Niels Dossche [Wed, 9 Oct 2024 21:00:13 +0000 (23:00 +0200)]
Fix potential double free through SRP_user_pwd_set1_ids()
If SRP_user_pwd_set1_ids() fails during one of the duplications, or id
is NULL, then the old pointer values are still stored but they are now dangling.
Later when SRP_user_pwd_free() is called these are freed again,
leading to a double free.
Although there are no such uses in OpenSSL as far as I found,
it's still a public API.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25655)
In all cases the argument is an int, the value of which shall
be representable as an unsigned char or shall equal the value
of the macro EOF. If the argument has any other value, the
behavior is undefined.
This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.
If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype.h functions are:
{-1, 0, 1, 2, 3, ..., 255}.
However, on platforms where char is signed, such as x86 with the
usual ABI, code like
char *p = ...;
... isspace(*p) ...
may pass in values in the range:
{-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.
This has two problems:
1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.
2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
even though the input is not forbidden, it may give the wrong
answer.
Casting char inputs to unsigned char first works around this, by
mapping the (non-EOF character) range {-128, -127, ..., -1} to {128,
129, ..., 255}, leaving no collisions with EOF. So the above
fragment needs to be:
char *p = ...;
... isspace((unsigned char)*p) ...
This patch inserts unsigned char casts where necessary. Most of the
cases I changed, I compile-tested using -Wchar-subscripts -Werror on
NetBSD, which defines the ctype.h functions as macros so that they
trigger the warning when the argument has type char. The exceptions
are under #ifdef __VMS or #ifdef _WIN32. I left alone calls where
the input is int where the cast would obviously be wrong; and I left
alone calls where the input is already unsigned char so the cast is
unnecessary.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25113)
improve and move text on OPENSSL_TRACE from doc/man1/openssl.pod to doc/man7/openssl-env.pod
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25540)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
Pauli [Mon, 7 Oct 2024 23:38:26 +0000 (10:38 +1100)]
evp_libctx_test: fix provider compat CI regression
The regression was introduced by #25522.
Fixes #25632
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25633)
Niels Dossche [Thu, 3 Oct 2024 14:58:30 +0000 (16:58 +0200)]
Fix potential memory leak in save_statusInfo()
If sk_ASN1_UTF8STRING_push() fails then the duplicated string will leak
memory. Add a ASN1_UTF8STRING_free() to fix this.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25604)
Niels Dossche [Wed, 2 Oct 2024 19:53:52 +0000 (21:53 +0200)]
Fix potential memory leak in PKCS7_signatureVerify()
Fixes #25594
The code jumps to an error block when EVP_VerifyUpdate fails.
This error block does not free abuf.
In the success path the abuf memory is freed.
Move the free operation to the error block.
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25596)
Neil Horman [Fri, 27 Sep 2024 13:33:35 +0000 (09:33 -0400)]
Add some documentation to describe the encap/decap requirements
Document the fact that we now require unwrappedlen/wrappedlen to be set
to the size of the unwrapped/wrapped buffers
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
Neil Horman [Tue, 24 Sep 2024 17:54:14 +0000 (13:54 -0400)]
Adjust tests to fetch the output len for EVP_PKEY_[en|de]cap
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
Neil Horman [Mon, 23 Sep 2024 18:14:18 +0000 (14:14 -0400)]
Update rsasve_recover to properly store outlen on success
Outlen was never validated in this function prior to use, nor is it set
to the decrypted value on sucess. Add both of those operations
Fixes #25509
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25503)
Richard Levitte [Tue, 1 Oct 2024 07:52:59 +0000 (09:52 +0200)]
Update fips-label.yml to make 'Cleanup artifact' conditional
If it's not conditional in the same manner as the other steps, it fails
because the artifacts aren't present => job failure.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25584)
Simo Sorce [Mon, 30 Sep 2024 13:25:48 +0000 (09:25 -0400)]
Use the correct length value for input salt
In this function the salt can be either a zero buffer of exactly mdlen
length, or an arbitrary salt of prevsecretlen length.
Although in practice OpenSSL will always pass in a salt of mdlen size
bytes in the current TLS 1.3 code, the openssl kdf command can pass in
arbitrary values (I did it for testing), and a future change in the
higher layer code could also result in unmatched lengths.
If prevsecretlen is > mdlen this will cause incorrect salt expansion, if
prevsecretlen < mdlen this could cause a crash or reading random
information. Inboth case the generated output would be incorrect.
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25579)
docs: document options added in openssl-fipsinstall 3.2+
Document new command line options added in 3.2.0
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
docs: document options added in openssl-fipsinstall 3.1+
Document new command line options added in 3.1.0
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
docs: add HISTORY section to openssl-fipsinstall (3.0+)
Documents when the command was added.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
Fix examples in EVP_PKEY_encapsulate/decapsulate documentation
Fixes #25448
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25450)
Neil Horman [Mon, 23 Sep 2024 16:11:01 +0000 (12:11 -0400)]
Rename list macros
The quic implementation defined a set of LIST_* macros for list
manipulation, which conflicts with the generally support BSD api found
in the queue.h system header. While this isn't normally a problem, A
report arrived indicating that MacOSX appears to implicitly include
queue.h from another system header which causes definition conflicts.
As the openssl macros are internal only, it seems the most sensible
thing to do is place them in a well known namespace for our library to
avoid the conflict, so add an OSSL_ prefix to all our macros
Fixes #25516
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/25519)
David von Oheimb [Fri, 26 Jul 2024 13:34:05 +0000 (15:34 +0200)]
80-test_cmp_http.t: fix handling of IPv6 server host (localhost '::1')
Fixes 22467
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
doc/man{1,3}: fix details on IPv6 host addresses and of whitespace in no_proxy
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
OSSL_HTTP_open(): fix completion with default port for IPv6 host addresses
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
David von Oheimb [Wed, 31 Jul 2024 17:36:16 +0000 (19:36 +0200)]
http_server.{c,h}: make clear that IPv4 or IPv6 is used by http_server_init()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
David von Oheimb [Wed, 31 Jul 2024 17:32:44 +0000 (19:32 +0200)]
http_server.c: fix checks of error return code in http_server_init()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25010)
Alex Shaindlin [Wed, 18 Sep 2024 09:29:19 +0000 (12:29 +0300)]
doc/man3/OSSL_PARAM.pod: Correct the type of data_type
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25486)
Fixes #8331: Updated the description for setting the tag length in OCB mode to remove the misleading “when encrypting” and “during encryption” phrasing. This change emphasizes that setting a custom tag length requires a call with NULL, applicable to both encryption and decryption contexts.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25424)
add-depends script scans one line at a time, so when the first line is
processed, the object file becomes a dependency itself.
Fix by removing -MT altogether.
This also fixes makedepend for nonstop platform.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25455)
Add Missing Error Messages for AES-OCB Tag Length Validation
Related to #8331
Addressing found issues by adding specific error messages to improve
feedback when tag length checks fail for the `EVP_CTRL_AEAD_SET_TAG`
parameter in the AES-OCB algorithm.
- Added PROV_R_INVALID_TAG_LENGTH error to indicate when the current tag
length exceeds the maximum tag length of the algorithm.
- Added `PROV_R_INVALID_TAG_LENGTH` error to indicate when the current tag
length in the context does not match a custom tag length provided as
a parameter.
- Added `ERR_R_PASSED_INVALID_ARGUMENT` error to handle cases where an
invalid pointer is passed in encryption mode.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25425)
Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to
'gcm_ghash_4bit' being undeclared. Fix that by not setting the function
pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl
behavior on x86.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25419)
Tomas Mraz [Wed, 4 Sep 2024 09:34:12 +0000 (11:34 +0200)]
Reduce footprint of Windows CI
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
Tomas Mraz [Wed, 4 Sep 2024 07:27:52 +0000 (09:27 +0200)]
Add Windows build with enable-fips no-thread-pool no-quic
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
Tomas Mraz [Wed, 4 Sep 2024 07:27:28 +0000 (09:27 +0200)]
Fix no-thread-pool build on Windows
thread/arch/thread_win.c must be included into libcrypto as rcu depends
on ossl_crypto_mutex implementation on Windows.
Fixes #25337
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25378)
Matt Caswell [Wed, 31 Jul 2024 13:24:12 +0000 (14:24 +0100)]
Don't restrict the ECDSA settable ctx params unnecessarily
We just allow all possible settables all the time. Some things like the
digest name can't actually be changed in some circumstances - but we already
have checks for those things. It's still possible to pass a digest of the
same name to one that's already been set for example.
Fixes #25012
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25057)
erbsland-dev [Wed, 28 Aug 2024 19:54:12 +0000 (21:54 +0200)]
Add note for non-interactive use of `s_client`
Fixes #8018
Documented the potential issue of premature connection closure in
non-interactive environments, such as cron jobs, when using `s_client`.
Added guidance on using the `-ign_eof` option and input redirection to
ensure proper handling of `stdin` and completion of TLS session data exchange.
Highlight potential issues with the `-ign_eof` flag and provide solutions for
graceful disconnection in SMTP and HTTP/1.1 scenarios to avoid indefinite hangs.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25311)
Refactor Password Variables to Use `const char[]` Arrays
- Converted password declaration from `char*` to `const char[]`.
- Updated `memcpy` and `return` statements accordingly to use `sizeof` instead of predefined lengths.
- Renamed `key_password` into `weak_password` to match test name.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
erbsland-dev [Fri, 30 Aug 2024 14:35:38 +0000 (16:35 +0200)]
Refactor Callback Tests for Improved Memory Management
Refactor the callback test code to replace global variables with local structures, enhancing memory management and reducing reliance on redundant cleanup logic.
Using a local struct containing a magic number and result flag to ensure the correct handling of user data and to verify that the callback function is invoked at least once during the test.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
erbsland-dev [Fri, 30 Aug 2024 08:56:58 +0000 (10:56 +0200)]
Fix Edge Cases in Password Callback Handling
Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.
Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
erbsland-dev [Thu, 29 Aug 2024 21:08:46 +0000 (23:08 +0200)]
Add test for BIO password callback functionality
Related to #8441
This commit introduces a test suite for the password callback mechanism used when reading or writing encrypted and PEM or DER encoded keys via a BIO in OpenSSL. The test is designed to cover various edge cases, particularly focusing on scenarios where the password callback might return unexpected or malformed data from user code.
By simulating different callback behaviors, including negative returns, zero-length passwords, passwords that exactly fill the buffer and wrongly reported lengths. Also testing for the correct behaviour of binary passwords that contain a null byte in the middle.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25328)
Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25385)
Correctly display the number of requested threads and the number
of available threads.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25375)
Pablo Rodríguez [Fri, 30 Aug 2024 14:56:03 +0000 (16:56 +0200)]
blank line required to display code in `openssl-ts.pod.in`
CLA:trivial
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25338)
Fix inaccurate comment about default nonce length in demos/cipher/aesccm.c
Fixes #25270
CLA: trivial
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25318)
Fixes #8310: Document that the number of authenticated bytes returned by EVP_CipherUpdate() varies with the cipher used. Mention that stream ciphers like ChaCha20 can handle 1 byte at a time, while OCB mode requires processing data one block at a time. Ensure it's clear that passing unpadded data in one call is safe.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24961)
Georgi Valkov [Tue, 3 Sep 2024 07:13:34 +0000 (10:13 +0300)]
threads_win: fix improper cast to long * instead of LONG *
InterlockedExchangeAdd expects arguments of type LONG *, LONG
but the int arguments were improperly cast to long *, long
Note:
- LONG is always 32 bit
- long is 32 bit on Win32 VC x86/x64 and MingW-W64
- long is 64 bit on cygwin64
Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25360)
If the call to X509_ALGOR_set0 fails then the allocated ASN1_STRING
variable passed as parameter leaks. Fix by explicitly freeing like
how all other codepaths with X509_ALGOR_set0 do.
Fixes #22680
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24868)
Richard Levitte [Tue, 3 Sep 2024 17:16:05 +0000 (19:16 +0200)]
util/mkinstallvars.pl: replace List::Util::pairs with out own
Unfortunately, List::Util::pairs didn't appear in perl core modules
before 5.19.3, and our minimum requirement is 5.10.
Fortunately, we already have a replacement implementation, and can
re-apply it in this script.
Fixes #25366
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25367)
Tomas Mraz [Wed, 4 Sep 2024 15:17:29 +0000 (17:17 +0200)]
CI: Update upload-artifact action to be compatible
The download-artifact action was updated to 4.x
and the upload-artifact must be kept in sync.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25383)
Viktor Dukhovni [Wed, 19 Jun 2024 11:04:11 +0000 (21:04 +1000)]
Avoid type errors in EAI-related name check logic.
The incorrectly typed data is read only, used in a compare operation, so
neither remote code execution, nor memory content disclosure were possible.
However, applications performing certificate name checks were vulnerable to
denial of service.
The GENERAL_TYPE data type is a union, and we must take care to access the
correct member, based on `gen->type`, not all the member fields have the same
structure, and a segfault is possible if the wrong member field is read.
The code in question was lightly refactored with the intent to make it more
obviously correct.
Fixes CVE-2024-6119
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit 0890cd13d40fbc98f655f3974f466769caa83680)
Pauli [Fri, 30 Aug 2024 01:43:29 +0000 (11:43 +1000)]
endecode_test.c: Fix !fips v3.0.0 check
The fips_provider_version_* functions return true if the FIPS provider isn't
loaded. This is somewhat counterintuitive and the fix in #25327 neglected
this nuance resulting in not running the SM2 tests when the FIPS provider
wasn't being loaded.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25331)
Richard Levitte [Wed, 28 Aug 2024 16:52:39 +0000 (18:52 +0200)]
exporters for pkg-config: align with the changes for CMake
The latest CMake exporter changes reworked the the variables in builddata.pm
and installdata.pm. Unfortunately, the pkg-config exporter templates were
forgotten in that effort.
Fixes #25299
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25308)
Tomas Mraz [Thu, 29 Aug 2024 16:42:14 +0000 (18:42 +0200)]
endecode_test.c: Avoid running the SM2 tests with 3.0.0 FIPS provider
Fixes #25326
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25327)
Viktor Dukhovni [Wed, 28 Aug 2024 10:36:09 +0000 (20:36 +1000)]
Check for excess data in CertificateVerify
As reported by Alicja Kario, we ignored excess bytes after the
signature payload in TLS CertificateVerify Messages. These
should not be present.
Fixes: #25298 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25302)
Clemens Lang [Wed, 28 Aug 2024 15:18:03 +0000 (17:18 +0200)]
doc: Document properties param for Argon2 KDF
The Argon2 KDF uses OSSL_KDF_PARAM_PROPERTIES to fetch implementations
of blake2bmac and blake2b512 if ctx->mac and ctx->md are NULL. This
isn't documented in the manpage, so users that might, for example, want
to fetch an instance of Argon2 with the -fips property query to obtain
a working Argon2 KDF even though the default property query requires
fips=yes are left wondering why this fails.
Fortunately, EVP_KDF(3)/PARAMETERS already explains what the properties
are used for, so we really just need to add a single line.
Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25306)
Jamie Cui [Thu, 22 Aug 2024 03:41:50 +0000 (11:41 +0800)]
Fix decoder error on SM2 private key
Added sm2 testcases to endecode_test.c.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25266)
Richard Levitte [Wed, 17 Jul 2024 16:23:57 +0000 (18:23 +0200)]
fix: for exporters to work for build config, there may be two include dirs
For CMake / pkg-config configuration files to be used for an uninstalled
build, the include directory in the build directory isn't enough, if that
one is separate from the source directory. The include directory in the
source directory must be accounted for too.
This includes some lighter refactoring of util/mkinstallvars.pl, with the
result that almost all variables in builddata.pm and installdata.pm have
become arrays, even though unnecessarily for most of them; it was simpler
that way. The CMake / pkg-config templates are adapted accordingly.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24918)
Richard Levitte [Wed, 17 Jul 2024 09:09:11 +0000 (11:09 +0200)]
fix: exporters/cmake/OpenSSLConfig.cmake.in to work for build config
This template file is made to make both:
1. OpenSSLConfig.cmake (CMake config used when building a CMake package
against an uninstalled OpenSSL build)
2. exporters/OpenSSLConfig.cmake (CMake config that's to be installed
alongside OpenSSL, and is used when building a CMake package against
an OpenSSL installation).
Variant 1 was unfortunately getting the internal '_ossl_prefix' variable
wrong, which is due to how the perl snippet builds the command(s) to figure
out its value. That needed some correction.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24918)
slontis [Wed, 21 Aug 2024 23:09:14 +0000 (09:09 +1000)]
FIPS: Change fips tests to use SHA2 for corruption test.
Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self
tests.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25262)
Bernd Edlinger [Fri, 27 Oct 2023 10:05:05 +0000 (12:05 +0200)]
Fix error handling in OBJ_add_object
This fixes the possible memory leak in OBJ_add_object
when a pre-existing object is replaced by a new one,
with identical NID, OID, and/or short/long name.
We do not try to delete any orphans, but only mark
them as type == -1, because the previously returned
pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln
may be cached by applications and can thus not
be cleaned up before the application terminates.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22534)
apps: add missing entry to tls extension label list
noticed by @sftcd
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25111)
FdaSilvaYY [Sat, 20 Feb 2021 23:04:07 +0000 (00:04 +0100)]
Fix '--strict-warnings' build breakage
... due to a missing const.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25111)
Jiasheng Jiang [Tue, 6 Aug 2024 19:18:34 +0000 (19:18 +0000)]
test/provider_test.c: Add OSSL_PROVIDER_unload() to avoid memory leak
Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak.
Fixes: 5442611dff ("Add a test for OSSL_LIB_CTX_new_child()") Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25109)
Pauli [Sun, 18 Aug 2024 22:31:15 +0000 (08:31 +1000)]
test: add a default greeting to avoid printing a null pointer.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/25221)
If fdopen() call fails we need to close the fd. Also
return early as this is most likely some fatal error.
Fixes #25064
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25081)
Bernd Edlinger [Tue, 12 Mar 2024 19:04:56 +0000 (20:04 +0100)]
Fix unpredictible refcount handling of d2i functions
The passed in reference of a ref-counted object
is free'd by d2i functions in the error handling.
However if it is not the last reference, the
in/out reference variable is not set to null here.
This makes it impossible for the caller to handle
the error correctly, because there are numerous
cases where the passed in reference is free'd
and set to null, while in other cases, where the
passed in reference is not free'd, the reference
is left untouched.
Therefore the passed in reference must be set
to NULL even when it was not the last reference.
Fixes #23713
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22809)
Bernd Edlinger [Fri, 24 Nov 2023 06:02:35 +0000 (07:02 +0100)]
Extend test case for reused PEM_ASN1_read_bio
This is related to #22780, simply add test cases
for the different failure modes of PEM_ASN1_read_bio.
Depending on whether the PEM or the DER format is valid or not,
the passed in CRL may be deleted ot not, therefore a statement
like this:
Andreas Treichel [Sat, 18 May 2024 06:27:46 +0000 (08:27 +0200)]
apps/cms.c, apps/smime.c: Fix -crlfeol help messages
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24434)
David Benjamin [Fri, 8 Mar 2024 04:38:58 +0000 (23:38 -0500)]
Fix SSL_CTX_set1_groups documentation on preference orders
The documentation currently describes SSL_CTX_set1_groups as a
preference order, but this does not match the typical interpretation of
"preference order" in OpenSSL and TLS. Typically, an application can
order more secure options ahead of less secure ones and pick up TLS's
usual downgrade protection guarantees.
TLS 1.3 servers need to balance an additional consideration: some
options will perform worse than others due to key share prediction. The
prototypical selection procedure is to first select the set of more
secure options, then select the most performant among those.
OpenSSL follows this procedure, but it *unconditionally* treats all
configured curves as equivalent security. Per discussion on GitHub,
OpenSSL's position is that this is an intended behavior.
While not supported by built-in providers, OpenSSL now documents that
external providers can extend the group list and CHANGES.md explicitly
cites post-quantum as a use case. With post-quantum providers, it's
unlikely that application developers actually wanted options to be
equivalent security. To avoid security vulnerabilities arising from
mismatched expectations, update the documentation to clarify the server
behavior.
Per the OTC decision in
https://github.com/openssl/openssl/issues/22203#issuecomment-1744465829,
this documentation fix should be backported to stable branches.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23776)
Shih-Yi Chen [Wed, 7 Aug 2024 21:33:53 +0000 (21:33 +0000)]
Update krb5 to latest master to pick up CVE fixes
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25131)
Update BN_add.pod documentation so it is consistent with header declarations
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24215)
projects / thirdparty / openssl.git / log
