[openssl/openssl] d1460a: Add riscv64 asm_arch to BSD-riscv64 target
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: d1460afdfcb3c90df612896d40d35c6627a5967c https://github.openssl.org/openssl/openssl/commit/d1460afdfcb3c90df612896d40d35c6627a5967c Author: Hongren (Zenithal) Zheng Date: 2022-05-25 (Wed, 25 May 2022) Changed paths: M Configurations/10-main.conf Log Message: --- Add riscv64 asm_arch to BSD-riscv64 target Following cb2764f2a8 Add riscv64 asm_arch to linux64-riscv64 target Current ASM does not have Linux specific thing thus this is suitable for BSD Reviewed-by: Todd Short Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18309)
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D8ZlY_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHNvudLerpWTM9e2xOlH1W9kBl3ULkknITB8WAP7AEaKTW5FNl02RogJHAFcD9pz-2FUHeiycy-2BrniY5VBlokqTeKLF3yB-2FWiA-2BJpUXxL9zs2FWafbBLd69r5a-2FJ-2BKd7oAdS4-2Ft6rEaDN8GuMtrCoruz0e2nOHdGXyu1naAL53cAWwUowLpC7LyTDMpWxNsRV63s-3D Build ID: 457694 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl/web] fbc68b: There's a single vulnerability where we use fips a...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/web Commit: fbc68b0a828aafea7e7a2e057ff898af95fa51bf https://github.openssl.org/openssl/web/commit/fbc68b0a828aafea7e7a2e057ff898af95fa51bf Author: Mark J. Cox Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M bin/vulnxml2jsonproject.py M news/vulnerabilities.xml Log Message: --- There's a single vulnerability where we use fips as the version, don't fail on that. Also fix up a bad date in vulnerabilities.xml where it copied the CVE name by mistake
[openssl/openssl] 373de4: Use safe pattern for buffer size determining in ca...
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 373de40f3f76c63e4f2684abd86706f3863347ca https://github.openssl.org/openssl/openssl/commit/373de40f3f76c63e4f2684abd86706f3863347ca Author: Dmitry Belyavskiy Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/statem/statem_clnt.c Log Message: --- Use safe pattern for buffer size determining in case of GOST key exchange Related: CVE-2022-29242 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18381) (cherry picked from commit 2b5e89992e3ada1131beebb2a22722168b9389c2) Commit: 71544090df4fe34f1ebd182e4e77c8b26568dbfe https://github.openssl.org/openssl/openssl/commit/71544090df4fe34f1ebd182e4e77c8b26568dbfe Author: Dmitry Belyavskiy Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M gost-engine Log Message: --- Update gost-engine to the last changes Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18381) (cherry picked from commit 828613c3e44ca1de6407a37d34de64c673ca61e9) Compare: https://github.openssl.org/openssl/openssl/compare/3be529cd2eb4...71544090df4f
[openssl/openssl] 2b5e89: Use safe pattern for buffer size determining in ca...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 2b5e89992e3ada1131beebb2a22722168b9389c2 https://github.openssl.org/openssl/openssl/commit/2b5e89992e3ada1131beebb2a22722168b9389c2 Author: Dmitry Belyavskiy Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/statem/statem_clnt.c Log Message: --- Use safe pattern for buffer size determining in case of GOST key exchange Related: CVE-2022-29242 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18381) Commit: 828613c3e44ca1de6407a37d34de64c673ca61e9 https://github.openssl.org/openssl/openssl/commit/828613c3e44ca1de6407a37d34de64c673ca61e9 Author: Dmitry Belyavskiy Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M gost-engine Log Message: --- Update gost-engine to the last changes Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18381) Compare: https://github.openssl.org/openssl/openssl/compare/dc0ef292f7df...828613c3e44c
[openssl/openssl] 4a28f8: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 4a28f8451fbc1848fd2d1b99203a7c75876123f6 https://github.openssl.org/openssl/openssl/commit/4a28f8451fbc1848fd2d1b99203a7c75876123f6 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
[openssl/openssl] 3be529: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 3be529cd2eb4eb3eaaa7913af619fb9c918d4581 https://github.openssl.org/openssl/openssl/commit/3be529cd2eb4eb3eaaa7913af619fb9c918d4581 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
[openssl/openssl] dc0ef2: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: dc0ef292f7df4ce0c49c64b47726a6768f9ac044 https://github.openssl.org/openssl/openssl/commit/dc0ef292f7df4ce0c49c64b47726a6768f9ac044 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376)
[openssl/openssl] 59b8ec: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a https://github.openssl.org/openssl/openssl/commit/59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18370)
[openssl/openssl] 97c29c: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 97c29c0fdaab24898e449a3445609993b1c22e69 https://github.openssl.org/openssl/openssl/commit/97c29c0fdaab24898e449a3445609993b1c22e69 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18371) (cherry picked from commit b7e28c0bb1cdc07e36c7dc2467083236b931de31)
[openssl/openssl] b7e28c: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: b7e28c0bb1cdc07e36c7dc2467083236b931de31 https://github.openssl.org/openssl/openssl/commit/b7e28c0bb1cdc07e36c7dc2467083236b931de31 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18371)
[openssl/openssl] e4b84b: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb https://github.openssl.org/openssl/openssl/commit/e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18363)
[openssl/openssl] 094304: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 094304c5ef120f69e2bd2ff297515a91f348ace1 https://github.openssl.org/openssl/openssl/commit/094304c5ef120f69e2bd2ff297515a91f348ace1 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18365) (cherry picked from commit 97de6145851922a33f7afd9c308adfc1b2e5732b)
[openssl/openssl] 97de61: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 97de6145851922a33f7afd9c308adfc1b2e5732b https://github.openssl.org/openssl/openssl/commit/97de6145851922a33f7afd9c308adfc1b2e5732b Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18365)
[openssl/openssl] 8e1ece: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 8e1ece20cdb4a584be5311370256c4e813c09826 https://github.openssl.org/openssl/openssl/commit/8e1ece20cdb4a584be5311370256c4e813c09826 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18361)
[openssl/openssl] b8e87e: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7 https://github.openssl.org/openssl/openssl/commit/b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18366) (cherry picked from commit 22a96c6be41897d11a18455b2ab142422bc57f3f)
[openssl/openssl] 22a96c: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 22a96c6be41897d11a18455b2ab142422bc57f3f https://github.openssl.org/openssl/openssl/commit/22a96c6be41897d11a18455b2ab142422bc57f3f Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18366)
[openssl/openssl] 4aa3eb: Fix check of EVP_CIPHER_CTX_ctrl
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 4aa3eb454e89fd78884faa168a90ccf19d0bca3a https://github.openssl.org/openssl/openssl/commit/4aa3eb454e89fd78884faa168a90ccf19d0bca3a Author: Peiwei Hu Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M apps/speed.c M crypto/evp/evp_enc.c M providers/fips/self_test_kats.c M providers/implementations/macs/gmac_prov.c M ssl/t1_enc.c M ssl/tls13_enc.c M test/acvp_test.c M test/evp_extra_test.c M test/evp_test.c Log Message: --- Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18368) (cherry picked from commit d649c51a5388912277dffb56d921eb720db54be1)
[openssl/openssl] d649c5: Fix check of EVP_CIPHER_CTX_ctrl
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: d649c51a5388912277dffb56d921eb720db54be1 https://github.openssl.org/openssl/openssl/commit/d649c51a5388912277dffb56d921eb720db54be1 Author: Peiwei Hu Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M apps/speed.c M crypto/evp/evp_enc.c M providers/fips/self_test_kats.c M providers/implementations/macs/gmac_prov.c M ssl/t1_enc.c M ssl/tls13_enc.c M test/acvp_test.c M test/evp_extra_test.c M test/evp_test.c Log Message: --- Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18368)