widneve [Tue, 20 May 2025 14:23:09 +0000 (16:23 +0200)]
Fix memory leaks after failure of PKCS7_add_signed_attribute()
If PKCS7_add_signed_attribute fails,
seq never escapes out of the callee and will
therefore result in a memory leak.
This is similar to ed3d277127.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27670)
Richard Levitte [Wed, 30 Apr 2025 12:37:12 +0000 (14:37 +0200)]
Drop "by store"'s by_store_subject_ex()
It was used to pass libctx and propq, which would override the
corresponding values passed to by_store_ctrl_ex(). This wasn't
really reasonable to do either way, as it could potentially be a
surprise to the user, who can reasonably expect that the URI is
opened with the libctx and propq that was passed with the URI, and
not with those passed later.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27551)
Richard Levitte [Wed, 30 Apr 2025 09:38:04 +0000 (11:38 +0200)]
Rework the "by store" X509_LOOKUP method to open the given URI early
The cached X509_LOOKUP method data is no longer just the URI, but now
includes the OSSL_STORE_CTX pointer, and required parameters to reopen
the URI at any time. cache_objects() is modified to handle this, and
only (re)open the URI when it wasn't previously opened, or when it was
closed by an earlier call.
This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded.
This assumes that if the URI could be opened once, it can be opened
again.
Dmitriy Denisov [Tue, 13 May 2025 08:56:33 +0000 (11:56 +0300)]
The condition that is never checked has been removed.
If criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, the criterion !=0 condition will be triggered.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27607)
JiashengJiang [Fri, 16 May 2025 13:37:48 +0000 (09:37 -0400)]
demos/bio/sconnect.c: Free ssl_bio on error to avoid memory leak
Call BIO_free() to release ssl_bio if an error occurs before BIO_push(), preventing a memory leak.
Fixes: 396e720965 ("Fix certificate validation for IPv6 literals in sconnect demo") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27639)
JiashengJiang [Mon, 5 May 2025 17:46:53 +0000 (13:46 -0400)]
crypto/x509/v3_lib.c: Free tmpext if X509V3_EXT_add() fails to avoid memory leak
Add OPENSSL_free to free tmpext if X509V3_EXT_add() fails to avoid memory leak.
Fixes: 878dc8dd95 ("Join the x509 and x509v3 directories") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27566)
JiashengJiang [Mon, 12 May 2025 14:02:05 +0000 (10:02 -0400)]
test/testutil/testutil_init.c: Add OPENSSL_free() to avoid memory leak
Free trace_data if error occurs to avoid memory leak.
Fixes: d73458d17a ("Add tracing capability in test utilities") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27600)
Matt Caswell [Thu, 8 May 2025 13:54:35 +0000 (14:54 +0100)]
Stop a TLSv1.3 server emitting an unsolicited PSK extension
If we attempt to accept a connection on an SSL object, and the
application has set an SSL_SESSION on that SSL object then we
can mistakenly believe that we are resuming and
emit an unsolicited PSK extension back to the client.
This can especially happen when using SSL_clear() which leaves
any SSL_SESSION associated with the SSL object.
See
https://github.com/openssl/openssl/discussions/27563#discussioncomment-13049352
and
https://github.com/openssl/openssl/discussions/24567
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27584)
APPS/cmp.c: fix char encoding of subject, issuer, sender, and recipient DN
Fixes #27572
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27592)
Pauli [Wed, 30 Apr 2025 22:12:00 +0000 (08:12 +1000)]
chacha_poly: fix settable ctx param list
The settable list used the generic AEAD cipher list which included
an extra parameter and omitted the IV length one. The set ctx param call
was custom so the errant list didn't directly impact operation.
The comment about ignoring OSSL_CIPHER_PARAM_AEAD_MAC_KEY is completely bogus.
That parameter isn't accepted either here or by the shared AEAD cipher params.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27534)
JiashengJiang [Mon, 5 May 2025 01:41:39 +0000 (21:41 -0400)]
crypto/provider_conf.c: Fix possible memory leak
Assign the return value of ossl_provider_info_add_to_store to added instead of
setting it directly to 1, in order to avoid a memory leak caused by entry not
being freed if ossl_provider_info_add_to_store() fails.
Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27472)
Anton Tieleman [Mon, 28 Apr 2025 11:49:25 +0000 (13:49 +0200)]
Test+fix handling "wrong" downgrade signals
This accounts for cases that can only occur when een non-compliant server sends
the wrong downgrade signal. (TLS1.1 signal when negotiating TLS1.2 or TLS1.2
signal when negotiating TLS1.0/TLS1.1). According to the TLS1.3 RFC these
cases should be rejected:
RFC8446, section 4.1.3: TLS 1.3 clients receiving a ServerHello indicating
TLS 1.2 or below MUST check that the last 8 bytes are not equal to either of
these values. TLS 1.2 clients SHOULD also check that the last 8 bytes are
not equal to the second value if the ServerHello indicates TLS 1.1 or below.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27535)
Anton Tieleman [Mon, 28 Apr 2025 11:30:01 +0000 (13:30 +0200)]
Repair downgrade tests
A number of these tests were failing for the wrong reasons. The intention is to verify
that the client sends an illegal parameter alert when an unexpected downgrade signal
is received. Instead, a number of tests failed because TLS1.1 was not available. The
tests are adapted to explicitly check for an illegal parameter alert from the client.
Client and server flags are updated to enable TLS1.1 where required and a few tests
requiring TLS1.1 were moved to be disabled when TLS1.1 is not available.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27535)
Neil Horman [Thu, 24 Apr 2025 13:26:33 +0000 (09:26 -0400)]
Disable unterminated-string-initialization in strict-warnings
Recently updated to fedora 42, which includes an updated gcc, which
triggers a new warning:
test/afalgtest.c:44:9: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (18 chars into 17 available) [-Werror=unterminated-string-initialization]
44 | "\x53\x69\x6e\x67\x6c\x65\x20\x62\x6c\x6f\x63\x6b\x20\x6d\x73\x67"
The warning occurs because in some locations we create char buffers of
length X, and fill it with X bytes of data, truncating the NULL
terminator.
We could fix it by adding the nonstring attribute, but given that:
1) Adding attributes might impact other platforms that don't understand the
attribute.
2) We often create char buffers that don't expect a NULL terminator.
3) Converting the unsigned char arrays to uint8_t, or other types that
could be interpreted as non-strings has no impact, only applying the
nonstring attribute silences the warning.
It seems more sensible to just disable the warning entirely
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27490)
Matt Caswell [Fri, 25 Apr 2025 14:21:47 +0000 (15:21 +0100)]
Clarify how s_client -ign_eof and -quiet impact command processing
If -ign_eof -or -quiet are passed to s_client this implicitly turns off
command processing (i.e. equivalent to -nocommands). This was stated on
the man page in the "CONNECTED COMMANDS" section, but not in the
documentation for "-ign_eof" or "-quiet" directly. We state it here as
well to make it clearer.
Fixes #27443
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27500)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27157)
If the function is not called the settings default to 0.
Fixes #10584
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27410)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
provider-signature.pod: fix doc of OSSL_SIGNATURE_PARAM_ALGORITHM_ID, describing its relevance
This provides a fix for the documentation part of #22932.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27372)
Pauli [Wed, 9 Apr 2025 02:42:40 +0000 (12:42 +1000)]
test: test for setting hkdf salt to null
Fixes #27302
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Pauli [Wed, 9 Apr 2025 02:42:10 +0000 (12:42 +1000)]
hkdf: allow salt to be set to null
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27305)
Mironenko [Fri, 28 Mar 2025 10:41:26 +0000 (13:41 +0300)]
Fix OSSL_FUNC_keymgmt_load declaration in man7/provider-keymgmt
OSSL_FUNC_keymgmt_load prototype declared in man7 does not match
the actual OSSL_FUNC_keymgmt_load prototype declared in
include/openssl/core_dispatch.h. This commit fixes the prototype
in man7.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27189)
David Benjamin [Mon, 7 Apr 2025 20:40:05 +0000 (16:40 -0400)]
Fix PKCS7_sign and CMS_sign default hash documentation
Fixes #27291. See issue for details.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)
Updated the change log to include SSLv3 being disabled by default.
This change was implemented into version 1.1.0 and onward. The last version that had SSLv3 enabled was version 1.0.2h, which is why the addition was made where it is.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27289)
Malcolm Hogan [Fri, 7 Mar 2025 23:30:43 +0000 (18:30 -0500)]
Remove DAYS argument
This commit removes DAYS from certificate requests to avoid the warning
'Ignoring -days without -x509; not generating a certificate'
This argument is not needed with the -new argument. Additionally makes sure
$1 is handled when -nodes is not given. Preventing an uninitialized value
error when the DAYS argument is removed.
Fixes #26595
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/27277)
crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks
Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks.
Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27218)
Neil Horman [Tue, 1 Apr 2025 17:16:04 +0000 (13:16 -0400)]
Temporarily disable gost-engine tests in ci
We need to temporarily disable this as we have a build break in CI:
https://github.com/openssl/openssl/actions/runs/14192630435
Its occuring because gost-engine depends on libprov, which requires a
minimum version cmake-3.0. The update of github runners to cmake-4.0
causes a bail out as cmake 4.0 no longers supports cmake 3.0 syntax.
Libprov is fixed now, but gost-engine needs to update its libprov
submodule, and then we need to update the gost-engine submodule. Until
thats done (which may take days), we should disable the gost-engine
external tests
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27234)
Benjamin Kaduk [Fri, 14 Jun 2024 21:10:39 +0000 (14:10 -0700)]
statem: always save sigalgs during PHA
We use the same extension-parsing function on server and client
for convenience, but while the server might worry about tracking
what was previously received and not overwriting it, on the client
receiving a request for post-handshake authentication, we always
want to use the values from the current extension (and should
always have a new session object that we are free to mutate).
It is somewhat unclear whether the server also needs the check
for a resumed connection; it appears to have been added back in
2015 in commit 062178678f5374b09f00d70796f6e692e8775aca as part
of a broad pass to handle extensions on resumption, but without
specific documentation of each extension's handling.
Fixes: #10370 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24651)
slontis [Sun, 30 Mar 2025 22:42:59 +0000 (09:42 +1100)]
Fix Strict c issue in aes_gcm for armv8
Reported by David Makepeace
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27203)
JiashengJiang [Wed, 26 Mar 2025 21:40:16 +0000 (17:40 -0400)]
apps/lib/apps.c: Add a check for OPENSSL_strdup()
Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.
Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27098)
Andrey Tsygunka [Thu, 20 Mar 2025 14:45:23 +0000 (17:45 +0300)]
Fix return value of the i2d_ASN1_bio_stream() call
If the flags argument does not contain the SMIME_STREAM bit,
the i2d_ASN1_bio_stream() function always returns 1,
ignoring the result of the ASN1_item_i2d_bio() call.
Fix the return value to the result of the ASN1_item_i2d_bio()
call for this case.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27106)
Tomas Mraz [Tue, 25 Mar 2025 09:16:30 +0000 (10:16 +0100)]
Update provider compatibility CI to run on 3.5 branch
Also drop 3.1 development branch as it is out of public support now.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27149)
Richard Levitte [Mon, 24 Mar 2025 05:25:01 +0000 (06:25 +0100)]
In doc/man7/provider-{en,de}coder.pod, clarify where properties are defined
Fixes #27126
Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27132)
Andrey Tsygunka [Wed, 19 Mar 2025 11:53:02 +0000 (14:53 +0300)]
Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c
Adds handling of V_ASN1_UNDEF to avoid NULL dereference
in case ASN1 structure contains an element of type ASN1_TYPE
without initializing its value (i.e. default constructed)
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27100)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27059)
Martin Oliveira [Wed, 12 Mar 2025 17:09:04 +0000 (11:09 -0600)]
Fix gettable_params() for ECX
The OSSL_PKEY_PARAM_MANDATORY_DIGEST parameter is only handled by the
ed25519_get_params() and ed448_get_params(). The x25519 and x448
versions of get_params() always ignore that parameter, so it should not
be in the list of gettable params.
Fixes: 1a7328c88256 ("PROV: Ensure that ED25519 & ED448 keys have a mandatory digest")
cla: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27043)
Tomas Mraz [Tue, 4 Mar 2025 17:43:18 +0000 (18:43 +0100)]
Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)
14MM4CH1N3 [Fri, 14 Feb 2025 17:11:01 +0000 (12:11 -0500)]
Update doc README URLs
This updates the openssl documentation link to the one currently in use,
and removes the standards.txt section as that URL leads to the normal
documentation page and there is no "standards" page in the openssl
documentation site.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26759)
slontis [Tue, 25 Feb 2025 06:03:38 +0000 (17:03 +1100)]
Encoder : Fix floating pointer when OSSL_ENCODER_to_data() is called
twice.
Fixes #26862
This only happens when using the FIPS provider, since it needs to export
the key.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26891)
Viktor Dukhovni [Wed, 26 Feb 2025 09:59:38 +0000 (20:59 +1100)]
Tolerate 3.5+ FIPS providers in kem_rsa_params test
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26909)
Tomas Mraz [Wed, 22 Jan 2025 08:57:36 +0000 (09:57 +0100)]
add_uris_recursive(): Avoid OSSL_STORE_INFO leak on error
Fixes #26480
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26511)
Niels Dossche [Wed, 22 Jan 2025 13:35:25 +0000 (14:35 +0100)]
Fix potential leak in error path in cert_response()
get1_cert_status() returns an object that must be freed,
but the error path does not do that.
Fix it by adding a call to X509_free() in the error path.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26513)
Burkov Egor [Wed, 19 Feb 2025 13:42:07 +0000 (16:42 +0300)]
fix: add OOM handler for x509 fuzz test
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26830)
SPARC assembly: Don't file aes-cbc on T4 with small sizes.
The "openssl speed -testmode -seconds 1 -bytes 1 aes-128-cbc" test
revealed that the assembly code is crashing if length is less than 16.
The code shifts the provided length by 4 and than subtracts one until
the length hits zero. If it was already zero then it underflows the
counter and continues until it segfaults on reading or writing.
Replace the check against 0 with less than 15.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25637)
Dmitry Misharov [Thu, 23 Jan 2025 15:40:31 +0000 (16:40 +0100)]
backport make-release.yml workflow to openssl-3.x branches
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26541)
Mae [Wed, 22 Jan 2025 16:54:43 +0000 (16:54 +0000)]
Fix passing struct by value rather than by reference to syscall
Fixes #26521
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26523)
Stas Cymbalov [Tue, 21 Jan 2025 13:42:19 +0000 (16:42 +0300)]
Fix data race in asn1_str2tag() on tntmp which was accidentally made static
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
Nadav Tasher [Fri, 20 Dec 2024 15:59:01 +0000 (17:59 +0200)]
s_socket: naccept: close listening socket after accepting clients
When `-naccept` is passed (i.e with `s_server`), the listening socket remains open while handling
client, even after `naccept` is supposed to reach `0`.
This is caused to to the decrementation of `naccept` and closing of the socket
happening a little too late in the `do_server` function.
Signed-off-by: Nadav Tasher <tashernadav@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26228)
Tomas Mraz [Wed, 15 Jan 2025 17:29:52 +0000 (18:29 +0100)]
Add CHANGES.md and NEWS.md updates for CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
Tomas Mraz [Wed, 15 Jan 2025 17:27:02 +0000 (18:27 +0100)]
Fix timing side-channel in ECDSA signature computation
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
otherddn1978 [Thu, 26 Dec 2024 10:26:34 +0000 (13:26 +0300)]
If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF
flag, it will сrash to X509_up_ref. Passing NULL here is not valid,
return 0 if cert == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)
Nikolay Nikolaev [Tue, 24 Dec 2024 11:26:09 +0000 (13:26 +0200)]
Workaround for RSA on AArch64 Big Endian
10646160125 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.
Fixes: #22687
CLA: trivial
Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)
Bernd Edlinger [Fri, 10 Jan 2025 18:58:46 +0000 (19:58 +0100)]
Fix test failure in 30-test_evp_pkey_provided.t
In this test there is a random test output corruption.
`make test TESTS=test_evp_pkey_provided V=1` has some random output,
that can with a certain probability start a line with "ok" or so:
# Setting up a OSSL_ENCODER context with passphrase
# Testing with no encryption
jLixONcRPi/m64CGie4KKKDuGeTjtYwfima3BNYCGlgbLGeK3yYxBfZb9JjviOJ4
# nHaNsRsONTAKyg==
This happens because large random data is output to bio_out
but some data remains buffered, and then test_note() is used to print
some comments on the bio_err file. This causes output corruption that
confuses the TAP parser.
Fix that by flushing any pending output with test_flush_stdout() first.
Fixes #23992
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26383)
Bernd Edlinger [Thu, 9 Jan 2025 14:14:15 +0000 (15:14 +0100)]
Fix intermittent test failure in 80-test_cmp_http.t
output to stderr is unbuffered bypassing the normal output, which does
not happen at line boundaries and is therefore confusing the TAP parser.
This is known to cause random test failures like this one:
80-test_cmp_http.t (Wstat: 0 Tests: 5 Failed: 0)
Parse errors: Tests out of sequence. Found (6) but expected (5)
Bad plan. You planned 6 tests but ran 5.
Fixes #23992
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26364)
Ingo Franzki [Wed, 8 Jan 2025 15:00:33 +0000 (16:00 +0100)]
speed: Pass IV to EVP_CipherInit_ex for -evp runs with non-AEAD ciphers
Some (non-AEAD) ciphers require an IV to be used. Always pass a (dummy) IV
when setting the key. It is ignored by ciphers that do not use an IV.
Commit 607a46d003f472d4bce646f3df6e85725094d68a corrected the use of AEAD
ciphers, but removed the IV from being passed to EVP_CipherInit_ex() for
non-AEAD ciphers.
Fixes: https://github.com/openssl/openssl/commit/607a46d003f472d4bce646f3df6e85725094d68a Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26346)
Kai Pastor [Sat, 4 Jan 2025 10:48:26 +0000 (11:48 +0100)]
Fix buildinf.h generation for space and backslash
Builds may be configured with CC or CFLAGS containing space and
double quotes. In particular on Windows, this may lead to passing
more than two arguments into mkbuildinf.pl.
In addition, backslashes must be escaped for constructing the C string.
Fixes #26253.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26315)
Dmitry Misharov [Thu, 2 Jan 2025 14:32:41 +0000 (15:32 +0100)]
Replace self-hosted runners with GitHub hosted
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26304)
projects / thirdparty / openssl.git / log
