixed in the previous commit related to engine handling. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16860) * Fix some documentation errors related to return values Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16794) (cherry picked from commit f1d077f1108b1bc2334350a4d53a46e29e082910) * Fix BIO_get_md_ctx return value check Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16792) * Fix the s_server psk_server_cb for use in DTLS Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16838) (cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c) * Fix no-cmac Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16894) (cherry picked from commit ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604) * Fix a gcc 11.2.0 warning gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning when compiling test/packettest.c, which causes --strict-warnings builds to fail. A simple fix avoids the warning. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16887) (cherry picked from commit 37467b2752f75ce80437120f704452982b7c1998) * speed: range check the argument given to -multi for 1.1.1 Fixes #16899 for 1.1.1 branch. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16922) * check the return value of BN_new() and BN_dup() Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16948) (cherry picked from commit d99004fe5de934120765d342586f08d22131b8ed) * Fix a memory leak in tls_parse_stoc_key_share Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16957) * Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16955) * Fix: invoking x509_name_cannon improperly Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16974) (cherry picked from commit 09235289c377ff998964bb6b074bb2a3ad768fd2) * Reset the rwstate before calling ASYNC_start_job() If an async job pauses while processing a TLS connection then the rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should reset the rwstate back to SSL_NOTHING. In fact we can do this unconditionally since if we're about to call ASYNC_start_job() then either we are about to start the async job for the first time (in which case the rwstate should already by SSL_NOTHING), or we are restarting it after a pause (in which case reseting it to SSL_NOTHING is the correct action). Fixes #16809 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17013) (cherry picked from commit 07f620e3acf0dd76a3a03ada9911c544aa483aa7) * free the Post-Handshake Auth digest when there is an error saving the digest Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16924) * evp: fix EVP_PKEY_get0_EC_KEY when EC_KEY is SM2 EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) will change pkey->type to EVP_PKEY_SM2 CLA: trivial Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17015) * Avoid loading of a dynamic engine twice Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0) * ERR: Add a missing common reason string There was no string present for ERR_R_PASSED_INVALID_ARGUMENT Reviewed-by: David von Oheimb <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17069) * Add a test case for duplicate engine loading Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17083) * DOC: Add a few previously documented functions d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp() were documented in OpenSSL 1.0.2. In a grand unification of the documentation of (almost) all d2i and i2d functions, these were dropped, most likely by mistake. This simply adds them back. Fixes #17091 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17093) * Fix detection of ARMv7 and ARM64 CPU features on FreeBSD OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25 Switch to using AT_HWCAP, and setting it to 16 if it is not defined. OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT resulting in all ARM acceleration features being disabled. CLA: trivial Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17082) (cherry picked from commit c1dabe26e3e96cdce0ffc929e9677840ad089ba5) * Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs The restriction about setting a tag length prior to setting the IV only applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG can be called. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17111) (cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00) * doc: fix macro name OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT. Fixes #17121 Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17125) (cherry picked from commit 01fde90eec721b64bc0e1c01cd94a9fd431adcc6) * BIO_push.pod: fix confusing text and add details on corner cases Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17086) (cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069) * Fix speed, use OPENSSL_free instead of free Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17132) * TEST: Enable and fix test_bn2padded() in test/bntest.c This looks like old code, written when the padded variety of BN_bn2bin() was developped, and disabled by default... and forgotten. A few simple changes to update it to the current API is all that was needed to enable it. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17133) (cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51) * No EtM for GOST ciphers Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17158) * Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17135) * BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17135) * Fix documentation for tlsext_ticket_key The tlsext_ticket_key functions are documented as returning 0 on success. In fact they return 1 on success. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17210) (cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33) * OBJ_nid2obj.pod: Replace remaining 'B<' by 'I<' were appropriate Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17221) * Fix a deadlock in OBJ_NAME_add This happened after an out of memory error: CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17236) * CI: Replace windows-2016 with windows-2022 Windows 2016 environment is going to be discontinued. We also replace windows-latest with windows-2019 so there aren't two identical builds done once windows-latest is switched to mean windows-2022. Fixes #17177 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17211) * Fix faulty detail in BN_rand() manual Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17131) * Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets bn_sqr_comba8 does for instance compute a wrong result for the value: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 The correct result is: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 but the actual result was: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 so the forth word of the result was 0x75be8e3c but should have been 0x75be8e3d instead. Likewise bn_sqr_comba4 has an identical bug for the same value as well: a=0x022181ba fd3aa878 899b2346 ee210f45 correct result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 wrong result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 Fortunately the bn_mul_comba4/8 code paths are not affected. Also the mips64 target does in fact not handle the carry propagation correctly. Example: a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000 022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001 correct result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 wrong result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17258) (cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) * Add some CHANGES entries for 1.1.1m Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17269) * Update copyright year Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17271) * Update NEWS for 1.1.1m Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17273) * Prepare for 1.1.1m release Reviewed-by: Richard Levitte <[email protected]> * Prepare for 1.1.1n-dev Reviewed-by: Richard Levitte <[email protected]> * Fix the null pointer dereference Fixed #17296 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17302) * Fix Configure variable spill * Evaluating code-refs in Configure can sometimes set the default variable `$_` * Prevent spillage influencing the target property by using named variable in loop CLA: trivial Fixes gh-17321 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17322) (cherry picked from commit a595e3286ae9f033c56452967b3add2145f9085f) * document additional stack push error code Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17351) * Ensure s_client sends SNI data when used with -proxy The use of -proxy prevented s_client from correctly sending the target hostname as SNI data. Fixes #17232 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17249) * Add support for BSD-riscv64 target Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Paul Dale <[email protected]> (cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15) (cherry picked from commit fb72a093f88f7332069659994b67f6b19aceb865) (Merged from https://github.com/openssl/openssl/pull/17341) * OBJ_obj2txt(): fix off-by-one documentation of the result This backports the doc improvements of #17188. Reviewed-by: Tomas Mraz <[email protected]> (cherry picked from commit e36d10925396b6519e1abd338e1ef62cd5b1c9e6) * Update troublesome copyright years of auto-generated files to 2022 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17401) * apps/passwd.c: free before error exiting use goto instead of returning directly while error handling Signed-off-by: Peiwei Hu <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17404) (cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac) * close_console: Always unlock as the lock is always held Fixes #17364 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17395) * Fix password_callback to handle short passwords Fixes #17426 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17439) * Remove unsafe call to OPENSSL_cpuid_setup This function is inherently thread-unsafe, and moreover it is unnecessary here, because OPENSSL_init_crypto always calls it in a thread-safe way. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17468) * Fix a leak in EVP_DigestInit_ex() If an EVP_MD_CTX is reused then memory allocated and stored in md_data can be leaked unless the EVP_MD's cleanup function is called. Fixes #17149 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17472) * Add a test for a custom digest created via EVP_MD_meth_new() We check that the init and cleanup functions for the custom method are called as expected. Based on an original reproducer by Dmitry Belyavsky from issue #17149. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17472) * lhash: Avoid 32 bit right shift of a 32 bit value Fixes #17583 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17589) (cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80) * Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose The function X509_STORE_CTX_purpose_inherit() can be called with a 0 default purpose. If the main purpose was set to X509_PURPOSE_ANY this would case the function to incorrectly return an error response. Fixes #17367 Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Add a test for X509_STORE_CTX_set_purpose() This function was previously incorrectly failing if it is called with X509_PURPOSE_ANY. Add a test to catch this. Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Document purpose and trust setting functions In particular: X509_STORE_CTX_set_purpose() X509_STORE_CTX_set_trust(); X509_STORE_CTX_purpose_inherit(); Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Fix builds with DJGPP CLA: trivial To get the master branch compiled with DJGPP some minor adjustments are required. They will have no impact on any other ports. The DJGPP port uses the Watt-32 library to provide the required network functionality and some of its headers need to be included. Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c. In the DJGPP section of include/internal/sockets.h the following Watt-32 headers must be added: - arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c - netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17623) (cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde) * Don't link test/ec_internal_test with libapps.a It's not at all necessary, and on some platforms, it's disruptive (leads to unresolved symbols because of object files that get included in the link that depend on libssl). Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17637) * Correct return type for BIO_ptr_ctrl Fixes #17549 CLA: trivial Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17636) (cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459) * scrypt: increase memory usage beyond limit This brings these tests in line with 3.0 and master and makes them fail correctly. Fixes #17612 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17619) * Prevent crash with engine using different openssl runtime This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes #15898 Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17541) * Check for presence of 3.x openssl runtime if the newly loaded engine contains the symbol EVP_PKEY_get_base_id, we know it is linked to 3.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17541) * crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup Since the potential failure of memory allocation, it should be better to check the return value of the OPENSSL_strndup(), like x509v3_add_len_value(). And following the comment of 'if (astrlen < 0)', return -1 if fails. Signed-off-by: Jiasheng Jiang <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17737) (cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef) * Improve documentation of BIO_FLAGS_BASE64_NO_NL flag. Fixes #12491. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17744) (cherry picked from commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5) * Fix NULL pointer dereference for BN_mod_exp2_mont This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer if BIGNUM argument m represents zero. Regression test added. Fixes #17648. Backport from master to 1.1. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17787) * VMS: move copy_argc to its own module and make it an aux source copy_argv was never initialization code. Make it self-cleaning too. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17746) * [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias `SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already marked as aliases of each other in the headers. This commit, for each pair, replaces the leftover uses of the latter synonym with the first one, which is considered more common. (manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3 Fixes #17743 (manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 (manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * Document bug in openssl cms -binary Documents a bug in openssl cms -binary for 1.1 whereby it cannot process input using LF line endings correctly. Binary input processing was reworked substantially for 3.0 and backporting these changes doesn't appear reasonable. Fixes #17797. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17810) * Avoid potential memory leak Resolves #17827 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17828) (cherry picked from commit 175355923046921a689b500f7a72455f7095708f) * Set protocol in init_client() If TCP is being used, protocol = 0 is passed to init_client(), then protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17838) (cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878) * Fix issue where OBJ_nid2obj doesn't always raise an error This was previously fixed in 3.0 but not 1.1. Fixes #13008. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17808) * DOC: TLS compression is disabled by default Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matthias St. Pierre <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17854) (cherry picked from commit 2cb52118ddd1d82d7b6028372238eaa2467bbd48) * Fix OPENSSL_ENGINES in Configurations/descrip.mms.tmpl Make its value an absolute path. This was already fixed in all other build file templates, but for some reason, not here. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17865) * Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17861) (cherry picked from commit abdb2278d2b65ae87bee3121be83322e4219b396) * Fix possible infinite loop in BN_mod_sqrt() The calculation in some cases does not finish for non-prime p. This fixes CVE-2022-0778. Based on patch by David Benjamin <[email protected]>. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add documentation of BN_mod_sqrt() Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add a negative testcase for BN_mod_sqrt Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Update CHANGES/NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Update copyright year Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Prepare for 1.1.1n release Reviewed-by: Tomas Mraz <[email protected]> * Prepare for 1.1.1o-dev Reviewed-by: Tomas Mraz <[email protected]> * Check password length only when verify is enabled. Fixes #16231. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17899) * eng_dyn: Avoid spurious errors when checking for 3.x engine Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17902) * print SSL session, fix build warnings on OpenBSD. time_t is a 64 bits type on this platform. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17917) (cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d) * Fix coverity 1498607: uninitialised value Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17897) (cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63) * Fix Coverity 1498611 & 1498608: uninitialised read Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17893) (cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267) * Fix Coverity 1201763 uninitialised pointer read Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17890) (cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9) * Fix integer overflow in evp_EncryptDecryptUpdate Fixes #17871. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17872) * Fix Coverity 1498612: integer overflow The assert added cannot ever fail because (current & 0xFFFF) != 0 from the while loop and the trailing zero bit count therefore cannot be as large as 32. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17892) (cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e) * s390x: Hide internal cpuid symbol and function The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not exported by the version script of OpenSSL. However, if someone uses the static library without the version script, these symbols all of a sudden become global symbols and their usage in assembler code does not correctly reflect that for PIC. Since these symbols should never be used outside of OpenSSL, hide them inside the binary. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17946) (cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1) * ticket_lifetime_hint may exceed 1 week in TLSv1.3 For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446 Fixes #17948 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17952) (cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492) * Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3 libctx was left in cherry-pick from master/3.0 cherry-pick Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17970) * tls_process_server_hello: Disallow repeated HRR Repeated HRR must be rejected. Fixes #17934 Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef) * Test processing of a duplicated HRR Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit db44b55aaa42141921217183667800425227b658) * Fix usage of SSLfatal A cherry-pick from the master branch incorrectly introduced a usage of 3 argument SSLfatal. In 1.1.1 the function code is also required. Fixes #17999 Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18000) * Fix failure to check result of bn_rshift_fixed_top Fixes #18010. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18034) (cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe) * err: fix crash in ERR_load_strings() when configured with no-err This commit removes the entire initialization and cleanup of the error string hash table (`int_error_hash`) if `no-err` is configured. The only operative function remaining is `ERR_get_next_error_library()`. That is the reason why the `err_string_lock` and hence the `do_err_strings_init()` function can't be removed entirely. Fixes #17971 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * err: fix indentation of preprocessor directive Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * err: get rid of err_free_strings_int() Even though the function is not part of the public api, it is not entirely removed, in order to minimize the chance of breakage, because it is exported from libcrypto. Instead, we keep a dummy implementation. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * Fix -no-tls1_2 in tests This is specific for OpenSSL_1_1_1-stable branch Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18080) * Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION This causes the DTLS server to enter an error state: ./openssl s_server -dtls ./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt [...] Q ./openssl s_client -dtls -sess_in s1.txt CONNECTED(00000003) ^C ./openssl s_client -dtls CONNECTED(00000003) 140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 At this point the dtls server needs to be restarted, because verify_cookie_callback always fails, because the previous cookie is checked against the current one. The reason for this is not fully understood. In wireshark we see the following each time: c->s Client Hello (without cookie) s->c Hello Verify Request (with new cookie) s->c Alert (Level: Fatal, Description: Handshake Failure) c->s Client Hello (echoes new cookie) The client gives up when the Alert arrives. The Alert is triggered because the server calls verify_cookie_callback with the previous cookie, although it just sent the current cookie in the Hello Verify Request. However this does only happen because no Alert message is sent when the client re-connects the session with the missing -maxfraglen option. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18094) * Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18093) (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103) * x509: use actual issuer name if a CA is used Fixes openssl#16080. Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18129) * Revert "[github-ci][ci.yml] Disable pyca external tests" This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * [github-ci] Sync pyca workflow with master Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * add wycheproof submodule This is used with the pyca/cryptography test suite (cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * c_rehash: Do not use shell to invoke openssl Except on VMS where it is safe. This fixes CVE-2022-1292. Reviewed-by: Matthias St. Pierre <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add additional keys to release key fingerprints Added keys for Paul Dale and Tomáš Mráz. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18156) * Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Update copyright year Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Prepare for 1.1.1o release Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Prepare for 1.1.1p-dev Reviewed-by: Tomas Mraz <[email protected]> Release: yes * (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions Backport of #18038 to 1.1. Fixes #18035. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18190) * 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17085) * Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) * Add test for empty supported-groups extension Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) * Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret. Consider a weaker leakage model(CL) where only cacheline base address is leaked, i.e address/32 for 32-byte cacheline(CL32). Previous code used to perform two loads 1. rotated_mac[rotate_offset ^ 32] and 2. rotated_mac[rotate_offset++] which would leak 2q + 1, 2q for 0 <= rotate_offset < 32 and 2q, 2q + 1 for 32 <= rotate_offset < 64 The proposed fix performs load operations which will always leak 2q, 2q + 1 and selects the appropriate value in constant-time. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18050) * s_serve: Report an error if init-connection fails without an attempt to read. Fixes: openssl#18047. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18283) * Backport some fuzzing data files from master This is a backport of the following commit from master: commit 415e6ac80405e13b20b083315747e431274fbd33 Author: Tavis Ormandy <[email protected]> Date: Tue Sep 21 15:48:27 2021 -0700 increase x509 code coverage metrics Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16651) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) * Backport a missing bug-fix from master This is a backport of the following commit from master: commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 Author: Matt Caswell <[email protected]> Date: Thu Nov 19 13:58:21 2020 +0000 Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/13452) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) * Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18360) (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483) * Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 i…
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Jan 27, 2023
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
rsbeckerca
referenced
this pull request
in ituglib/openssl-1.1.1
Feb 7, 2023
commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe Author: Randall S. Becker <[email protected]> Date: Wed Nov 2 12:49:30 2022 -0600 Squashed commit of the following: commit 1b3fb89163127047b0f99412b8a31522215b3bea Author: Randall S. Becker <[email protected]> Date: Tue Oct 11 11:17:39 2022 -0600 Squashed commit of the following: commit 6fd6179191702eb0562ccbfb22a37405c669b90e Author: Randall S. Becker <[email protected]> Date: Tue Jul 5 17:50:13 2022 -0400 Missed include on NonStop for memcmp in test/v3ext.c commit d97281f16602e50f040756029b555645315253df Author: Randall S. Becker <[email protected]> Date: Tue Jul 5 10:37:54 2022 -0400 Squashed commit of the following: commit 29708a562a1887a91de0fa6ca668c71871accde9 Author: Richard Levitte <[email protected]> Date: Tue Jul 5 11:08:33 2022 +0200 Prepare for 1.1.1q release Reviewed-by: Paul Dale <[email protected]> Release: yes commit 95a17c0ead00885452d13309eaffd04c1737d05d Author: Richard Levitte <[email protected]> Date: Tue Jul 5 10:33:00 2022 +0200 Update copyright year Reviewed-by: Paul Dale <[email protected]> Release: yes commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e Author: Richard Levitte <[email protected]> Date: Tue Jul 5 10:25:00 2022 +0200 Update CHANGES and NEWS for upcoming release 1.1.1q Reviewed-by: Paul Dale <[email protected]> Release: yes commit 9131afdca30b6d1650af9ea6179569a80ab8cb06 Author: Alex Chernyakhovsky <[email protected]> Date: Thu Jun 16 12:02:37 2022 +1000 AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <[email protected]> Co-authored-by: David Benjamin <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> commit 919925673d6c9cfed3c1085497f5dfbbed5fc431 Author: Alex Chernyakhovsky <[email protected]> Date: Thu Jun 16 12:00:22 2022 +1000 Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grandloop") and then proceeds to handle the "short" tail (which can be anywhere from 0 to 5 blocks) that remain. As part of initialization, the assembly initializes $len to the true length, less 96 bytes and converts it to a pointer so that the $inp can be compared to it. Each iteration of "grandloop" checks to see if there's a full 96-byte chunk to process, and if so, continues. Once this has been exhausted, it falls through to "short", which handles the remaining zero to five blocks. Unfortunately, the jump at the end of "grandloop" had a fencepost error, doing a `jb` ("jump below") rather than `jbe` (jump below or equal). This should be `jbe`, as $inp is pointing to the *end* of the chunk currently being handled. If $inp == $len, that means that there's a whole 96-byte chunk waiting to be handled. If $inp > $len, then there's 5 or fewer 16-byte blocks left to be handled, and the fall-through is intended. The net effect of `jb` instead of `jbe` is that the last 16-byte block of the last 96-byte chunk was completely omitted. The contents of `out` in this position were never written to. Additionally, since those bytes were never processed, the authentication tag generated is also incorrect. The same fencepost error, and identical logic, exists in both aesni_ocb_encrypt and aesni_ocb_decrypt. This addresses CVE-2022-2097. Co-authored-by: Alejandro Sedeño <[email protected]> Co-authored-by: David Benjamin <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1 Author: slontis <[email protected]> Date: Fri Jul 1 13:47:11 2022 +1000 Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18697) (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b) commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4 Author: xkernel <[email protected]> Date: Mon Jun 20 17:46:39 2022 +0800 v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18608) (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9) commit a1d80edcf830739131e0567dc03b1e80b7988b1e Author: Matt Caswell <[email protected]> Date: Fri Jun 10 15:58:58 2022 +0100 Fix range_should_be_prefix() to actually return the correct result range_should_be_prefix() was misidentifying whether an IP address range should in fact be represented as a prefix. This was due to a bug introduced in commit 42d7d7dd which made this incorrect change: - OPENSSL_assert(memcmp(min, max, length) <= 0); + if (memcmp(min, max, length) <= 0) + return -1; This error leads to incorrect DER being encoded/accepted. Reported by Theo Buehler (@botovq) Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18524) (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae) (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841) commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a Author: Bernd Edlinger <[email protected]> Date: Fri Jun 17 10:25:24 2022 +0200 Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232) commit 882573246695088d65956355ca6c954642dcac31 Author: olszomal <[email protected]> Date: Fri Jun 17 15:01:11 2022 +0200 SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *' Fix the documentation. CLA: trivial Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18599) (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50) commit 6c8879c8bf6030666c851623f93fff03c1266715 Author: Bernd Edlinger <[email protected]> Date: Wed Jun 22 17:05:55 2022 +0200 Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #23 0x402afb in testfile fuzz/test-corpus.c:182 #24 0x402656 in main fuzz/test-corpus.c:226 #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Kurt Roeckx <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18632) commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3 Author: Matt Caswell <[email protected]> Date: Tue Jun 21 14:39:48 2022 +0100 Prepare for 1.1.1q-dev Reviewed-by: Richard Levitte <[email protected]> Release: yes commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d Author: Matt Caswell <[email protected]> Date: Tue Jun 21 14:39:39 2022 +0100 Prepare for 1.1.1p release Reviewed-by: Richard Levitte <[email protected]> Release: yes commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae Author: Matt Caswell <[email protected]> Date: Tue Jun 21 14:07:32 2022 +0100 Update copyright year Reviewed-by: Richard Levitte <[email protected]> Release: yes commit 51e06520734063d6f52b2e596e1089d36d3781e7 Author: Matt Caswell <[email protected]> Date: Mon Jun 20 14:14:20 2022 +0100 Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Release: yes commit 9639817dac8bbbaa64d09efad7464ccc405527c7 Author: Daniel Fiala <[email protected]> Date: Sun May 29 20:11:24 2022 +0200 Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d Author: Fraser Tweedale <[email protected]> Date: Wed Jun 15 10:50:57 2022 +1000 Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18568) (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83) commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20 Author: Tomas Mraz <[email protected]> Date: Thu Jun 9 16:20:05 2022 +0200 Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18511) commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc Author: Tomas Mraz <[email protected]> Date: Thu Jun 9 12:34:55 2022 +0200 Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18511) commit 8f078819556da83c15751678c39558a59bc746fc Author: Matt Caswell <[email protected]> Date: Thu Jun 9 16:57:30 2022 +0100 Fix a crash in X509v3_asid_subset() If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Todd Short <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18514) (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82) commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b Author: Tomas Mraz <[email protected]> Date: Thu Jun 2 18:12:05 2022 +0200 Update further expiring certificates that affect tests Namely the smime certificates used in test_cms will expire soon and affect tests. Fixes #15179 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18481) commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe Author: Tomas Mraz <[email protected]> Date: Tue Mar 29 13:31:34 2022 +0200 Fix strict client chain check with TLS-1.3 When TLS-1.3 is used and the server does not send any CA names the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null argument. Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17986) (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f) commit b7ce611887cfac633aacc052b2e71a7f195418b8 Author: Tomas Mraz <[email protected]> Date: Wed Jun 1 13:06:46 2022 +0200 ct_test.c: Update the epoch time Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18446) commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908 Author: Tomas Mraz <[email protected]> Date: Wed Jun 1 12:47:44 2022 +0200 Update expired SCT certificates Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18446) commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 Author: Bernd Edlinger <[email protected]> Date: Sat May 21 07:50:46 2022 +0200 Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #24 0x402bbb in testfile fuzz/test-corpus.c:182 #25 0x402626 in main fuzz/test-corpus.c:226 #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #29 0x402bbb in testfile fuzz/test-corpus.c:182 #30 0x402626 in main fuzz/test-corpus.c:226 #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18391) (cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8) commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6 Author: Bernd Edlinger <[email protected]> Date: Sun May 22 20:12:56 2022 +0200 Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044) commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Author: Bernd Edlinger <[email protected]> Date: Sat May 21 15:41:46 2022 +0200 Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18370) commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb Author: Bernd Edlinger <[email protected]> Date: Fri May 20 16:54:41 2022 +0200 Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18363) commit 8e1ece20cdb4a584be5311370256c4e813c09826 Author: Bernd Edlinger <[email protected]> Date: Fri May 20 16:15:44 2022 +0200 Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18361) commit 8e60f41d064786f95440e4c56660ffe9777783d7 Author: Bernd Edlinger <[email protected]> Date: Fri May 20 08:02:47 2022 +0200 Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18360) (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483) commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Author: Bernd Edlinger <[email protected]> Date: Thu May 19 15:50:28 2022 +0200 Backport a missing bug-fix from master This is a backport of the following commit from master: commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 Author: Matt Caswell <[email protected]> Date: Thu Nov 19 13:58:21 2020 +0000 Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/13452) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59 Author: Bernd Edlinger <[email protected]> Date: Thu May 19 10:59:25 2022 +0200 Backport some fuzzing data files from master This is a backport of the following commit from master: commit 415e6ac80405e13b20b083315747e431274fbd33 Author: Tavis Ormandy <[email protected]> Date: Tue Sep 21 15:48:27 2021 -0700 increase x509 code coverage metrics Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16651) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) commit e04ba889594d84a8805f3d0caeadf0527470e508 Author: Daniel Fiala <[email protected]> Date: Tue May 10 08:46:37 2022 +0000 s_serve: Report an error if init-connection fails without an attempt to read. Fixes: openssl#18047. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18283) commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8 Author: basavesh <[email protected]> Date: Tue Apr 5 17:49:09 2022 +0200 Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret. Consider a weaker leakage model(CL) where only cacheline base address is leaked, i.e address/32 for 32-byte cacheline(CL32). Previous code used to perform two loads 1. rotated_mac[rotate_offset ^ 32] and 2. rotated_mac[rotate_offset++] which would leak 2q + 1, 2q for 0 <= rotate_offset < 32 and 2q, 2q + 1 for 32 <= rotate_offset < 64 The proposed fix performs load operations which will always leak 2q, 2q + 1 and selects the appropriate value in constant-time. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18050) commit c7d6c08290b67cbeef2b4f636f04788ea405520a Author: Tomas Mraz <[email protected]> Date: Fri Apr 29 17:02:19 2022 +0200 Add test for empty supported-groups extension Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad Author: Tomas Mraz <[email protected]> Date: Fri Apr 29 16:36:36 2022 +0200 Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) commit ac2d4cb656b3a796db3dc6f8873e91e67907372d Author: Allan Jude <[email protected]> Date: Fri Nov 19 19:06:52 2021 +0000 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17085) commit ec1b4bf26c1b2440546f323873c578374f60b2de Author: Hugo Landau <[email protected]> Date: Wed Apr 27 10:11:08 2022 +0100 (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions Backport of #18038 to 1.1. Fixes #18035. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18190) commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2 Author: Matt Caswell <[email protected]> Date: Tue May 3 14:41:23 2022 +0100 Prepare for 1.1.1p-dev Reviewed-by: Tomas Mraz <[email protected]> Release: yes commit 5ea6414f0bf861e8fece53b5bf35c849bad64774 Author: Randall S. Becker <[email protected]> Date: Wed Jun 22 06:26:40 2022 -0600 Squashed commit of the following: commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d Author: Matt Caswell <[email protected]> Date: Tue Jun 21 14:39:39 2022 +0100 Prepare for 1.1.1p release Reviewed-by: Richard Levitte <[email protected]> Release: yes commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae Author: Matt Caswell <[email protected]> Date: Tue Jun 21 14:07:32 2022 +0100 Update copyright year Reviewed-by: Richard Levitte <[email protected]> Release: yes commit 51e06520734063d6f52b2e596e1089d36d3781e7 Author: Matt Caswell <[email protected]> Date: Mon Jun 20 14:14:20 2022 +0100 Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Release: yes commit 9639817dac8bbbaa64d09efad7464ccc405527c7 Author: Daniel Fiala <[email protected]> Date: Sun May 29 20:11:24 2022 +0200 Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d Author: Fraser Tweedale <[email protected]> Date: Wed Jun 15 10:50:57 2022 +1000 Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18568) (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83) commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20 Author: Tomas Mraz <[email protected]> Date: Thu Jun 9 16:20:05 2022 +0200 Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18511) commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc Author: Tomas Mraz <[email protected]> Date: Thu Jun 9 12:34:55 2022 +0200 Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18511) commit 8f078819556da83c15751678c39558a59bc746fc Author: Matt Caswell <[email protected]> Date: Thu Jun 9 16:57:30 2022 +0100 Fix a crash in X509v3_asid_subset() If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Todd Short <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18514) (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82) commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b Author: Tomas Mraz <[email protected]> Date: Thu Jun 2 18:12:05 2022 +0200 Update further expiring certificates that affect tests Namely the smime certificates used in test_cms will expire soon and affect tests. Fixes #15179 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18481) commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe Author: Tomas Mraz <[email protected]> Date: Tue Mar 29 13:31:34 2022 +0200 Fix strict client chain check with TLS-1.3 When TLS-1.3 is used and the server does not send any CA names the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null argument. Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17986) (cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f) commit b7ce611887cfac633aacc052b2e71a7f195418b8 Author: Tomas Mraz <[email protected]> Date: Wed Jun 1 13:06:46 2022 +0200 ct_test.c: Update the epoch time Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18446) commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908 Author: Tomas Mraz <[email protected]> Date: Wed Jun 1 12:47:44 2022 +0200 Update expired SCT certificates Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18446) commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 Author: Bernd Edlinger <[email protected]> Date: Sat May 21 07:50:46 2022 +0200 Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in a…
tmshort
pushed a commit
to tmshort/openssl
that referenced
this pull request
Feb 7, 2023
mamckee
pushed a commit
to mamckee/openssl
that referenced
this pull request
Feb 16, 2023
* VMS: Fix misspelt type '__int64', not 'int64_t' Ref: commit 2e5cdbc18a1a26bfc817070a52689886fa0669c2 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16557) * Fix nc_email to check ASN1 strings with NULL byte in the middle Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16524) (cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376) * MacOS prior to 10.12 does not support random API correctly Fixes #16517 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16587) * Clarify what SSL_get_session() does on the server side in TLSv1.3 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16582) (cherry picked from commit 9e51f877930dbd4216438a5da3c9612bf4d0a918) * Correct the documentation for SSL_set_num_tickets() The behaviour for what happens in a resumption connection was not quite described correctly. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16582) (cherry picked from commit 4603b782e6dbed493d2f38db111abc05df66fb99) * ssl: Correct filename in README Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16671) * Add sm2 encryption test case from GM/T 0003.5-2012 Reviewed-by: Nicola Tuveri <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16511) (cherry picked from commit 8ba65c35ea3af347c3b2adc8e665066b541a1c35) * doc/man3/SSL_set_fd.pod: add note about Windows compiler warning According to an old stackoverflow thread [1], citing an even older comment by Andy Polyakov (1875e6db29, Pull up Win64 support from 0.9.8., 2005-07-05), a cast of 'SOCKET' (UINT_PTR) to 'int' does not create a problem, because although the documentation [2] claims that the upper limit is INVALID_SOCKET-1 (2^64 - 2), in practice the socket() implementation on Windows returns an index into the kernel handle table, the size of which is limited to 2^24 [3]. Add this note to the manual page to avoid unnecessary roundtrips to StackOverflow. [1] https://stackoverflow.com/questions/1953639/is-it-safe-to-cast-socket-to-int-under-win64 [2] https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2 [3] https://docs.microsoft.com/en-us/windows/win32/sysinfo/kernel-objects Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16699) (cherry picked from commit f8dd5869bca047a23599ac925aace70efcf487ad) * Fix a NPD bug in engines/e_dasync.c The dasync_aes_128_cbc_hmac_sha1 cipher depends on EVP_aes_128_cbc_hmac_sha1() returning a NON-NULL value. We should simply not advertise this cipher otherwise. Fixes: #7950 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16722) * Fix a memory leak in the afalg engine Fixes: #16743 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16744) (cherry picked from commit 6f6a5e0c7c41b6b3639e51f435cd98bb3ae061bc) * Fix some possible memory leaks in EVP_CipherInit_ex An EVP_CONTEXT with zero cipher but non-zero engine, and/or cipher_data is possible if an error happens in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling will just clear the cipher in that case. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16756) * Fix double-free in e_dasync.c When the cipher is copied, the inner_cihper_data need to be copied as well, using the EVP_CTRL_COPY method. The EVP_CIPH_CUSTOM_COPY bit needs to be set as well. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16751) * Bindhost/bindport should be freed Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16775) (cherry picked from commit 0ce0c455862ed29bd7f2acdbddbe8d0b1783c1c9) * New extensions can be sent in a certificate request Normally we expect a client to send new extensions in the ClientHello, which may be echoed back by the server in subsequent messages. However the server can also send a new extension in the certificate request message to be echoed back in a certificate message Fixes #16632 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16634) (cherry picked from commit cbb862fbaaa1ec5a3e33836bc92a6dbea97ceba0) * Extend custom extension testing Test the scenario where we add a custom extension to a cetificate request and expect a response in the client's certificate message. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16634) (cherry picked from commit 0db3a9904fa00569905be130854a31dab7b8f49d) * Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries It's a small change to the 'nm' call, to have it look at dynamic symbols rather than the normal ones. Fixes #16810 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16822) (cherry picked from commit a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c) * Fix test/recipes/01-test_symbol_presence.t to disregard version info The output of 'nm -DPg' contains version info attached to the symbols, which makes the test fail. Simply dropping the version info makes the test work again. Fixes #16810 (followup) Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16840) (cherry picked from commit 73970cb91fdf8e7b4b434d479b875a47a0aa0dbc) * test/ssl_old_test.c: Fix potential leak Reviewed-by: Kurt Roeckx <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16806) (cherry picked from commit 34563be5368fb8e6ade7d06d8376522ba83cd6ac) * Ensure pkey_set_type handles ENGINE references correctly pkey_set_type should not consume the ENGINE references that may be passed to it. Fixes #16757 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16860) * Add tests for ENGINE problems Add some tests which would have caught the issues fixed in the previous commit related to engine handling. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16860) * Fix some documentation errors related to return values Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16794) (cherry picked from commit f1d077f1108b1bc2334350a4d53a46e29e082910) * Fix BIO_get_md_ctx return value check Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16792) * Fix the s_server psk_server_cb for use in DTLS Commit 0007ff257c added a protocol version check to psk_server_cb but failed to take account of DTLS causing DTLS based psk connections to fail. Fixes #16707 Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16838) (cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c) * Fix no-cmac Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16894) (cherry picked from commit ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604) * Fix a gcc 11.2.0 warning gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning when compiling test/packettest.c, which causes --strict-warnings builds to fail. A simple fix avoids the warning. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16887) (cherry picked from commit 37467b2752f75ce80437120f704452982b7c1998) * speed: range check the argument given to -multi for 1.1.1 Fixes #16899 for 1.1.1 branch. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16922) * check the return value of BN_new() and BN_dup() Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16948) (cherry picked from commit d99004fe5de934120765d342586f08d22131b8ed) * Fix a memory leak in tls_parse_stoc_key_share Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16957) * Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16955) * Fix: invoking x509_name_cannon improperly Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16974) (cherry picked from commit 09235289c377ff998964bb6b074bb2a3ad768fd2) * Reset the rwstate before calling ASYNC_start_job() If an async job pauses while processing a TLS connection then the rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should reset the rwstate back to SSL_NOTHING. In fact we can do this unconditionally since if we're about to call ASYNC_start_job() then either we are about to start the async job for the first time (in which case the rwstate should already by SSL_NOTHING), or we are restarting it after a pause (in which case reseting it to SSL_NOTHING is the correct action). Fixes #16809 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17013) (cherry picked from commit 07f620e3acf0dd76a3a03ada9911c544aa483aa7) * free the Post-Handshake Auth digest when there is an error saving the digest Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16924) * evp: fix EVP_PKEY_get0_EC_KEY when EC_KEY is SM2 EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) will change pkey->type to EVP_PKEY_SM2 CLA: trivial Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17015) * Avoid loading of a dynamic engine twice Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0) * ERR: Add a missing common reason string There was no string present for ERR_R_PASSED_INVALID_ARGUMENT Reviewed-by: David von Oheimb <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17069) * Add a test case for duplicate engine loading Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17083) * DOC: Add a few previously documented functions d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp() were documented in OpenSSL 1.0.2. In a grand unification of the documentation of (almost) all d2i and i2d functions, these were dropped, most likely by mistake. This simply adds them back. Fixes #17091 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17093) * Fix detection of ARMv7 and ARM64 CPU features on FreeBSD OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25 Switch to using AT_HWCAP, and setting it to 16 if it is not defined. OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT resulting in all ARM acceleration features being disabled. CLA: trivial Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17082) (cherry picked from commit c1dabe26e3e96cdce0ffc929e9677840ad089ba5) * Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs The restriction about setting a tag length prior to setting the IV only applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG can be called. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17111) (cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00) * doc: fix macro name OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT. Fixes #17121 Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17125) (cherry picked from commit 01fde90eec721b64bc0e1c01cd94a9fd431adcc6) * BIO_push.pod: fix confusing text and add details on corner cases Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17086) (cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069) * Fix speed, use OPENSSL_free instead of free Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17132) * TEST: Enable and fix test_bn2padded() in test/bntest.c This looks like old code, written when the padded variety of BN_bn2bin() was developped, and disabled by default... and forgotten. A few simple changes to update it to the current API is all that was needed to enable it. Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17133) (cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51) * No EtM for GOST ciphers Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17158) * Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17135) * BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17135) * Fix documentation for tlsext_ticket_key The tlsext_ticket_key functions are documented as returning 0 on success. In fact they return 1 on success. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17210) (cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33) * OBJ_nid2obj.pod: Replace remaining 'B<' by 'I<' were appropriate Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17221) * Fix a deadlock in OBJ_NAME_add This happened after an out of memory error: CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17236) * CI: Replace windows-2016 with windows-2022 Windows 2016 environment is going to be discontinued. We also replace windows-latest with windows-2019 so there aren't two identical builds done once windows-latest is switched to mean windows-2022. Fixes #17177 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17211) * Fix faulty detail in BN_rand() manual Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17131) * Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets bn_sqr_comba8 does for instance compute a wrong result for the value: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 The correct result is: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 but the actual result was: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 so the forth word of the result was 0x75be8e3c but should have been 0x75be8e3d instead. Likewise bn_sqr_comba4 has an identical bug for the same value as well: a=0x022181ba fd3aa878 899b2346 ee210f45 correct result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 wrong result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 Fortunately the bn_mul_comba4/8 code paths are not affected. Also the mips64 target does in fact not handle the carry propagation correctly. Example: a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000 022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001 correct result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 wrong result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17258) (cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) * Add some CHANGES entries for 1.1.1m Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17269) * Update copyright year Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17271) * Update NEWS for 1.1.1m Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17273) * Prepare for 1.1.1m release Reviewed-by: Richard Levitte <[email protected]> * Prepare for 1.1.1n-dev Reviewed-by: Richard Levitte <[email protected]> * Fix the null pointer dereference Fixed #17296 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17302) * Fix Configure variable spill * Evaluating code-refs in Configure can sometimes set the default variable `$_` * Prevent spillage influencing the target property by using named variable in loop CLA: trivial Fixes gh-17321 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17322) (cherry picked from commit a595e3286ae9f033c56452967b3add2145f9085f) * document additional stack push error code Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17351) * Ensure s_client sends SNI data when used with -proxy The use of -proxy prevented s_client from correctly sending the target hostname as SNI data. Fixes #17232 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17249) * Add support for BSD-riscv64 target Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Paul Dale <[email protected]> (cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15) (cherry picked from commit fb72a093f88f7332069659994b67f6b19aceb865) (Merged from https://github.com/openssl/openssl/pull/17341) * OBJ_obj2txt(): fix off-by-one documentation of the result This backports the doc improvements of #17188. Reviewed-by: Tomas Mraz <[email protected]> (cherry picked from commit e36d10925396b6519e1abd338e1ef62cd5b1c9e6) * Update troublesome copyright years of auto-generated files to 2022 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17401) * apps/passwd.c: free before error exiting use goto instead of returning directly while error handling Signed-off-by: Peiwei Hu <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17404) (cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac) * close_console: Always unlock as the lock is always held Fixes #17364 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17395) * Fix password_callback to handle short passwords Fixes #17426 Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17439) * Remove unsafe call to OPENSSL_cpuid_setup This function is inherently thread-unsafe, and moreover it is unnecessary here, because OPENSSL_init_crypto always calls it in a thread-safe way. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17468) * Fix a leak in EVP_DigestInit_ex() If an EVP_MD_CTX is reused then memory allocated and stored in md_data can be leaked unless the EVP_MD's cleanup function is called. Fixes #17149 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17472) * Add a test for a custom digest created via EVP_MD_meth_new() We check that the init and cleanup functions for the custom method are called as expected. Based on an original reproducer by Dmitry Belyavsky from issue #17149. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17472) * lhash: Avoid 32 bit right shift of a 32 bit value Fixes #17583 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17589) (cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80) * Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose The function X509_STORE_CTX_purpose_inherit() can be called with a 0 default purpose. If the main purpose was set to X509_PURPOSE_ANY this would case the function to incorrectly return an error response. Fixes #17367 Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Add a test for X509_STORE_CTX_set_purpose() This function was previously incorrectly failing if it is called with X509_PURPOSE_ANY. Add a test to catch this. Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Document purpose and trust setting functions In particular: X509_STORE_CTX_set_purpose() X509_STORE_CTX_set_trust(); X509_STORE_CTX_purpose_inherit(); Reviewed-by: Shane Lontis <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17604) * Fix builds with DJGPP CLA: trivial To get the master branch compiled with DJGPP some minor adjustments are required. They will have no impact on any other ports. The DJGPP port uses the Watt-32 library to provide the required network functionality and some of its headers need to be included. Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c. In the DJGPP section of include/internal/sockets.h the following Watt-32 headers must be added: - arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c - netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17623) (cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde) * Don't link test/ec_internal_test with libapps.a It's not at all necessary, and on some platforms, it's disruptive (leads to unresolved symbols because of object files that get included in the link that depend on libssl). Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17637) * Correct return type for BIO_ptr_ctrl Fixes #17549 CLA: trivial Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17636) (cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459) * scrypt: increase memory usage beyond limit This brings these tests in line with 3.0 and master and makes them fail correctly. Fixes #17612 Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17619) * Prevent crash with engine using different openssl runtime This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes #15898 Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17541) * Check for presence of 3.x openssl runtime if the newly loaded engine contains the symbol EVP_PKEY_get_base_id, we know it is linked to 3.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17541) * crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup Since the potential failure of memory allocation, it should be better to check the return value of the OPENSSL_strndup(), like x509v3_add_len_value(). And following the comment of 'if (astrlen < 0)', return -1 if fails. Signed-off-by: Jiasheng Jiang <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17737) (cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef) * Improve documentation of BIO_FLAGS_BASE64_NO_NL flag. Fixes #12491. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17744) (cherry picked from commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5) * Fix NULL pointer dereference for BN_mod_exp2_mont This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer if BIGNUM argument m represents zero. Regression test added. Fixes #17648. Backport from master to 1.1. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17787) * VMS: move copy_argc to its own module and make it an aux source copy_argv was never initialization code. Make it self-cleaning too. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17746) * [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias `SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already marked as aliases of each other in the headers. This commit, for each pair, replaces the leftover uses of the latter synonym with the first one, which is considered more common. (manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3 Fixes #17743 (manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3 (manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815) Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17791) * Document bug in openssl cms -binary Documents a bug in openssl cms -binary for 1.1 whereby it cannot process input using LF line endings correctly. Binary input processing was reworked substantially for 3.0 and backporting these changes doesn't appear reasonable. Fixes #17797. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17810) * Avoid potential memory leak Resolves #17827 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17828) (cherry picked from commit 175355923046921a689b500f7a72455f7095708f) * Set protocol in init_client() If TCP is being used, protocol = 0 is passed to init_client(), then protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17838) (cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878) * Fix issue where OBJ_nid2obj doesn't always raise an error This was previously fixed in 3.0 but not 1.1. Fixes #13008. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Todd Short <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17808) * DOC: TLS compression is disabled by default Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matthias St. Pierre <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17854) (cherry picked from commit 2cb52118ddd1d82d7b6028372238eaa2467bbd48) * Fix OPENSSL_ENGINES in Configurations/descrip.mms.tmpl Make its value an absolute path. This was already fixed in all other build file templates, but for some reason, not here. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17865) * Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17861) (cherry picked from commit abdb2278d2b65ae87bee3121be83322e4219b396) * Fix possible infinite loop in BN_mod_sqrt() The calculation in some cases does not finish for non-prime p. This fixes CVE-2022-0778. Based on patch by David Benjamin <[email protected]>. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add documentation of BN_mod_sqrt() Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add a negative testcase for BN_mod_sqrt Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Update CHANGES/NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Update copyright year Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Prepare for 1.1.1n release Reviewed-by: Tomas Mraz <[email protected]> * Prepare for 1.1.1o-dev Reviewed-by: Tomas Mraz <[email protected]> * Check password length only when verify is enabled. Fixes #16231. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17899) * eng_dyn: Avoid spurious errors when checking for 3.x engine Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17902) * print SSL session, fix build warnings on OpenBSD. time_t is a 64 bits type on this platform. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17917) (cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d) * Fix coverity 1498607: uninitialised value Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17897) (cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63) * Fix Coverity 1498611 & 1498608: uninitialised read Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17893) (cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267) * Fix Coverity 1201763 uninitialised pointer read Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17890) (cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9) * Fix integer overflow in evp_EncryptDecryptUpdate Fixes #17871. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17872) * Fix Coverity 1498612: integer overflow The assert added cannot ever fail because (current & 0xFFFF) != 0 from the while loop and the trailing zero bit count therefore cannot be as large as 32. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17892) (cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e) * s390x: Hide internal cpuid symbol and function The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not exported by the version script of OpenSSL. However, if someone uses the static library without the version script, these symbols all of a sudden become global symbols and their usage in assembler code does not correctly reflect that for PIC. Since these symbols should never be used outside of OpenSSL, hide them inside the binary. Signed-off-by: Juergen Christ <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17946) (cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1) * ticket_lifetime_hint may exceed 1 week in TLSv1.3 For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446 Fixes #17948 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17952) (cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492) * Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3 libctx was left in cherry-pick from master/3.0 cherry-pick Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17970) * tls_process_server_hello: Disallow repeated HRR Repeated HRR must be rejected. Fixes #17934 Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef) * Test processing of a duplicated HRR Reviewed-by: Todd Short <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17936) (cherry picked from commit db44b55aaa42141921217183667800425227b658) * Fix usage of SSLfatal A cherry-pick from the master branch incorrectly introduced a usage of 3 argument SSLfatal. In 1.1.1 the function code is also required. Fixes #17999 Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18000) * Fix failure to check result of bn_rshift_fixed_top Fixes #18010. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18034) (cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe) * err: fix crash in ERR_load_strings() when configured with no-err This commit removes the entire initialization and cleanup of the error string hash table (`int_error_hash`) if `no-err` is configured. The only operative function remaining is `ERR_get_next_error_library()`. That is the reason why the `err_string_lock` and hence the `do_err_strings_init()` function can't be removed entirely. Fixes #17971 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * err: fix indentation of preprocessor directive Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * err: get rid of err_free_strings_int() Even though the function is not part of the public api, it is not entirely removed, in order to minimize the chance of breakage, because it is exported from libcrypto. Instead, we keep a dummy implementation. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17975) * Fix -no-tls1_2 in tests This is specific for OpenSSL_1_1_1-stable branch Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18080) * Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION This causes the DTLS server to enter an error state: ./openssl s_server -dtls ./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt [...] Q ./openssl s_client -dtls -sess_in s1.txt CONNECTED(00000003) ^C ./openssl s_client -dtls CONNECTED(00000003) 140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 At this point the dtls server needs to be restarted, because verify_cookie_callback always fails, because the previous cookie is checked against the current one. The reason for this is not fully understood. In wireshark we see the following each time: c->s Client Hello (without cookie) s->c Hello Verify Request (with new cookie) s->c Alert (Level: Fatal, Description: Handshake Failure) c->s Client Hello (echoes new cookie) The client gives up when the Alert arrives. The Alert is triggered because the server calls verify_cookie_callback with the previous cookie, although it just sent the current cookie in the Hello Verify Request. However this does only happen because no Alert message is sent when the client re-connects the session with the missing -maxfraglen option. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18094) * Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(00000003) 40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18093) (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103) * x509: use actual issuer name if a CA is used Fixes openssl#16080. Reviewed-by: Ben Kaduk <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18129) * Revert "[github-ci][ci.yml] Disable pyca external tests" This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * [github-ci] Sync pyca workflow with master Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * add wycheproof submodule This is used with the pyca/cryptography test suite (cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16340) * c_rehash: Do not use shell to invoke openssl Except on VMS where it is safe. This fixes CVE-2022-1292. Reviewed-by: Matthias St. Pierre <[email protected]> Reviewed-by: Matt Caswell <[email protected]> * Add additional keys to release key fingerprints Added keys for Paul Dale and Tomáš Mráz. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18156) * Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Update copyright year Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Prepare for 1.1.1o release Reviewed-by: Tomas Mraz <[email protected]> Release: yes * Prepare for 1.1.1p-dev Reviewed-by: Tomas Mraz <[email protected]> Release: yes * (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions Backport of #18038 to 1.1. Fixes #18035. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18190) * 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/17085) * Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes #13583 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) * Add test for empty supported-groups extension Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18213) * Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret. Consider a weaker leakage model(CL) where only cacheline base address is leaked, i.e address/32 for 32-byte cacheline(CL32). Previous code used to perform two loads 1. rotated_mac[rotate_offset ^ 32] and 2. rotated_mac[rotate_offset++] which would leak 2q + 1, 2q for 0 <= rotate_offset < 32 and 2q, 2q + 1 for 32 <= rotate_offset < 64 The proposed fix performs load operations which will always leak 2q, 2q + 1 and selects the appropriate value in constant-time. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18050) * s_serve: Report an error if init-connection fails without an attempt to read. Fixes: openssl#18047. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18283) * Backport some fuzzing data files from master This is a backport of the following commit from master: commit 415e6ac80405e13b20b083315747e431274fbd33 Author: Tavis Ormandy <[email protected]> Date: Tue Sep 21 15:48:27 2021 -0700 increase x509 code coverage metrics Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/16651) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) * Backport a missing bug-fix from master This is a backport of the following commit from master: commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 Author: Matt Caswell <[email protected]> Date: Thu Nov 19 13:58:21 2020 +0000 Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk <[email protected]> (Merged from https://github.com/openssl/openssl/pull/13452) Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18347) * Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18360) (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483) * Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18361) * Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18363) * Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18370) * Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044) * Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #24 0x402bbb in testfile fuzz/test-corpus.c:182 #25 0x402626 in main fuzz/test-corpus.c:226 #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7…
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Apr 24, 2023
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Apr 30, 2023
$ ERROR_INJECT=1668583266 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/fa3e83c6324c9ae936e6e66b09e155aae02d67ee
#0 0x7f42fc532d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
openssl#1 0x55c2f6f48bf4 in my_realloc fuzz/test-corpus.c:129
openssl#2 0x7f42fb1c91e7 in ASN1_STRING_set crypto/asn1/asn1_lib.c:297
openssl#3 0x7f42fb1a6939 in asn1_string_set_int64 crypto/asn1/a_int.c:350
openssl#4 0x7f42fb1a6939 in ASN1_INTEGER_set_int64 crypto/asn1/a_int.c:520
openssl#5 0x7f42fb1dc399 in PKCS8_pkey_set0 crypto/asn1/p8_pkey.c:43
openssl#6 0x7f42fb59def7 in rsa_priv_encode crypto/rsa/rsa_ameth.c:171
openssl#7 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#8 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#9 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#10 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#11 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#12 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
openssl#13 0x55c2f6f4689d in _start (.../openssl-111-features/fuzz/asn1-test+0x889d)
=================================================================
==624788==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 46 byte(s) in 1 object(s) allocated from:
#0 0x7f42fc525808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
openssl#1 0x7f42fb1eaa0b in asn1_item_flags_i2d crypto/asn1/tasn_enc.c:64
openssl#2 0x7f42fb1eaa0b in ASN1_item_i2d crypto/asn1/tasn_enc.c:44
openssl#3 0x7f42fb59ddea in rsa_priv_encode crypto/rsa/rsa_ameth.c:163
openssl#4 0x7f42fb4b6994 in EVP_PKEY2PKCS8 crypto/evp/evp_pkey.c:71
openssl#5 0x7f42fb1d9dfb in i2d_PrivateKey crypto/asn1/i2d_pr.c:23
openssl#6 0x55c2f6f4814f in FuzzerTestOneInput fuzz/asn1.c:345
openssl#7 0x55c2f6f48789 in testfile fuzz/test-corpus.c:182
openssl#8 0x55c2f6f466ef in main fuzz/test-corpus.c:226
openssl#9 0x7f42f9f32082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 46 byte(s) leaked in 1 allocation(s).
juergenchrist
added a commit
to juergenchrist/openssl
that referenced
this pull request
May 8, 2023
When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:
```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
#0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c)
openssl#1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
openssl#2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
openssl#3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
openssl#4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
openssl#5 0x113d797 in read_state_machine ssl/statem/statem.c:712
openssl#6 0x113d797 in state_machine ssl/statem/statem.c:478
openssl#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
openssl#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
openssl#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
openssl#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
openssl#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
openssl#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
openssl#13 0x102b81d in test_quic_write_read test/quicapitest.c:54
openssl#14 0x12035a9 in run_tests test/testutil/driver.c:370
openssl#15 0x1013203 in main test/testutil/main.c:30
openssl#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
openssl#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
openssl#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
#0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
This frame has 1 object(s):
[32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```
Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.
Signed-off-by: Juergen Christ <[email protected]>
openssl-machine
pushed a commit
that referenced
this pull request
May 9, 2023
When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:
```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
#0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c)
#1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
#2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
#3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
#4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
#5 0x113d797 in read_state_machine ssl/statem/statem.c:712
#6 0x113d797 in state_machine ssl/statem/statem.c:478
#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
#13 0x102b81d in test_quic_write_read test/quicapitest.c:54
#14 0x12035a9 in run_tests test/testutil/driver.c:370
#15 0x1013203 in main test/testutil/main.c:30
#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
#0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
This frame has 1 object(s):
[32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```
Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.
Signed-off-by: Juergen Christ <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tom Cosgrove <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from #20904)
2 tasks
This was referenced Dec 22, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.