Matt Caswell [Fri, 18 Aug 2023 10:55:50 +0000 (11:55 +0100)]
Don't keep creating CONNECTION_CLOSE frames
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Ingo Franzki [Wed, 23 Aug 2023 13:08:51 +0000 (15:08 +0200)]
Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign()
Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called by EVP_PKEY_assign().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21819)
Ingo Franzki [Wed, 23 Aug 2023 07:45:45 +0000 (09:45 +0200)]
ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS
The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Ingo Franzki [Wed, 23 Aug 2023 07:20:52 +0000 (09:20 +0200)]
ctrl_params_translate: Allow RSA controls also for RSA-PSS
Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Jakub Jelen [Wed, 23 Aug 2023 11:24:57 +0000 (13:24 +0200)]
doc: Avoid usage of non-existing constant
CLA: trivial
Fixes: #21809 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21817)
olszomal [Tue, 22 Aug 2023 08:20:07 +0000 (10:20 +0200)]
Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1)
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21805)
Matt Caswell [Tue, 22 Aug 2023 14:56:18 +0000 (15:56 +0100)]
Change the TLS handshake keys early if we're not doing early data
We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)
doc: add the migration guide to the new guide series
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21807)
Tomas Mraz [Mon, 21 Aug 2023 20:33:52 +0000 (22:33 +0200)]
Update CHANGES.md and NEWS.md for the upcoming 3.2 release
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21802)
Tomas Mraz [Fri, 18 Aug 2023 16:32:21 +0000 (18:32 +0200)]
quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Fri, 18 Aug 2023 15:08:18 +0000 (17:08 +0200)]
ossl_quic_tx_packetiser_generate(): Always report if packets were sent
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 15:32:49 +0000 (17:32 +0200)]
QUIC: Miscellaneous error handling updates
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 14:28:41 +0000 (16:28 +0200)]
QUIC: Add ERR_raise() calls for EVP call failures
This improves tracking where the failure was triggered.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 13:10:10 +0000 (15:10 +0200)]
Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Thu, 17 Aug 2023 14:23:36 +0000 (16:23 +0200)]
qtest: Use fake time on both client and server
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:53:32 +0000 (20:53 +0200)]
qtest: Run both client and server during connect
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:15:53 +0000 (20:15 +0200)]
QUIC: Update ping deadline when we receive a packet
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:06:13 +0000 (19:06 +0200)]
quic_trace.c: Fix typo in traces
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:04:40 +0000 (19:04 +0200)]
Update the ssltraceref.txt
Also adds saving the new trace to ssltraceref-new.txt in
test-runs which can be handy when the trace changes and
needs to be updated.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 16:07:49 +0000 (18:07 +0200)]
QUIC: Do not discard the INITIAL el too early
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.
On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Updates documentation of RC4_CHAR and RC4_INT: Should not be used for new configuration targets
Fixes: #21358
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21391)
Matt Caswell [Fri, 18 Aug 2023 14:57:41 +0000 (15:57 +0100)]
Handle the case where the read buffer is empty but we have received FIN
In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_RETURN. This meant that we could end up
blocking in SSL_read(_ex) for too long.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)
shub-al [Thu, 17 Aug 2023 13:21:26 +0000 (16:21 +0300)]
ssl_get_min_max_version(): Remove unused variable single
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21768)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Tomas Mraz [Wed, 16 Aug 2023 14:48:28 +0000 (16:48 +0200)]
quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE
Fixes openssl/project#134
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)
Matt Caswell [Wed, 16 Aug 2023 11:15:07 +0000 (12:15 +0100)]
Fix a memory leak in tls_new_record_layer
If setting the crypto state has failed then memory might have been
partially allocated to fields within the partially constructed record
layer. We need to call tls_int_free() to properly free it.
Found by the reproducible error patch in openssl#21668
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21753)
Matt Caswell [Tue, 15 Aug 2023 14:33:34 +0000 (15:33 +0100)]
Don't free the prev BIO prematurely
We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
Matt Caswell [Tue, 15 Aug 2023 14:05:38 +0000 (15:05 +0100)]
Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.
Make sure we free process_data_dest if it is not actually used.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
build break reported:
crypto/threads_pthread.c:76:5: warning: implicit declaration of function 'pthread_mutexattr_settype'; did you mean 'pthread_mutexattr_destroy'? [-Wimplicit-function-declaration]
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| pthread_mutexattr_destroy
crypto/threads_pthread.c:76:38: error: 'PTHREAD_MUTEX_NORMAL' undeclared (first use in this function); did you mean 'PTHREAD_MUTEX_TIMED_NP'?
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~
| PTHREAD_MUTEX_TIMED_NP
This occurs because PTHREAD_MUTEX_NORMAL is only defined in glibc if
__USE_UNIX98 or __USE_XOPEN2K8 is defined, which is derived from setting
__USE_POSIX_C_SOURCE or __XOPEN_SOURCE is selected in the glibc feature
set for a build. Since openssl selects no specific feature set from
glibc, the build break occurs
We could select a feature set of course, but that seems like a
significant discussion to have prior to doing so. Instead, the simpler
solution is to just not set the mutex type at all, given that
pthread_mutexattr_init sets the default mutex type, which should be akin
to normal anyway (i.e. no mutex error checking or allowed-recursive
behavior)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21726)
slontis [Fri, 16 Jun 2023 06:40:06 +0000 (16:40 +1000)]
Fix decoders so that they use the passed in propq.
Fixes #21198
decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)
Neil Horman [Mon, 14 Aug 2023 16:17:11 +0000 (12:17 -0400)]
Improve documentation for BIO_s_mem
Recent leak discovered by valgrind:
==1007580== at 0x483C815: malloc (vg_replace_malloc.c:431)
==1007580== by 0x2C2689: CRYPTO_zalloc (in /home/vien/microedge-c/test)
==1007580== by 0x295A17: BUF_MEM_new (in /home/vien/microedge-c/test)
==1007580== by 0x295A78: BUF_MEM_new_ex (in /home/vien/microedge-c/test)
==1007580== by 0x28CACE: mem_new (in /home/vien/microedge-c/test)
==1007580== by 0x285EA8: BIO_new_ex (in /home/vien/microedge-c/test)
==1007580== by 0x231894: convert_pubkey_ECC (tpm2_driver.c:221)
==1007580== by 0x232B73: create_ephemeral_key (tpm2_driver.c:641)
==1007580== by 0x232E1F: tpm_gen_keypair (tpm2_driver.c:695)
==1007580== by 0x22D60A: gen_keypair (se_driver_api.c:275)
==1007580== by 0x21FF35: generate_keypair (dhkey.c:142)
==1007580== by 0x24D4C8: __test_dhkey (dhkey_test.c:55)
led me to find that BIO_get_mem_data is informative only, it does not
transer ownership of a BIO_s_mems data structure to the caller.
Additionally treating it as such leads to the above leak, or possibly
data corruption in the event that BIO_set_close(bio, BIO_NOCLOSE) is not
set properly prior to calling BIO_free.
Made an attempt to fix it in a minimally invasive manner in the 3.1
branch, but based on discussion, its just not safe to do in an API
compatible way, so just document the sematics a little more clearly
here, and fix it properly in a future release
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21724)
3lswear [Wed, 9 Aug 2023 13:25:51 +0000 (16:25 +0300)]
Check i2d_X509_NAME return in X509_NAME_hash_ex/old
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21697)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21033)
Matt Caswell [Fri, 11 Aug 2023 10:22:02 +0000 (11:22 +0100)]
Fix a leak in an error path in OSSL_DECODER_CTX_new_for_pkey()
Found via the reproducible error injection in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21723)
Matt Caswell [Tue, 8 Aug 2023 13:05:58 +0000 (14:05 +0100)]
Fix a use-after-free in quic_tls.c
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Matt Caswell [Mon, 7 Aug 2023 13:45:55 +0000 (14:45 +0100)]
TLS KeyUpdate messages are not allowed in QUIC
We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.
RFC 9001 section 6:
Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection
error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message;
see Section 4.8.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Matt Caswell [Wed, 2 Aug 2023 15:43:11 +0000 (16:43 +0100)]
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Richard Levitte [Mon, 14 Aug 2023 10:38:44 +0000 (12:38 +0200)]
Remove include/internal/decoder.h, as it's superfluous
The routines declared in there are entirely libcrypto internal, so
include/crypto/decoder.h is better suited for them.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21733)
Matt Caswell [Fri, 11 Aug 2023 08:42:36 +0000 (09:42 +0100)]
Fix no-dsa in combination with no-err
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21722)
Matt Caswell [Fri, 11 Aug 2023 08:41:57 +0000 (09:41 +0100)]
Fix no-dtls and no-tls in combination
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21722)
Tomas Mraz [Mon, 7 Aug 2023 18:48:09 +0000 (20:48 +0200)]
ssl_local.h: Define SSL_OP_CISCO_ANYCONNECT if undefined in public headers
Fixes #21626
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
Tomas Mraz [Mon, 7 Aug 2023 18:41:11 +0000 (20:41 +0200)]
ossl_qrl_enc_level_set_provide_secret(): Clear el->md on error
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
Tomas Mraz [Mon, 7 Aug 2023 18:04:07 +0000 (20:04 +0200)]
quic_record_test.c: For tests that require ChaCha require also Poly1305
as both algorithms are really needed.
Fixes #21625
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
With OPENSSL_NO_POSIX_IO or OPENSSL_NO_SOCK the function
wait_until_sock_readable() currently does not exist.
Define empty wait_until_sock_readable() when building
with no-posix-io.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
Tomas Mraz [Mon, 7 Aug 2023 16:34:50 +0000 (18:34 +0200)]
quicserver.c: Use BIO_printf to stderr instead of plain printf
Fixes #21623
Also do not build quicserver with no-stdio as it is a test
utility and tests are disabled with no-stdio anyway.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
Matt Caswell [Fri, 11 Aug 2023 10:51:15 +0000 (11:51 +0100)]
Don't call ossl_assert on the result of bn_wexpand
bn_wexpand can fail as the result of a memory allocation failure. We
should not be calling ossl_assert() on its result because it can fail in
normal operation.
Found via the reproducible error injection in #21668
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/21725)
Bernd Edlinger [Tue, 8 Aug 2023 08:32:12 +0000 (10:32 +0200)]
Fix an init-deadlock in OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call
may happen if an out-of-memory error happens at the first callstack,
and the dead-lock happens at the second callstack, because ossl_err_get_state_int
calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that
call is currently already executing.
At least on posix system this causes the process to freeze at this
point, and must be avoided whatever it takes.
The fix is using err_shelve_state around the critical region, which
makes ossl_err_get_state_int return early and not call the recursive
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS).
This can be reproduced with my error injection patch.
The test vector has been validated on the master branch:
$ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550
ERROR_INJECT=1692279870
#0 0x7f280b42fef8 in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86
#1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177
#3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
#4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
#5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
#6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
#7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
#8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
#9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
#10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
#11 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
#12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
#15 0x5610a3f38783 in main fuzz/test-corpus.c:194
#16 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0)
#0 0x7f2808cfbef8 (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
#1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705
#4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20
#5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205
#6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
#7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
#8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
#9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
#10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
#11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
#12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
#13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
#14 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
#15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
#18 0x5610a3f38783 in main fuzz/test-corpus.c:194
#19 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
#20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
#21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
==27629==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21683)
MscVZoltan [Wed, 9 Aug 2023 06:43:40 +0000 (08:43 +0200)]
Don't use C++ reserved word template for function arguments
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21692)
projects / thirdparty / openssl.git / log
