Skip to main content

Browse the archive

https://github.com/openssl/openssl
24 April 2024, 07:33:19 UTC
sort by:
Revision Author Date Message Commit Date
830bf8e Richard Levitte 07 February 2023, 13:37:05 UTC Prepare for 1.1.1t release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes 07 February 2023, 13:37:05 UTC
c3a54c3 Richard Levitte 07 February 2023, 11:55:04 UTC Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes 07 February 2023, 11:55:04 UTC
a85fbb5 Tomas Mraz 23 January 2023, 17:27:11 UTC Add CHANGES and NEWS entries for the 1.1.1t release Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> 03 February 2023, 10:22:47 UTC
2c6c9d4 Hugo Landau 17 January 2023, 17:45:42 UTC CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> 03 February 2023, 10:22:47 UTC
f040f25 Matt Caswell 14 December 2022, 17:15:18 UTC Check CMS failure during BIO setup with -stream is handled correctly Test for the issue fixed in the previous commit Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> 03 February 2023, 10:22:47 UTC
c3829dd Matt Caswell 14 December 2022, 16:18:14 UTC Fix a UAF resulting from a bug in BIO_new_NDEF If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will be part of an invalid BIO chain. This causes a "use after free" when the BIO is eventually freed. Based on an original patch by Viktor Dukhovni and an idea from Theo Buehler. Thanks to Octavio Galland for reporting this issue. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> 03 February 2023, 10:22:47 UTC
2bd6112 Matt Caswell 13 December 2022, 15:02:26 UTC Add a test for CVE-2022-4450 Call PEM_read_bio_ex() and expect a failure. There should be no dangling ptrs and therefore there should be no double free if we free the ptrs on error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> 03 February 2023, 10:22:47 UTC
bbcf509 Matt Caswell 13 December 2022, 14:54:55 UTC Avoid dangling ptrs in header and data params for PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> 03 February 2023, 10:22:47 UTC
43d8f88 Matt Caswell 20 January 2023, 15:26:54 UTC Fix Timing Oracle in RSA decryption A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> 03 February 2023, 10:22:47 UTC
1dc2ae4 Richard Levitte 30 January 2023, 14:19:10 UTC Use $config{build_file} instead of $target{build_file} If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20174) 03 February 2023, 10:13:01 UTC
b9e3749 Gerd Hoffmann 12 January 2022, 09:30:15 UTC crypto/bio: drop float formating for UEFI Using floating point is not supported in UEFI and can cause build problems, for example due to SSE being disabled and x64 calling convention passing floats in SSE registers. Avoid those problems by not compiling the formating code for floating point numbers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19738) 31 January 2023, 10:25:59 UTC
44da716 Hugo Landau 18 January 2023, 15:43:56 UTC Fix corruption when searching for CRLs in hashed directories (1.1) The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track how many sequentially numbered CRL files have been loaded for a given X509_NAME hash which is being requested. This avoids loading already loaded CRL files and repeated stat() calls. This OPENSSL_STACK is searched using sk_find, however this mutates the OPENSSL_STACK unless it is known to be sorted. This operation therefore requires a write lock, which was not taken. Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This guarantees no mutation will occur during sk_find. This is chosen over taking a write lock during sk_find as retrieving a CRL by X509_NAME is assumed to be a hotter path than the case where a new CRL is installed. Also optimise the code by avoiding creating the structure to track the last CRL file sequence number in the circumstance where it would match the initial value, namely where no CRL with the given hash is installed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20127) 24 January 2023, 14:45:50 UTC
adc3cfe Matt Caswell 20 January 2023, 14:08:42 UTC Add DTLS support to the large app data test Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) 24 January 2023, 10:24:35 UTC
4b5ec7c Matt Caswell 19 January 2023, 11:59:44 UTC Ensure our buffer allocation allows for the Explicit IV Some ciphers/protocol versions have an explicit IV. We need to make sure we have sufficient room for it in the underlying buffer. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) 24 January 2023, 10:24:35 UTC
b958ecf Matt Caswell 19 January 2023, 10:52:45 UTC Add a test for large app data Test that sending large app data records works correctly. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) 24 January 2023, 10:24:35 UTC
2bcf8e6 ValdikSS 18 January 2023, 17:14:48 UTC Padlock: fix byte swapping assembly for AES-192 and 256 Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware. This commit correctly sets the number of swapping loops to be done. Fixes #20073 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20077) (cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a) 20 January 2023, 07:32:55 UTC
d90907d Bernd Edlinger 05 December 2022, 05:50:02 UTC Fix CI failures with ubuntu-22.04 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930) 19 January 2023, 17:16:33 UTC
d49c98d Bernd Edlinger 04 December 2022, 13:19:55 UTC Fix various clang-14/15 compiler warnings Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930) 19 January 2023, 17:16:33 UTC
5bbd921 Bernd Edlinger 08 November 2022, 16:43:22 UTC Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19735) 14 January 2023, 10:51:54 UTC
1d0fa26 Matt Caswell 06 December 2022, 14:51:54 UTC Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) 22 December 2022, 10:07:07 UTC
e913b91 Matt Caswell 06 December 2022, 14:35:53 UTC Fix BIO_f_asn1() to properly report some errors Some things that may go wrong in asn1_bio_write() are serious errors that should be reported as -1, rather than 0 (which just means "we wrote no data"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) 22 December 2022, 10:07:07 UTC
1354191 Matt Caswell 06 December 2022, 14:21:23 UTC Fix SMIME_crlf_copy() to properly report an error If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not correctly reporting the error. We modify it to properly propagate the error condition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) 22 December 2022, 10:07:07 UTC
6446cb4 Matt Caswell 06 December 2022, 14:18:53 UTC Fix BIO_f_cipher() flushing If an error occurs during a flush on a BIO_f_cipher() then in some cases we could get into an infinite loop. We add a check to make sure we are making progress during flush and exit if not. This issue was reported by Octavio Galland who also demonstrated an infinite loop in CMS encryption as a result of this bug. The security team has assessed this issue as not a CVE. This occurs on *encryption* only which is typically processing trusted data. We are not aware of a way to trigger this with untrusted data. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) 22 December 2022, 10:07:07 UTC
ed8af05 Bernd Edlinger 16 December 2022, 18:30:29 UTC Fix a logic flaw in test_mod_exp_zero Due to the logic flaw, possible test failures in this test case might be ignored. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19929) (cherry picked from commit 42061268ee8f9ae0555d522870740fc91b744f4f) 21 December 2022, 15:36:14 UTC
68cec7e Bernd Edlinger 16 November 2022, 11:32:06 UTC Fix a memory leak in rsa_priv_encode If PKCS8_pkey_set0 fails, the memory in rk need to be clear freed otherwise it is owned by the PKCS8_PRIV_KEY_INFO. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19694) 16 December 2022, 18:05:37 UTC
31efcf2 Matt Caswell 27 October 2022, 13:14:53 UTC Fix the ceiling on how much encryption growth we can have Stitched ciphersuites can grow by more during encryption than the code allowed for. We fix the calculation and add an assert to check we go it right. Also if we are adding the MAC independently of the cipher algorithm then the encryption growth will not include that MAC so we should remove it from the amount of bytes that we reserve for that growth. Otherwise we might exceed our buffer size and the WPACKET_reserve operation will fail. Note that this is not a security issue. Even though we can overflow the amount of bytes reserved in the WPACKET for the encryption, the underlying buffer is still big enough. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19585) 05 December 2022, 11:10:55 UTC
f868abc Bernd Edlinger 10 November 2022, 17:51:44 UTC Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf) 12 November 2022, 12:22:27 UTC
cf1a7cf Bernd Edlinger 10 November 2022, 17:23:25 UTC Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba) 12 November 2022, 12:22:07 UTC
2c0ae1e Tomas Mraz 02 November 2022, 07:53:36 UTC Update GitHub actions as suggested by dependabot Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19581) (cherry picked from commit ec33ed712665ca65cabcd87d446e5db79a64379e) 03 November 2022, 11:25:50 UTC
8a9a71b Tomas Mraz 01 November 2022, 12:36:17 UTC Prepare for 1.1.1t-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 01 November 2022, 12:36:17 UTC
1290581 Tomas Mraz 01 November 2022, 12:36:10 UTC Prepare for 1.1.1s release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 01 November 2022, 12:36:10 UTC
7d8a20c Tomas Mraz 01 November 2022, 12:17:34 UTC Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19560) 01 November 2022, 12:28:05 UTC
7e8642c Tomas Mraz 01 November 2022, 10:50:22 UTC Update CHANGES and NEWS for new release Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19558) 01 November 2022, 10:52:01 UTC
aa542d2 Richard Levitte 06 July 2022, 04:09:01 UTC Make openVMS seeding less dependent of OpenVMS version SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4. OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM versions, but building for the older CRTL version will make the high precision time functions unavailable. Tests have shown that on Alpha and Itanium, the time update granularity between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus a sequence number turns out to be better to guarantee a unique nonce. Fixes #18727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18730) 27 October 2022, 10:32:13 UTC
9b3219b Todd C. Miller 24 October 2022, 14:00:48 UTC ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8) 26 October 2022, 10:52:23 UTC
c7a02ba Pauli 20 October 2022, 23:29:09 UTC doc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19461) (cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c) 23 October 2022, 22:52:46 UTC
ad714ba Dr. David von Oheimb 29 July 2022, 11:09:52 UTC Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc. Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19108) (cherry picked from commit 312a6b3a0327a986344c85aa6bc43e135d70bc6c) 19 October 2022, 18:31:22 UTC
a3c229e Gibeom Gwon 11 October 2022, 17:57:21 UTC Fix no longer implicitly refresh the cached TBSCertificate This reverts commit 748df1874f0488ce0c86b6d2d083921abb34b1e3. Fixes #19388 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19392) 13 October 2022, 13:54:29 UTC
0ca7eae Matt Caswell 11 October 2022, 12:46:07 UTC Prepare for 1.1.1s-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 11 October 2022, 12:46:07 UTC
fbda8a9 Matt Caswell 11 October 2022, 12:45:58 UTC Prepare for 1.1.1r release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 11 October 2022, 12:45:58 UTC
0874d7f Matt Caswell 11 October 2022, 12:13:47 UTC Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19383) 11 October 2022, 12:26:59 UTC
3d28f74 Matt Caswell 10 October 2022, 10:53:46 UTC Updated CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19381) 11 October 2022, 12:11:42 UTC
01b5335 Adam Joseph 01 October 2022, 03:55:29 UTC Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(00000003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19320) (cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908) 03 October 2022, 00:26:52 UTC
748df18 Gibeom Gwon 27 August 2022, 13:29:28 UTC X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879) 24 September 2022, 14:49:54 UTC
002cf9a Gibeom Gwon 27 August 2022, 13:04:38 UTC X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated We need to reencode X509_req_info_st if member data updated. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879) 24 September 2022, 14:49:54 UTC
6e6aad3 Daniel Fiala 28 August 2022, 09:53:32 UTC Convert serverinfo in SSL_CTX_use_serverinfo() to v2. Fixes #18183. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19081) 09 September 2022, 12:10:03 UTC
9eae491 Ryan Kelley 16 August 2022, 05:28:50 UTC Moving notify check after the no time check CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19007) (cherry picked from commit c92c3dfb99485eb2cfb840e92bd0ece8cdd72d0c) 23 August 2022, 01:05:54 UTC
07ecb79 Pauli 16 August 2022, 01:05:02 UTC Coverity 1508506: misuse of time_t Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19022) 22 August 2022, 04:46:00 UTC
552603e Pauli 16 August 2022, 01:05:02 UTC Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264) 18 August 2022, 22:40:35 UTC
6246649 Pauli 06 May 2022, 06:59:26 UTC bn_nist: fix strict aliasing problem As of clang-14 the strict aliasing is causing code to magically disappear. By explicitly inlining the code, the aliasing problem evaporates. Fixes #18225 Backport of #18258 to 1.1.1. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18948) 17 August 2022, 15:44:45 UTC
d87e99d Matt Caswell 25 July 2022, 11:39:52 UTC Test that swapping the first app data record with Finished msg works If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976) 10 August 2022, 10:42:29 UTC
01fc812 Matt Caswell 25 July 2022, 14:59:38 UTC Fix SSL_pending() and SSL_has_pending() with DTLS If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976) 10 August 2022, 10:39:26 UTC
4648839 Roberto Hueso Gomez 01 August 2022, 18:11:22 UTC Fix EC_KEY_set_private_key() NULL priv_key docs Updates the docs to describe EC_KEY_set_private_key() function behavior when a NULL priv_key argument is passed. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) 04 August 2022, 09:09:16 UTC
1c2f52b Roberto Hueso Gomez 01 August 2022, 00:08:47 UTC Add test for EC_KEY_set_private_key() This tests the behavior and API of the EC_KEY_set_private_key function. It tests compliance with legacy features related to NULL private keys too. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) 04 August 2022, 09:09:15 UTC
143d7d4 Roberto Hueso Gomez 26 July 2022, 18:41:02 UTC Fix EC_KEY_set_private_key() priv_key regression This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 Fixes #18744. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) 04 August 2022, 09:09:14 UTC
0b755cd Dr. David von Oheimb 08 January 2021, 07:27:17 UTC X509_REQ_get_extensions(): Return empty stack if no extensions found Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18926) 03 August 2022, 15:27:50 UTC
26cfeb7 Bernd Edlinger 05 January 2022, 16:25:02 UTC Fix copyright year issues Fixes: #13765 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17706) 30 July 2022, 10:23:26 UTC
7dfe4aa Pauli 28 July 2022, 01:23:29 UTC Note that EVP_CIPHER_iv_length returns negative values on error Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18894) 29 July 2022, 09:15:06 UTC
3b9082c valdaarhun 25 July 2022, 13:19:19 UTC Fixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18865) (cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc) 29 July 2022, 02:39:51 UTC
e544f3e Pauli 25 July 2022, 03:01:00 UTC Fix error in LHASH documentation Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0) 26 July 2022, 07:05:05 UTC
264a3f4 Matt Caswell 10 June 2022, 11:33:45 UTC Fix a crash in v2i_IPAddrBlocks() If an IP address prefix value is supplied that is too large then a crash can result. v2i_IPAddrBlocks() should sanity check the prefix value, as should X509v3_addr_add_prefix(). Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) 25 July 2022, 06:33:21 UTC
c3b0279 Amir Mohammadi 04 August 2021, 05:14:29 UTC Fix test case for a2i_IPADDRESS (cherry picked from commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) 25 July 2022, 06:33:21 UTC
bd41b84 Christian Heimes 15 August 2020, 18:01:49 UTC Test case for a2i_IPADDRESS Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores trailing data. See: https://github.com/openssl/openssl/issues/12649 See: https://bugs.python.org/issue41556 (cherry picked from commit 1a9411a30b09a98498366979a1ea4898f70f6d19) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) 25 July 2022, 06:33:21 UTC
65e30e7 Amir Mohammadi 04 August 2021, 05:13:49 UTC Fix ipv4_from_asc behavior on invalid Ip addresses sscanf() call in ipv4_from_asc does not check that the string is terminated immediately after the last digit. (cherry picked from commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) 25 July 2022, 06:33:20 UTC
952fab0 Todd Short 20 July 2022, 20:42:50 UTC Fix re-signing certificates with different key sizes PR #18129 broke the scenario of signing a certificate (not CSR) with different-sized key. This works in 3.0, so port the fix from 3.0 (which is to only update the issuer for a request). Partially undo #18129, but keep setting the issuer only for a CSR Create two certs (a and ca) then sign a with c (into b): ``` openssl req -x509 -newkey rsa:2048 -keyout a-key.pem -out a-cert.pem -days 365 -nodes -subj /CN=a.example.com openssl req -x509 -newkey rsa:4096 -keyout ${HERE}/ca-key.pem -out ${HERE}/ca-cert.pem -days 3650 -nodes -subj /CN=ca.example.com openssl x509 -in a-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial '1234567890' -preserve_dates -sha256 -out b-cert.pem ``` The above succeeds in 1.1.1n and 3.0, fails in 1.1.1o (which includes #18129) The issue in #16080 is also fixed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/18836) 22 July 2022, 18:41:44 UTC
5ba7a33 Shi Pujin 20 July 2022, 07:42:50 UTC Add loongarch64 target Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18831) 21 July 2022, 14:33:44 UTC
ee4562d Dr. David von Oheimb 20 July 2022, 06:39:45 UTC X509_STORE_CTX_purpose_inherit(): add missing details to its documentation Fixes #18801 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18830) (cherry picked from commit c00fd2dece8ba54b2597a61c8db6a001025d05d5) 21 July 2022, 09:53:11 UTC
86945b1 Dmitry Belyavskiy 14 July 2022, 19:41:48 UTC Fix verify_callback in the openssl s_client/s_server app We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18805) (cherry picked from commit fad0f80eff188ef938fed614245a56ed56110deb) 20 July 2022, 06:38:45 UTC
ff23817 Dr. David von Oheimb 31 May 2022, 08:02:02 UTC x509.pod: fix description of certificate serial number storage Backported from https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18803) 14 July 2022, 13:02:57 UTC
55eafed Dr. David von Oheimb 30 May 2022, 14:53:05 UTC APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Backported from https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18803) 14 July 2022, 13:02:57 UTC
d94f8aa Varun Sharma 09 July 2022, 14:03:23 UTC ci: add GitHub token permissions for workflows Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18766) (cherry picked from commit c6e7f427c82dfa17416a39af7661c40162d57aaf) (cherry picked from commit 90d6e6a3d5d30c3df4edf4a6430472c3eeb7d7a7) 13 July 2022, 00:21:19 UTC
c3efe5c Allan 07 July 2022, 23:04:09 UTC Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE Fixes #18677 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18698) (cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e) 11 July 2022, 08:52:40 UTC
ccc7ccb Viktor Szakats 03 July 2022, 22:30:06 UTC use #pragma comment(lib) with _MSC_VER only Avoid this warning when compiled with llvm/gcc + mingw-w64 and `USE_BCRYPTGENRANDOM` enabled: ``` ../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas] ^ 1 warning generated. ``` CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18709) (cherry picked from commit 695cb63c744bab090144a86949b68324ee3094d6) 11 July 2022, 08:37:28 UTC
17098c1 Bernd Edlinger 23 October 2021, 09:58:27 UTC Make the DRBG seed propagation thread safe Currently there is a race possible because the reseed_counter of the master drbg may be incremented after the get_entropy call. Therefore access the parent's reseed_counter while still holding the rand_drbg_lock. This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16900) 09 July 2022, 11:17:18 UTC
a937806 Bernd Edlinger 05 July 2022, 18:39:06 UTC Fix a memory leak in tls13_generate_secret This was found by my Reproducible Error Injection patch (#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #15 0x55fb9117e939 in main fuzz/test-corpus.c:194 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #12 0x55fb9117e939 in main fuzz/test-corpus.c:194 #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) ================================================================= ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18725) 07 July 2022, 06:25:40 UTC
241f3a7 Alexander Scheel 29 June 2022, 14:19:58 UTC Fixes OSCP->OCSP typo in ocsp command line The existing help text says: > -badsig Corrupt last byte of loaded OSCP response signature (for test) but this should be OCSP. This is the only occurrence within the project of this typo. CLA: trivial Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18684) (cherry picked from commit 2837b19fcba4bf4ff2ecdc8435c650bf18c27552) 06 July 2022, 08:19:02 UTC
a8f6d73 Bernd Edlinger 12 June 2022, 07:37:26 UTC Fix reported performance degradation on aarch64 This restores the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower, and the silicon errata only affects 32bit targets. Only for 32bit targets the new algorithm is used. Fixes #18445 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18539) 06 July 2022, 07:11:03 UTC
60f011f Gregor Jasny 05 July 2022, 10:57:06 UTC Add missing header for memcmp CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18719) (cherry picked from commit f9e578e720bb35228948564192adbe3bc503d5fb) 06 July 2022, 04:35:44 UTC
299e101 Richard Levitte 05 July 2022, 09:08:48 UTC Prepare for 1.1.1r-dev Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes 05 July 2022, 09:08:48 UTC
29708a5 Richard Levitte 05 July 2022, 09:08:33 UTC Prepare for 1.1.1q release Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes 05 July 2022, 09:08:33 UTC
95a17c0 Richard Levitte 05 July 2022, 08:33:00 UTC Update copyright year Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes 05 July 2022, 08:33:00 UTC
78ba51a Richard Levitte 05 July 2022, 08:25:00 UTC Update CHANGES and NEWS for upcoming release 1.1.1q Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes 05 July 2022, 08:25:00 UTC
9131afd Alex Chernyakhovsky 16 June 2022, 02:02:37 UTC AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> 05 July 2022, 08:14:22 UTC
9199256 Alex Chernyakhovsky 16 June 2022, 02:00:22 UTC Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grandloop") and then proceeds to handle the "short" tail (which can be anywhere from 0 to 5 blocks) that remain. As part of initialization, the assembly initializes $len to the true length, less 96 bytes and converts it to a pointer so that the $inp can be compared to it. Each iteration of "grandloop" checks to see if there's a full 96-byte chunk to process, and if so, continues. Once this has been exhausted, it falls through to "short", which handles the remaining zero to five blocks. Unfortunately, the jump at the end of "grandloop" had a fencepost error, doing a `jb` ("jump below") rather than `jbe` (jump below or equal). This should be `jbe`, as $inp is pointing to the *end* of the chunk currently being handled. If $inp == $len, that means that there's a whole 96-byte chunk waiting to be handled. If $inp > $len, then there's 5 or fewer 16-byte blocks left to be handled, and the fall-through is intended. The net effect of `jb` instead of `jbe` is that the last 16-byte block of the last 96-byte chunk was completely omitted. The contents of `out` in this position were never written to. Additionally, since those bytes were never processed, the authentication tag generated is also incorrect. The same fencepost error, and identical logic, exists in both aesni_ocb_encrypt and aesni_ocb_decrypt. This addresses CVE-2022-2097. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> 05 July 2022, 08:14:22 UTC
6495cab slontis 01 July 2022, 03:47:11 UTC Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18697) (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b) 05 July 2022, 06:18:23 UTC
7a05fcb xkernel 20 June 2022, 09:46:39 UTC v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/18608) (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9) 05 July 2022, 06:11:54 UTC
a1d80ed Matt Caswell 10 June 2022, 14:58:58 UTC Fix range_should_be_prefix() to actually return the correct result range_should_be_prefix() was misidentifying whether an IP address range should in fact be represented as a prefix. This was due to a bug introduced in commit 42d7d7dd which made this incorrect change: - OPENSSL_assert(memcmp(min, max, length) <= 0); + if (memcmp(min, max, length) <= 0) + return -1; This error leads to incorrect DER being encoded/accepted. Reported by Theo Buehler (@botovq) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18524) (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae) (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841) 05 July 2022, 06:06:20 UTC
4c1cf6d Bernd Edlinger 17 June 2022, 08:25:24 UTC Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232) 05 July 2022, 06:03:58 UTC
8825732 olszomal 17 June 2022, 13:01:11 UTC SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *' Fix the documentation. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18599) (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50) 28 June 2022, 16:00:27 UTC
6c8879c Bernd Edlinger 22 June 2022, 15:05:55 UTC Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #23 0x402afb in testfile fuzz/test-corpus.c:182 #24 0x402656 in main fuzz/test-corpus.c:226 #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/18632) 25 June 2022, 05:22:49 UTC
7f77ecd Matt Caswell 21 June 2022, 13:39:48 UTC Prepare for 1.1.1q-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 21 June 2022, 13:39:48 UTC
8aaca20 Matt Caswell 21 June 2022, 13:39:39 UTC Prepare for 1.1.1p release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 21 June 2022, 13:39:39 UTC
a3fc812 Matt Caswell 21 June 2022, 13:07:32 UTC Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes 21 June 2022, 13:13:56 UTC
51e0652 Matt Caswell 20 June 2022, 13:14:20 UTC Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes 21 June 2022, 12:39:20 UTC
9639817 Daniel Fiala 29 May 2022, 18:11:24 UTC Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 20 June 2022, 10:46:32 UTC
20af01d Fraser Tweedale 15 June 2022, 00:50:57 UTC Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <ftweedal@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18568) (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83) 16 June 2022, 14:09:17 UTC
8438d3a Tomas Mraz 09 June 2022, 14:20:05 UTC Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18511) 16 June 2022, 13:30:56 UTC
0ed27fb Tomas Mraz 09 June 2022, 10:34:55 UTC Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <davidben@google.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18511) 16 June 2022, 13:30:56 UTC
8f07881 Matt Caswell 09 June 2022, 15:57:30 UTC Fix a crash in X509v3_asid_subset() If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18514) (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82) 15 June 2022, 14:43:43 UTC
ab7d056 Tomas Mraz 02 June 2022, 16:12:05 UTC Update further expiring certificates that affect tests Namely the smime certificates used in test_cms will expire soon and affect tests. Fixes #15179 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18481) 06 June 2022, 08:36:55 UTC
back to top