https://github.com/openssl/openssl
- HEAD
- refs/heads/OpenSSL-engine-0_9_6-stable
- refs/heads/OpenSSL-fips-0_9_7-stable
- refs/heads/OpenSSL-fips-0_9_8-stable
- refs/heads/OpenSSL-fips-1_2-stable
- refs/heads/OpenSSL-fips-2_0-dev
- refs/heads/OpenSSL-fips-2_0-stable
- refs/heads/OpenSSL-fips2-0_9_7-stable
- refs/heads/OpenSSL_0_9_6-stable
- refs/heads/OpenSSL_0_9_7-stable
- refs/heads/OpenSSL_0_9_8-stable
- refs/heads/OpenSSL_0_9_8fg-stable
- refs/heads/OpenSSL_1_0_0-stable
- refs/heads/OpenSSL_1_0_1-stable
- refs/heads/OpenSSL_1_0_2-stable
- refs/heads/OpenSSL_1_1_0-stable
- refs/heads/OpenSSL_1_1_1-stable
- refs/heads/SSLeay
- refs/heads/feature/dtls-1.3
- refs/heads/feature/quic-server
- refs/heads/master
- refs/heads/openssl-3.0
- refs/heads/openssl-3.1
- refs/heads/openssl-3.2
- refs/heads/openssl-3.3
- refs/heads/tls1.3-draft-18
- refs/heads/tls1.3-draft-19
- refs/tags/AFTER_COMPAQ_PATCH
- refs/tags/BEFORE_COMPAQ_PATCH
- refs/tags/BEFORE_engine
- refs/tags/BEN_FIPS_TEST_1
- refs/tags/BEN_FIPS_TEST_2
- refs/tags/BEN_FIPS_TEST_3
- refs/tags/BEN_FIPS_TEST_4
- refs/tags/BEN_FIPS_TEST_5
- refs/tags/BEN_FIPS_TEST_6
- refs/tags/BEN_FIPS_TEST_7
- refs/tags/BEN_FIPS_TEST_8
- refs/tags/FIPS_098_TEST_1
- refs/tags/FIPS_098_TEST_2
- refs/tags/FIPS_098_TEST_3
- refs/tags/FIPS_098_TEST_4
- refs/tags/FIPS_098_TEST_5
- refs/tags/FIPS_098_TEST_6
- refs/tags/FIPS_098_TEST_7
- refs/tags/FIPS_098_TEST_8
- refs/tags/FIPS_TEST_10
- refs/tags/FIPS_TEST_9
- refs/tags/LEVITTE_after_const
- refs/tags/LEVITTE_before_const
- refs/tags/OpenSSL-engine-0_9_6
- refs/tags/OpenSSL-engine-0_9_6-beta1
- refs/tags/OpenSSL-engine-0_9_6-beta2
- refs/tags/OpenSSL-engine-0_9_6-beta3
- refs/tags/OpenSSL-engine-0_9_6a
- refs/tags/OpenSSL-engine-0_9_6a-beta1
- refs/tags/OpenSSL-engine-0_9_6a-beta2
- refs/tags/OpenSSL-engine-0_9_6a-beta3
- refs/tags/OpenSSL-engine-0_9_6b
- refs/tags/OpenSSL-engine-0_9_6c
- refs/tags/OpenSSL-engine-0_9_6d
- refs/tags/OpenSSL-engine-0_9_6d-beta1
- refs/tags/OpenSSL-engine-0_9_6e
- refs/tags/OpenSSL-engine-0_9_6f
- refs/tags/OpenSSL-engine-0_9_6g
- refs/tags/OpenSSL-engine-0_9_6h
- refs/tags/OpenSSL-engine-0_9_6i
- refs/tags/OpenSSL-engine-0_9_6j
- refs/tags/OpenSSL-engine-0_9_6k
- refs/tags/OpenSSL-engine-0_9_6l
- refs/tags/OpenSSL-engine-0_9_6m
- refs/tags/OpenSSL-fips-1_2_0
- refs/tags/OpenSSL-fips-1_2_1
- refs/tags/OpenSSL-fips-1_2_2
- refs/tags/OpenSSL-fips-1_2_3
- refs/tags/OpenSSL-fips-2_0
- refs/tags/OpenSSL-fips-2_0-pl1
- refs/tags/OpenSSL-fips-2_0-rc1
- refs/tags/OpenSSL-fips-2_0-rc2
- refs/tags/OpenSSL-fips-2_0-rc3
- refs/tags/OpenSSL-fips-2_0-rc4
- refs/tags/OpenSSL-fips-2_0-rc5
- refs/tags/OpenSSL-fips-2_0-rc6
- refs/tags/OpenSSL-fips-2_0-rc7
- refs/tags/OpenSSL-fips-2_0-rc8
- refs/tags/OpenSSL-fips-2_0-rc9
- refs/tags/OpenSSL-fips-2_0_1
- refs/tags/OpenSSL_0_9_1c
- refs/tags/OpenSSL_0_9_2b
- refs/tags/OpenSSL_0_9_3
- refs/tags/OpenSSL_0_9_3a
- refs/tags/OpenSSL_0_9_3beta1
- refs/tags/OpenSSL_0_9_3beta2
- refs/tags/OpenSSL_0_9_4
- refs/tags/OpenSSL_0_9_5
- refs/tags/OpenSSL_0_9_5a
- refs/tags/OpenSSL_0_9_5a-beta1
- refs/tags/OpenSSL_0_9_5a-beta2
- refs/tags/OpenSSL_0_9_5beta1
- refs/tags/OpenSSL_0_9_5beta2
- refs/tags/OpenSSL_0_9_6
- refs/tags/OpenSSL_0_9_6-beta1
- refs/tags/OpenSSL_0_9_6-beta2
- refs/tags/OpenSSL_0_9_6-beta3
- refs/tags/OpenSSL_0_9_6a
- refs/tags/OpenSSL_0_9_6a-beta1
- refs/tags/OpenSSL_0_9_6a-beta2
- refs/tags/OpenSSL_0_9_6a-beta3
- refs/tags/OpenSSL_0_9_6b
- refs/tags/OpenSSL_0_9_6c
- refs/tags/OpenSSL_0_9_6d
- refs/tags/OpenSSL_0_9_6d-beta1
- refs/tags/OpenSSL_0_9_6e
- refs/tags/OpenSSL_0_9_6f
- refs/tags/OpenSSL_0_9_6g
- refs/tags/OpenSSL_0_9_6h
- refs/tags/OpenSSL_0_9_6i
- refs/tags/OpenSSL_0_9_6j
- refs/tags/OpenSSL_0_9_6k
- refs/tags/OpenSSL_0_9_6l
- refs/tags/OpenSSL_0_9_6m
- refs/tags/OpenSSL_0_9_7
- refs/tags/OpenSSL_0_9_7-beta1
- refs/tags/OpenSSL_0_9_7-beta2
- refs/tags/OpenSSL_0_9_7-beta3
- refs/tags/OpenSSL_0_9_7-beta4
- refs/tags/OpenSSL_0_9_7-beta5
- refs/tags/OpenSSL_0_9_7-beta6
- refs/tags/OpenSSL_0_9_7a
- refs/tags/OpenSSL_0_9_7b
- refs/tags/OpenSSL_0_9_7c
- refs/tags/OpenSSL_0_9_7d
- refs/tags/OpenSSL_0_9_7e
- refs/tags/OpenSSL_0_9_7f
- refs/tags/OpenSSL_0_9_7g
- refs/tags/OpenSSL_0_9_7h
- refs/tags/OpenSSL_0_9_7i
- refs/tags/OpenSSL_0_9_7j
- refs/tags/OpenSSL_0_9_7k
- refs/tags/OpenSSL_0_9_7l
- refs/tags/OpenSSL_0_9_7m
- refs/tags/OpenSSL_0_9_8
- refs/tags/OpenSSL_0_9_8-beta1
- refs/tags/OpenSSL_0_9_8-beta2
- refs/tags/OpenSSL_0_9_8-beta3
- refs/tags/OpenSSL_0_9_8-beta4
- refs/tags/OpenSSL_0_9_8-beta5
- refs/tags/OpenSSL_0_9_8-beta6
- refs/tags/OpenSSL_0_9_8a
- refs/tags/OpenSSL_0_9_8b
- refs/tags/OpenSSL_0_9_8c
- refs/tags/OpenSSL_0_9_8d
- refs/tags/OpenSSL_0_9_8e
- refs/tags/OpenSSL_0_9_8f
- refs/tags/OpenSSL_0_9_8g
- refs/tags/OpenSSL_0_9_8h
- refs/tags/OpenSSL_0_9_8i
- refs/tags/OpenSSL_0_9_8j
- refs/tags/OpenSSL_0_9_8k
- refs/tags/OpenSSL_0_9_8l
- refs/tags/OpenSSL_0_9_8m
- refs/tags/OpenSSL_0_9_8m-beta1
- refs/tags/OpenSSL_0_9_8n
- refs/tags/OpenSSL_0_9_8o
- refs/tags/OpenSSL_0_9_8p
- refs/tags/OpenSSL_0_9_8q
- refs/tags/OpenSSL_0_9_8r
- refs/tags/OpenSSL_0_9_8s
- refs/tags/OpenSSL_0_9_8t
- refs/tags/OpenSSL_0_9_8u
- refs/tags/OpenSSL_0_9_8v
- refs/tags/OpenSSL_0_9_8w
- refs/tags/OpenSSL_0_9_8x
- refs/tags/OpenSSL_1_0_0
- refs/tags/OpenSSL_1_0_0-beta1
- refs/tags/OpenSSL_1_0_0-beta2
- refs/tags/OpenSSL_1_0_0-beta3
- refs/tags/OpenSSL_1_0_0-beta4
- refs/tags/OpenSSL_1_0_0-beta5
- refs/tags/OpenSSL_1_0_0a
- refs/tags/OpenSSL_1_0_0b
- refs/tags/OpenSSL_1_0_0c
- refs/tags/OpenSSL_1_0_0d
- refs/tags/OpenSSL_1_0_0e
- refs/tags/OpenSSL_1_0_0f
- refs/tags/OpenSSL_1_0_0g
- refs/tags/OpenSSL_1_0_0h
- refs/tags/OpenSSL_1_0_0i
- refs/tags/OpenSSL_1_0_0j
- refs/tags/OpenSSL_1_0_1
- refs/tags/OpenSSL_1_0_1-beta1
- refs/tags/OpenSSL_1_0_1-beta2
- refs/tags/OpenSSL_1_0_1-beta3
- refs/tags/OpenSSL_1_0_1a
- refs/tags/OpenSSL_1_0_1b
- refs/tags/OpenSSL_1_0_1c
- refs/tags/OpenSSL_FIPS_1_0
- refs/tags/SSLeay_0_8_1b
- refs/tags/SSLeay_0_9_0b
- refs/tags/SSLeay_0_9_1b
- refs/tags/STATE_after_zlib
- refs/tags/STATE_before_zlib
- refs/tags/rsaref
- openssl-3.3.0-beta1
- openssl-3.3.0-alpha1
- openssl-3.3.0
- openssl-3.2.1
- openssl-3.2.0-beta1
- openssl-3.2.0-alpha2
- openssl-3.2.0-alpha1
- openssl-3.2.0
- openssl-3.1.5
- openssl-3.1.4
- openssl-3.1.3
- openssl-3.1.2
- openssl-3.1.1
- openssl-3.1.0-beta1
- openssl-3.1.0-alpha1
- openssl-3.1.0
- openssl-3.0.9
- openssl-3.0.8
- openssl-3.0.7
- openssl-3.0.6
- openssl-3.0.5
- openssl-3.0.4
- openssl-3.0.3
- openssl-3.0.2
- openssl-3.0.13
- openssl-3.0.12
- openssl-3.0.11
- openssl-3.0.10
- openssl-3.0.1
- openssl-3.0.0-beta2
- openssl-3.0.0-beta1
- openssl-3.0.0-alpha9
- openssl-3.0.0-alpha8
- openssl-3.0.0-alpha7
- openssl-3.0.0-alpha6
- openssl-3.0.0-alpha5
- openssl-3.0.0-alpha4
- openssl-3.0.0-alpha3
- openssl-3.0.0-alpha2
- openssl-3.0.0-alpha17
- openssl-3.0.0-alpha16
- openssl-3.0.0-alpha15
- openssl-3.0.0-alpha14
- openssl-3.0.0-alpha13
- openssl-3.0.0-alpha12
- openssl-3.0.0-alpha11
- openssl-3.0.0-alpha10
- openssl-3.0.0-alpha1
- openssl-3.0.0
- master-pre-reformat
- master-pre-auto-reformat
- master-post-reformat
- master-post-auto-reformat
- OpenSSL_1_1_1w
- OpenSSL_1_1_1v
- OpenSSL_1_1_1u
- OpenSSL_1_1_1t
- OpenSSL_1_1_1s
- OpenSSL_1_1_1r
- OpenSSL_1_1_1q
- OpenSSL_1_1_1p
- OpenSSL_1_1_1o
- OpenSSL_1_1_1n
- OpenSSL_1_1_1m
- OpenSSL_1_1_1l
- OpenSSL_1_1_1k
- OpenSSL_1_1_1j
- OpenSSL_1_1_1i
- OpenSSL_1_1_1h
- OpenSSL_1_1_1g
- OpenSSL_1_1_1f
- OpenSSL_1_1_1e
- OpenSSL_1_1_1d
- OpenSSL_1_1_1c
- OpenSSL_1_1_1b
- OpenSSL_1_1_1a
- OpenSSL_1_1_1-pre9
- OpenSSL_1_1_1-pre8
- OpenSSL_1_1_1-pre7
- OpenSSL_1_1_1-pre6
- OpenSSL_1_1_1-pre5
- OpenSSL_1_1_1-pre4
- OpenSSL_1_1_1-pre3
- OpenSSL_1_1_1-pre2
- OpenSSL_1_1_1-pre1
- OpenSSL_1_1_1
- OpenSSL_1_1_0l
- OpenSSL_1_1_0k
- OpenSSL_1_1_0j
- OpenSSL_1_1_0i
- OpenSSL_1_1_0h
- OpenSSL_1_1_0g
- OpenSSL_1_1_0f
- OpenSSL_1_1_0e
- OpenSSL_1_1_0d
- OpenSSL_1_1_0c
- OpenSSL_1_1_0b
- OpenSSL_1_1_0a
- OpenSSL_1_1_0-pre6
- OpenSSL_1_1_0-pre5
- OpenSSL_1_1_0-pre4
- OpenSSL_1_1_0-pre3
- OpenSSL_1_1_0-pre2
- OpenSSL_1_1_0-pre1
- OpenSSL_1_1_0
- OpenSSL_1_0_2u
- OpenSSL_1_0_2t
- OpenSSL_1_0_2s
- OpenSSL_1_0_2r
- OpenSSL_1_0_2q
- OpenSSL_1_0_2p
- OpenSSL_1_0_2o
- OpenSSL_1_0_2n
- OpenSSL_1_0_2m
- OpenSSL_1_0_2l
- OpenSSL_1_0_2k
- OpenSSL_1_0_2j
- OpenSSL_1_0_2i
- OpenSSL_1_0_2h
- OpenSSL_1_0_2g
- OpenSSL_1_0_2f
- OpenSSL_1_0_2e
- OpenSSL_1_0_2d
- OpenSSL_1_0_2c
- OpenSSL_1_0_2b
- OpenSSL_1_0_2a
- OpenSSL_1_0_2-pre-reformat
- OpenSSL_1_0_2-pre-auto-reformat
- OpenSSL_1_0_2-post-reformat
- OpenSSL_1_0_2-post-auto-reformat
- OpenSSL_1_0_2-beta3
- OpenSSL_1_0_2-beta2
- OpenSSL_1_0_2-beta1
- OpenSSL_1_0_2
- OpenSSL_1_0_1u
- OpenSSL_1_0_1t
- OpenSSL_1_0_1s
- OpenSSL_1_0_1r
- OpenSSL_1_0_1q
- OpenSSL_1_0_1p
- OpenSSL_1_0_1o
- OpenSSL_1_0_1n
- OpenSSL_1_0_1m
- OpenSSL_1_0_1l
- OpenSSL_1_0_1k
- OpenSSL_1_0_1j
- OpenSSL_1_0_1i
- OpenSSL_1_0_1h
- OpenSSL_1_0_1g
- OpenSSL_1_0_1f
- OpenSSL_1_0_1e
- OpenSSL_1_0_1d
- OpenSSL_1_0_1-pre-reformat
- OpenSSL_1_0_1-pre-auto-reformat
- OpenSSL_1_0_1-post-reformat
- OpenSSL_1_0_1-post-auto-reformat
- OpenSSL_1_0_0t
- OpenSSL_1_0_0s
- OpenSSL_1_0_0r
- OpenSSL_1_0_0q
- OpenSSL_1_0_0p
- OpenSSL_1_0_0o
- OpenSSL_1_0_0n
- OpenSSL_1_0_0m
- OpenSSL_1_0_0l
- OpenSSL_1_0_0k
- OpenSSL_1_0_0-pre-reformat
- OpenSSL_1_0_0-pre-auto-reformat
- OpenSSL_1_0_0-post-reformat
- OpenSSL_1_0_0-post-auto-reformat
- OpenSSL_0_9_8zh
- OpenSSL_0_9_8zg
- OpenSSL_0_9_8zf
- OpenSSL_0_9_8ze
- OpenSSL_0_9_8zd
- OpenSSL_0_9_8zc
- OpenSSL_0_9_8zb
- OpenSSL_0_9_8za
- OpenSSL_0_9_8y
- OpenSSL_0_9_8-pre-reformat
- OpenSSL_0_9_8-pre-auto-reformat
- OpenSSL_0_9_8-post-reformat
- OpenSSL_0_9_8-post-auto-reformat
- OpenSSL-fips-2_0_9
- OpenSSL-fips-2_0_8
- OpenSSL-fips-2_0_7
- OpenSSL-fips-2_0_6
- OpenSSL-fips-2_0_5
- OpenSSL-fips-2_0_4
- OpenSSL-fips-2_0_3
- OpenSSL-fips-2_0_2
- OpenSSL-fips-2_0_16
- OpenSSL-fips-2_0_15
- OpenSSL-fips-2_0_14
- OpenSSL-fips-2_0_13
- OpenSSL-fips-2_0_12
- OpenSSL-fips-2_0_11
- OpenSSL-fips-2_0_10
Take a new snapshot of a software origin
If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.
Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.Processing "take a new snapshot" request ...
Permalinks
To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.
Revision | Author | Date | Message | Commit Date |
---|---|---|---|---|
830bf8e | Richard Levitte | 07 February 2023, 13:37:05 UTC | Prepare for 1.1.1t release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 07 February 2023, 13:37:05 UTC |
c3a54c3 | Richard Levitte | 07 February 2023, 11:55:04 UTC | Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 07 February 2023, 11:55:04 UTC |
a85fbb5 | Tomas Mraz | 23 January 2023, 17:27:11 UTC | Add CHANGES and NEWS entries for the 1.1.1t release Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> | 03 February 2023, 10:22:47 UTC |
2c6c9d4 | Hugo Landau | 17 January 2023, 17:45:42 UTC | CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 03 February 2023, 10:22:47 UTC |
f040f25 | Matt Caswell | 14 December 2022, 17:15:18 UTC | Check CMS failure during BIO setup with -stream is handled correctly Test for the issue fixed in the previous commit Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 03 February 2023, 10:22:47 UTC |
c3829dd | Matt Caswell | 14 December 2022, 16:18:14 UTC | Fix a UAF resulting from a bug in BIO_new_NDEF If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will be part of an invalid BIO chain. This causes a "use after free" when the BIO is eventually freed. Based on an original patch by Viktor Dukhovni and an idea from Theo Buehler. Thanks to Octavio Galland for reporting this issue. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 03 February 2023, 10:22:47 UTC |
2bd6112 | Matt Caswell | 13 December 2022, 15:02:26 UTC | Add a test for CVE-2022-4450 Call PEM_read_bio_ex() and expect a failure. There should be no dangling ptrs and therefore there should be no double free if we free the ptrs on error. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> | 03 February 2023, 10:22:47 UTC |
bbcf509 | Matt Caswell | 13 December 2022, 14:54:55 UTC | Avoid dangling ptrs in header and data params for PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> | 03 February 2023, 10:22:47 UTC |
43d8f88 | Matt Caswell | 20 January 2023, 15:26:54 UTC | Fix Timing Oracle in RSA decryption A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 03 February 2023, 10:22:47 UTC |
1dc2ae4 | Richard Levitte | 30 January 2023, 14:19:10 UTC | Use $config{build_file} instead of $target{build_file} If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20174) | 03 February 2023, 10:13:01 UTC |
b9e3749 | Gerd Hoffmann | 12 January 2022, 09:30:15 UTC | crypto/bio: drop float formating for UEFI Using floating point is not supported in UEFI and can cause build problems, for example due to SSE being disabled and x64 calling convention passing floats in SSE registers. Avoid those problems by not compiling the formating code for floating point numbers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19738) | 31 January 2023, 10:25:59 UTC |
44da716 | Hugo Landau | 18 January 2023, 15:43:56 UTC | Fix corruption when searching for CRLs in hashed directories (1.1) The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track how many sequentially numbered CRL files have been loaded for a given X509_NAME hash which is being requested. This avoids loading already loaded CRL files and repeated stat() calls. This OPENSSL_STACK is searched using sk_find, however this mutates the OPENSSL_STACK unless it is known to be sorted. This operation therefore requires a write lock, which was not taken. Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This guarantees no mutation will occur during sk_find. This is chosen over taking a write lock during sk_find as retrieving a CRL by X509_NAME is assumed to be a hotter path than the case where a new CRL is installed. Also optimise the code by avoiding creating the structure to track the last CRL file sequence number in the circumstance where it would match the initial value, namely where no CRL with the given hash is installed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20127) | 24 January 2023, 14:45:50 UTC |
adc3cfe | Matt Caswell | 20 January 2023, 14:08:42 UTC | Add DTLS support to the large app data test Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) | 24 January 2023, 10:24:35 UTC |
4b5ec7c | Matt Caswell | 19 January 2023, 11:59:44 UTC | Ensure our buffer allocation allows for the Explicit IV Some ciphers/protocol versions have an explicit IV. We need to make sure we have sufficient room for it in the underlying buffer. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) | 24 January 2023, 10:24:35 UTC |
b958ecf | Matt Caswell | 19 January 2023, 10:52:45 UTC | Add a test for large app data Test that sending large app data records works correctly. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20087) | 24 January 2023, 10:24:35 UTC |
2bcf8e6 | ValdikSS | 18 January 2023, 17:14:48 UTC | Padlock: fix byte swapping assembly for AES-192 and 256 Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware. This commit correctly sets the number of swapping loops to be done. Fixes #20073 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20077) (cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a) | 20 January 2023, 07:32:55 UTC |
d90907d | Bernd Edlinger | 05 December 2022, 05:50:02 UTC | Fix CI failures with ubuntu-22.04 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930) | 19 January 2023, 17:16:33 UTC |
d49c98d | Bernd Edlinger | 04 December 2022, 13:19:55 UTC | Fix various clang-14/15 compiler warnings Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19930) | 19 January 2023, 17:16:33 UTC |
5bbd921 | Bernd Edlinger | 08 November 2022, 16:43:22 UTC | Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19735) | 14 January 2023, 10:51:54 UTC |
1d0fa26 | Matt Caswell | 06 December 2022, 14:51:54 UTC | Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) | 22 December 2022, 10:07:07 UTC |
e913b91 | Matt Caswell | 06 December 2022, 14:35:53 UTC | Fix BIO_f_asn1() to properly report some errors Some things that may go wrong in asn1_bio_write() are serious errors that should be reported as -1, rather than 0 (which just means "we wrote no data"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) | 22 December 2022, 10:07:07 UTC |
1354191 | Matt Caswell | 06 December 2022, 14:21:23 UTC | Fix SMIME_crlf_copy() to properly report an error If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not correctly reporting the error. We modify it to properly propagate the error condition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) | 22 December 2022, 10:07:07 UTC |
6446cb4 | Matt Caswell | 06 December 2022, 14:18:53 UTC | Fix BIO_f_cipher() flushing If an error occurs during a flush on a BIO_f_cipher() then in some cases we could get into an infinite loop. We add a check to make sure we are making progress during flush and exit if not. This issue was reported by Octavio Galland who also demonstrated an infinite loop in CMS encryption as a result of this bug. The security team has assessed this issue as not a CVE. This occurs on *encryption* only which is typically processing trusted data. We are not aware of a way to trigger this with untrusted data. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19920) | 22 December 2022, 10:07:07 UTC |
ed8af05 | Bernd Edlinger | 16 December 2022, 18:30:29 UTC | Fix a logic flaw in test_mod_exp_zero Due to the logic flaw, possible test failures in this test case might be ignored. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19929) (cherry picked from commit 42061268ee8f9ae0555d522870740fc91b744f4f) | 21 December 2022, 15:36:14 UTC |
68cec7e | Bernd Edlinger | 16 November 2022, 11:32:06 UTC | Fix a memory leak in rsa_priv_encode If PKCS8_pkey_set0 fails, the memory in rk need to be clear freed otherwise it is owned by the PKCS8_PRIV_KEY_INFO. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19694) | 16 December 2022, 18:05:37 UTC |
31efcf2 | Matt Caswell | 27 October 2022, 13:14:53 UTC | Fix the ceiling on how much encryption growth we can have Stitched ciphersuites can grow by more during encryption than the code allowed for. We fix the calculation and add an assert to check we go it right. Also if we are adding the MAC independently of the cipher algorithm then the encryption growth will not include that MAC so we should remove it from the amount of bytes that we reserve for that growth. Otherwise we might exceed our buffer size and the WPACKET_reserve operation will fail. Note that this is not a security issue. Even though we can overflow the amount of bytes reserved in the WPACKET for the encryption, the underlying buffer is still big enough. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19585) | 05 December 2022, 11:10:55 UTC |
f868abc | Bernd Edlinger | 10 November 2022, 17:51:44 UTC | Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf) | 12 November 2022, 12:22:27 UTC |
cf1a7cf | Bernd Edlinger | 10 November 2022, 17:23:25 UTC | Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba) | 12 November 2022, 12:22:07 UTC |
2c0ae1e | Tomas Mraz | 02 November 2022, 07:53:36 UTC | Update GitHub actions as suggested by dependabot Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19581) (cherry picked from commit ec33ed712665ca65cabcd87d446e5db79a64379e) | 03 November 2022, 11:25:50 UTC |
8a9a71b | Tomas Mraz | 01 November 2022, 12:36:17 UTC | Prepare for 1.1.1t-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 01 November 2022, 12:36:17 UTC |
1290581 | Tomas Mraz | 01 November 2022, 12:36:10 UTC | Prepare for 1.1.1s release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 01 November 2022, 12:36:10 UTC |
7d8a20c | Tomas Mraz | 01 November 2022, 12:17:34 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19560) | 01 November 2022, 12:28:05 UTC |
7e8642c | Tomas Mraz | 01 November 2022, 10:50:22 UTC | Update CHANGES and NEWS for new release Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19558) | 01 November 2022, 10:52:01 UTC |
aa542d2 | Richard Levitte | 06 July 2022, 04:09:01 UTC | Make openVMS seeding less dependent of OpenVMS version SYS$GETTIM_PREC is a very new function, only available on OpenVMS v8.4. OpenSSL binaries built on OpenVMS v8.4 become unusable on older OpenVM versions, but building for the older CRTL version will make the high precision time functions unavailable. Tests have shown that on Alpha and Itanium, the time update granularity between SYS$GETTIM and SYS$GETTIM_PREC is marginal, so the former plus a sequence number turns out to be better to guarantee a unique nonce. Fixes #18727 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18730) | 27 October 2022, 10:32:13 UTC |
9b3219b | Todd C. Miller | 24 October 2022, 14:00:48 UTC | ssl_cipher_process_rulestr: don't read outside rule_str buffer If rule_str ended in a "-", "l" was incremented one byte past the end of the buffer. This resulted in an out-of-bounds read when "l" is dereferenced at the end of the loop. It is safest to just return early in this case since the condition occurs inside a nested loop. CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19166) (cherry picked from commit 428511ca66670e169a0e1b12e7540714b0be4cf8) | 26 October 2022, 10:52:23 UTC |
c7a02ba | Pauli | 20 October 2022, 23:29:09 UTC | doc: fix copy/paste error Fixes #19460 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19461) (cherry picked from commit 5b9480fc1e814bf8fa2dce0dbbede147f04d477c) | 23 October 2022, 22:52:46 UTC |
ad714ba | Dr. David von Oheimb | 29 July 2022, 11:09:52 UTC | Fix many inconsistencies in doc of CMS_verify() and PKC7_verify() etc. Also change B< to I< in {CMS,PKCS7}_verify.pod, PKCS7_sign{,_add_signer}.pod Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19108) (cherry picked from commit 312a6b3a0327a986344c85aa6bc43e135d70bc6c) | 19 October 2022, 18:31:22 UTC |
a3c229e | Gibeom Gwon | 11 October 2022, 17:57:21 UTC | Fix no longer implicitly refresh the cached TBSCertificate This reverts commit 748df1874f0488ce0c86b6d2d083921abb34b1e3. Fixes #19388 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19392) | 13 October 2022, 13:54:29 UTC |
0ca7eae | Matt Caswell | 11 October 2022, 12:46:07 UTC | Prepare for 1.1.1s-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 11 October 2022, 12:46:07 UTC |
fbda8a9 | Matt Caswell | 11 October 2022, 12:45:58 UTC | Prepare for 1.1.1r release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 11 October 2022, 12:45:58 UTC |
0874d7f | Matt Caswell | 11 October 2022, 12:13:47 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19383) | 11 October 2022, 12:26:59 UTC |
3d28f74 | Matt Caswell | 10 October 2022, 10:53:46 UTC | Updated CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes (Merged from https://github.com/openssl/openssl/pull/19381) | 11 October 2022, 12:11:42 UTC |
01b5335 | Adam Joseph | 01 October 2022, 03:55:29 UTC | Configurations: mips64*-linux-*abin32 needs bn_ops SIXTY_FOUR_BIT The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops, but it is missing from mips64*-linux-*abin32 (which OpenSSL calls "linux-mips64"). This causes heap corruption when verifying TLS certificates (which tend to be RSA-signed) with openssl 1.1.1q: ``` nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer Aborted ``` and a slightly different failure with current HEAD: ``` nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443 Connecting to 142.250.180.4 CONNECTED(00000003) Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0) Aborted ``` Applying this patch and recompiling produces the expected output instead of a crash. Note that Gentoo (and to my knowledge all other other distributions which support mips64n32) use the `linux-generic32` configuration, which uses only 32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler implementations for the SHA hash functions: https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102 For support in nixpkgs we would like to use the full 64-bit integer registers and perlasm routines, so I'm submitting this upstream as well. Fixes #19319 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19320) (cherry picked from commit d250e8563fa400fd3d9b93cff609c7503149b908) | 03 October 2022, 00:26:52 UTC |
748df18 | Gibeom Gwon | 27 August 2022, 13:29:28 UTC | X509 x_all.c: Set 'modified' flag when ASN1_item_sign{,_ctx} call was successful Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879) | 24 September 2022, 14:49:54 UTC |
002cf9a | Gibeom Gwon | 27 August 2022, 13:04:38 UTC | X509 x509_req.c: Set 'modified' flag when X509_req_info_st member data updated We need to reencode X509_req_info_st if member data updated. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18879) | 24 September 2022, 14:49:54 UTC |
6e6aad3 | Daniel Fiala | 28 August 2022, 09:53:32 UTC | Convert serverinfo in SSL_CTX_use_serverinfo() to v2. Fixes #18183. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19081) | 09 September 2022, 12:10:03 UTC |
9eae491 | Ryan Kelley | 16 August 2022, 05:28:50 UTC | Moving notify check after the no time check CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19007) (cherry picked from commit c92c3dfb99485eb2cfb840e92bd0ece8cdd72d0c) | 23 August 2022, 01:05:54 UTC |
07ecb79 | Pauli | 16 August 2022, 01:05:02 UTC | Coverity 1508506: misuse of time_t Fixes a bug in the cookie code which would have caused problems for ten minutes before and after the lower 32 bits of time_t rolled over. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19022) | 22 August 2022, 04:46:00 UTC |
552603e | Pauli | 16 August 2022, 01:05:02 UTC | Coverity 1508534 & 1508540: misuses of time_t Avoid problems when the lower 32 bits of time_t roll over by delaying the cast to integer until after the time delta has been computed. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19004) (cherry picked from commit a6cadcbdc3b4f3fbd0fd228e41177f0661b68264) | 18 August 2022, 22:40:35 UTC |
6246649 | Pauli | 06 May 2022, 06:59:26 UTC | bn_nist: fix strict aliasing problem As of clang-14 the strict aliasing is causing code to magically disappear. By explicitly inlining the code, the aliasing problem evaporates. Fixes #18225 Backport of #18258 to 1.1.1. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18948) | 17 August 2022, 15:44:45 UTC |
d87e99d | Matt Caswell | 25 July 2022, 11:39:52 UTC | Test that swapping the first app data record with Finished msg works If the first app data record arrives before the Finished message we should be able to buffer it and move on to the Finished message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976) | 10 August 2022, 10:42:29 UTC |
01fc812 | Matt Caswell | 25 July 2022, 14:59:38 UTC | Fix SSL_pending() and SSL_has_pending() with DTLS If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18976) | 10 August 2022, 10:39:26 UTC |
4648839 | Roberto Hueso Gomez | 01 August 2022, 18:11:22 UTC | Fix EC_KEY_set_private_key() NULL priv_key docs Updates the docs to describe EC_KEY_set_private_key() function behavior when a NULL priv_key argument is passed. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) | 04 August 2022, 09:09:16 UTC |
1c2f52b | Roberto Hueso Gomez | 01 August 2022, 00:08:47 UTC | Add test for EC_KEY_set_private_key() This tests the behavior and API of the EC_KEY_set_private_key function. It tests compliance with legacy features related to NULL private keys too. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) | 04 August 2022, 09:09:15 UTC |
143d7d4 | Roberto Hueso Gomez | 26 July 2022, 18:41:02 UTC | Fix EC_KEY_set_private_key() priv_key regression This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 Fixes #18744. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18874) | 04 August 2022, 09:09:14 UTC |
0b755cd | Dr. David von Oheimb | 08 January 2021, 07:27:17 UTC | X509_REQ_get_extensions(): Return empty stack if no extensions found Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18926) | 03 August 2022, 15:27:50 UTC |
26cfeb7 | Bernd Edlinger | 05 January 2022, 16:25:02 UTC | Fix copyright year issues Fixes: #13765 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17706) | 30 July 2022, 10:23:26 UTC |
7dfe4aa | Pauli | 28 July 2022, 01:23:29 UTC | Note that EVP_CIPHER_iv_length returns negative values on error Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18894) | 29 July 2022, 09:15:06 UTC |
3b9082c | valdaarhun | 25 July 2022, 13:19:19 UTC | Fixes segfault occurrence in PEM_write() Checks if header is NULL or not before calling strlen(). CLA: trivial Fixes #18825 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18865) (cherry picked from commit 205957405d08ef199e6ab654e333a627bbca9ccc) | 29 July 2022, 02:39:51 UTC |
e544f3e | Pauli | 25 July 2022, 03:01:00 UTC | Fix error in LHASH documentation Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18859) (cherry picked from commit 316fad64c1e541a530910a13160d48b7545ac1e0) | 26 July 2022, 07:05:05 UTC |
264a3f4 | Matt Caswell | 10 June 2022, 11:33:45 UTC | Fix a crash in v2i_IPAddrBlocks() If an IP address prefix value is supplied that is too large then a crash can result. v2i_IPAddrBlocks() should sanity check the prefix value, as should X509v3_addr_add_prefix(). Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) | 25 July 2022, 06:33:21 UTC |
c3b0279 | Amir Mohammadi | 04 August 2021, 05:14:29 UTC | Fix test case for a2i_IPADDRESS (cherry picked from commit 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) | 25 July 2022, 06:33:21 UTC |
bd41b84 | Christian Heimes | 15 August 2020, 18:01:49 UTC | Test case for a2i_IPADDRESS Unit test to show that a2i_IPADDRESS("1.2.3.4.test.example") ignores trailing data. See: https://github.com/openssl/openssl/issues/12649 See: https://bugs.python.org/issue41556 (cherry picked from commit 1a9411a30b09a98498366979a1ea4898f70f6d19) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) | 25 July 2022, 06:33:21 UTC |
65e30e7 | Amir Mohammadi | 04 August 2021, 05:13:49 UTC | Fix ipv4_from_asc behavior on invalid Ip addresses sscanf() call in ipv4_from_asc does not check that the string is terminated immediately after the last digit. (cherry picked from commit 8b9a13b43ba3d71e441fca47a52e800ce79b3d2b) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18847) | 25 July 2022, 06:33:20 UTC |
952fab0 | Todd Short | 20 July 2022, 20:42:50 UTC | Fix re-signing certificates with different key sizes PR #18129 broke the scenario of signing a certificate (not CSR) with different-sized key. This works in 3.0, so port the fix from 3.0 (which is to only update the issuer for a request). Partially undo #18129, but keep setting the issuer only for a CSR Create two certs (a and ca) then sign a with c (into b): ``` openssl req -x509 -newkey rsa:2048 -keyout a-key.pem -out a-cert.pem -days 365 -nodes -subj /CN=a.example.com openssl req -x509 -newkey rsa:4096 -keyout ${HERE}/ca-key.pem -out ${HERE}/ca-cert.pem -days 3650 -nodes -subj /CN=ca.example.com openssl x509 -in a-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial '1234567890' -preserve_dates -sha256 -out b-cert.pem ``` The above succeeds in 1.1.1n and 3.0, fails in 1.1.1o (which includes #18129) The issue in #16080 is also fixed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/18836) | 22 July 2022, 18:41:44 UTC |
5ba7a33 | Shi Pujin | 20 July 2022, 07:42:50 UTC | Add loongarch64 target Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18831) | 21 July 2022, 14:33:44 UTC |
ee4562d | Dr. David von Oheimb | 20 July 2022, 06:39:45 UTC | X509_STORE_CTX_purpose_inherit(): add missing details to its documentation Fixes #18801 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18830) (cherry picked from commit c00fd2dece8ba54b2597a61c8db6a001025d05d5) | 21 July 2022, 09:53:11 UTC |
86945b1 | Dmitry Belyavskiy | 14 July 2022, 19:41:48 UTC | Fix verify_callback in the openssl s_client/s_server app We need to check that error cert is available before printing its data Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18805) (cherry picked from commit fad0f80eff188ef938fed614245a56ed56110deb) | 20 July 2022, 06:38:45 UTC |
ff23817 | Dr. David von Oheimb | 31 May 2022, 08:02:02 UTC | x509.pod: fix description of certificate serial number storage Backported from https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18803) | 14 July 2022, 13:02:57 UTC |
55eafed | Dr. David von Oheimb | 30 May 2022, 14:53:05 UTC | APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Backported from https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18803) | 14 July 2022, 13:02:57 UTC |
d94f8aa | Varun Sharma | 09 July 2022, 14:03:23 UTC | ci: add GitHub token permissions for workflows Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18766) (cherry picked from commit c6e7f427c82dfa17416a39af7661c40162d57aaf) (cherry picked from commit 90d6e6a3d5d30c3df4edf4a6430472c3eeb7d7a7) | 13 July 2022, 00:21:19 UTC |
c3efe5c | Allan | 07 July 2022, 23:04:09 UTC | Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE Fixes #18677 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18698) (cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e) | 11 July 2022, 08:52:40 UTC |
ccc7ccb | Viktor Szakats | 03 July 2022, 22:30:06 UTC | use #pragma comment(lib) with _MSC_VER only Avoid this warning when compiled with llvm/gcc + mingw-w64 and `USE_BCRYPTGENRANDOM` enabled: ``` ../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas] ^ 1 warning generated. ``` CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18709) (cherry picked from commit 695cb63c744bab090144a86949b68324ee3094d6) | 11 July 2022, 08:37:28 UTC |
17098c1 | Bernd Edlinger | 23 October 2021, 09:58:27 UTC | Make the DRBG seed propagation thread safe Currently there is a race possible because the reseed_counter of the master drbg may be incremented after the get_entropy call. Therefore access the parent's reseed_counter while still holding the rand_drbg_lock. This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16900) | 09 July 2022, 11:17:18 UTC |
a937806 | Bernd Edlinger | 05 July 2022, 18:39:06 UTC | Fix a memory leak in tls13_generate_secret This was found by my Reproducible Error Injection patch (#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #15 0x55fb9117e939 in main fuzz/test-corpus.c:194 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #12 0x55fb9117e939 in main fuzz/test-corpus.c:194 #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) ================================================================= ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18725) | 07 July 2022, 06:25:40 UTC |
241f3a7 | Alexander Scheel | 29 June 2022, 14:19:58 UTC | Fixes OSCP->OCSP typo in ocsp command line The existing help text says: > -badsig Corrupt last byte of loaded OSCP response signature (for test) but this should be OCSP. This is the only occurrence within the project of this typo. CLA: trivial Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18684) (cherry picked from commit 2837b19fcba4bf4ff2ecdc8435c650bf18c27552) | 06 July 2022, 08:19:02 UTC |
a8f6d73 | Bernd Edlinger | 12 June 2022, 07:37:26 UTC | Fix reported performance degradation on aarch64 This restores the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower, and the silicon errata only affects 32bit targets. Only for 32bit targets the new algorithm is used. Fixes #18445 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18539) | 06 July 2022, 07:11:03 UTC |
60f011f | Gregor Jasny | 05 July 2022, 10:57:06 UTC | Add missing header for memcmp CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18719) (cherry picked from commit f9e578e720bb35228948564192adbe3bc503d5fb) | 06 July 2022, 04:35:44 UTC |
299e101 | Richard Levitte | 05 July 2022, 09:08:48 UTC | Prepare for 1.1.1r-dev Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes | 05 July 2022, 09:08:48 UTC |
29708a5 | Richard Levitte | 05 July 2022, 09:08:33 UTC | Prepare for 1.1.1q release Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes | 05 July 2022, 09:08:33 UTC |
95a17c0 | Richard Levitte | 05 July 2022, 08:33:00 UTC | Update copyright year Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes | 05 July 2022, 08:33:00 UTC |
78ba51a | Richard Levitte | 05 July 2022, 08:25:00 UTC | Update CHANGES and NEWS for upcoming release 1.1.1q Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes | 05 July 2022, 08:25:00 UTC |
9131afd | Alex Chernyakhovsky | 16 June 2022, 02:02:37 UTC | AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 05 July 2022, 08:14:22 UTC |
9199256 | Alex Chernyakhovsky | 16 June 2022, 02:00:22 UTC | Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grandloop") and then proceeds to handle the "short" tail (which can be anywhere from 0 to 5 blocks) that remain. As part of initialization, the assembly initializes $len to the true length, less 96 bytes and converts it to a pointer so that the $inp can be compared to it. Each iteration of "grandloop" checks to see if there's a full 96-byte chunk to process, and if so, continues. Once this has been exhausted, it falls through to "short", which handles the remaining zero to five blocks. Unfortunately, the jump at the end of "grandloop" had a fencepost error, doing a `jb` ("jump below") rather than `jbe` (jump below or equal). This should be `jbe`, as $inp is pointing to the *end* of the chunk currently being handled. If $inp == $len, that means that there's a whole 96-byte chunk waiting to be handled. If $inp > $len, then there's 5 or fewer 16-byte blocks left to be handled, and the fall-through is intended. The net effect of `jb` instead of `jbe` is that the last 16-byte block of the last 96-byte chunk was completely omitted. The contents of `out` in this position were never written to. Additionally, since those bytes were never processed, the authentication tag generated is also incorrect. The same fencepost error, and identical logic, exists in both aesni_ocb_encrypt and aesni_ocb_decrypt. This addresses CVE-2022-2097. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> | 05 July 2022, 08:14:22 UTC |
6495cab | slontis | 01 July 2022, 03:47:11 UTC | Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18697) (cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b) | 05 July 2022, 06:18:23 UTC |
7a05fcb | xkernel | 20 June 2022, 09:46:39 UTC | v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/18608) (cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9) | 05 July 2022, 06:11:54 UTC |
a1d80ed | Matt Caswell | 10 June 2022, 14:58:58 UTC | Fix range_should_be_prefix() to actually return the correct result range_should_be_prefix() was misidentifying whether an IP address range should in fact be represented as a prefix. This was due to a bug introduced in commit 42d7d7dd which made this incorrect change: - OPENSSL_assert(memcmp(min, max, length) <= 0); + if (memcmp(min, max, length) <= 0) + return -1; This error leads to incorrect DER being encoded/accepted. Reported by Theo Buehler (@botovq) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18524) (cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae) (cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841) | 05 July 2022, 06:06:20 UTC |
4c1cf6d | Bernd Edlinger | 17 June 2022, 08:25:24 UTC | Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232) | 05 July 2022, 06:03:58 UTC |
8825732 | olszomal | 17 June 2022, 13:01:11 UTC | SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *' Fix the documentation. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18599) (cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50) | 28 June 2022, 16:00:27 UTC |
6c8879c | Bernd Edlinger | 22 June 2022, 15:05:55 UTC | Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #23 0x402afb in testfile fuzz/test-corpus.c:182 #24 0x402656 in main fuzz/test-corpus.c:226 #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/18632) | 25 June 2022, 05:22:49 UTC |
7f77ecd | Matt Caswell | 21 June 2022, 13:39:48 UTC | Prepare for 1.1.1q-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 21 June 2022, 13:39:48 UTC |
8aaca20 | Matt Caswell | 21 June 2022, 13:39:39 UTC | Prepare for 1.1.1p release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 21 June 2022, 13:39:39 UTC |
a3fc812 | Matt Caswell | 21 June 2022, 13:07:32 UTC | Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes | 21 June 2022, 13:13:56 UTC |
51e0652 | Matt Caswell | 20 June 2022, 13:14:20 UTC | Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes | 21 June 2022, 12:39:20 UTC |
9639817 | Daniel Fiala | 29 May 2022, 18:11:24 UTC | Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> | 20 June 2022, 10:46:32 UTC |
20af01d | Fraser Tweedale | 15 June 2022, 00:50:57 UTC | Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <ftweedal@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18568) (cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83) | 16 June 2022, 14:09:17 UTC |
8438d3a | Tomas Mraz | 09 June 2022, 14:20:05 UTC | Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18511) | 16 June 2022, 13:30:56 UTC |
0ed27fb | Tomas Mraz | 09 June 2022, 10:34:55 UTC | Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <davidben@google.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18511) | 16 June 2022, 13:30:56 UTC |
8f07881 | Matt Caswell | 09 June 2022, 15:57:30 UTC | Fix a crash in X509v3_asid_subset() If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18514) (cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82) | 15 June 2022, 14:43:43 UTC |
ab7d056 | Tomas Mraz | 02 June 2022, 16:12:05 UTC | Update further expiring certificates that affect tests Namely the smime certificates used in test_cms will expire soon and affect tests. Fixes #15179 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18481) | 06 June 2022, 08:36:55 UTC |