[openssl/openssl] f68bd6: Fix possible double-free in pkcs7 add_attribute fu...
Branch: refs/heads/openssl-3.2 Home: https://github.com/openssl/openssl Commit: f68bd6f672e10d4101fa26c326daabfaaa3ddec6 https://github.com/openssl/openssl/commit/f68bd6f672e10d4101fa26c326daabfaaa3ddec6 Author: Bernd Edlinger Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M crypto/pkcs7/pk7_doit.c Log Message: --- Fix possible double-free in pkcs7 add_attribute function The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22721) (cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] fab911: Fix possible double-free in pkcs7 add_attribute fu...
Branch: refs/heads/openssl-3.3 Home: https://github.com/openssl/openssl Commit: fab9111520f17be27dead558fb0230c1653f7610 https://github.com/openssl/openssl/commit/fab9111520f17be27dead558fb0230c1653f7610 Author: Bernd Edlinger Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M crypto/pkcs7/pk7_doit.c Log Message: --- Fix possible double-free in pkcs7 add_attribute function The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22721) (cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] 6560ca: Fix possible double-free in pkcs7 add_attribute fu...
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 6560ca8f24094b14d17cc454aa49ad1b59041e41 https://github.com/openssl/openssl/commit/6560ca8f24094b14d17cc454aa49ad1b59041e41 Author: Bernd Edlinger Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M crypto/pkcs7/pk7_doit.c Log Message: --- Fix possible double-free in pkcs7 add_attribute function The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22721) (cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] ebe874: Fix possible double-free in pkcs7 add_attribute fu...
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: ebe874a0a510e04f3ff043acd1548abd2eef46cb https://github.com/openssl/openssl/commit/ebe874a0a510e04f3ff043acd1548abd2eef46cb Author: Bernd Edlinger Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M crypto/pkcs7/pk7_doit.c Log Message: --- Fix possible double-free in pkcs7 add_attribute function The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22721) (cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] 82a13a: Fix possible double-free in pkcs7 add_attribute fu...
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 82a13a1f5053462f826bfb90061f0f77e3cc98a5 https://github.com/openssl/openssl/commit/82a13a1f5053462f826bfb90061f0f77e3cc98a5 Author: Bernd Edlinger Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M crypto/pkcs7/pk7_doit.c Log Message: --- Fix possible double-free in pkcs7 add_attribute function The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22721) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] 12d40c: Fix error handling in CMS_EncryptedData_encrypt
Branch: refs/heads/openssl-3.3 Home: https://github.com/openssl/openssl Commit: 12d40c9af546607de5809fc10a211ac7ae4646b3 https://github.com/openssl/openssl/commit/12d40c9af546607de5809fc10a211ac7ae4646b3 Author: Bernd Edlinger Date: 2024-05-06 (Mon, 06 May 2024) Changed paths: M crypto/cms/cms_asn1.c M crypto/cms/cms_env.c M crypto/cms/cms_lib.c M crypto/cms/cms_local.h M crypto/cms/cms_sd.c M crypto/cms/cms_smime.c M test/recipes/80-test_cms.t Log Message: --- Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used in the normal way, but instead just deleted by CMS_ContentInfo_free some memory was lost. Fixes #21985 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22031) (cherry picked from commit 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] a0f6e1: Fix error handling in CMS_EncryptedData_encrypt
Branch: refs/heads/openssl-3.2 Home: https://github.com/openssl/openssl Commit: a0f6e1f26287280b2961f6bab7addb7a5ad45c1e https://github.com/openssl/openssl/commit/a0f6e1f26287280b2961f6bab7addb7a5ad45c1e Author: Bernd Edlinger Date: 2024-05-06 (Mon, 06 May 2024) Changed paths: M crypto/cms/cms_asn1.c M crypto/cms/cms_env.c M crypto/cms/cms_lib.c M crypto/cms/cms_local.h M crypto/cms/cms_sd.c M crypto/cms/cms_smime.c M test/recipes/80-test_cms.t Log Message: --- Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used in the normal way, but instead just deleted by CMS_ContentInfo_free some memory was lost. Fixes #21985 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22031) (cherry picked from commit 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] 6d2a01: Fix error handling in CMS_EncryptedData_encrypt
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2 https://github.com/openssl/openssl/commit/6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2 Author: Bernd Edlinger Date: 2024-05-06 (Mon, 06 May 2024) Changed paths: M crypto/cms/cms_asn1.c M crypto/cms/cms_env.c M crypto/cms/cms_lib.c M crypto/cms/cms_local.h M crypto/cms/cms_sd.c M crypto/cms/cms_smime.c M test/recipes/80-test_cms.t Log Message: --- Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used in the normal way, but instead just deleted by CMS_ContentInfo_free some memory was lost. Fixes #21985 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22031) To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
[openssl/openssl] 511d8c: Resign test/certs/rootCA.pem to expire in 100 years
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 511d8c0fb0eaaba4118362ac791f0ed09f89385e https://github.com/openssl/openssl/commit/511d8c0fb0eaaba4118362ac791f0ed09f89385e Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/rootCA.pem Log Message: --- Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)
[openssl/openssl] cf1a7c: Update the validity period of ed25519 cerificates
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: cf1a7cf22eb4d66bb62e0424fa1c8b9e6f7aefaa https://github.com/openssl/openssl/commit/cf1a7cf22eb4d66bb62e0424fa1c8b9e6f7aefaa Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/ee-ed25519.pem M test/certs/root-ed25519.pem Log Message: --- Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba) Commit: f868abcc5dbcbed6ca2e33bdb9bf06c817a4cce3 https://github.com/openssl/openssl/commit/f868abcc5dbcbed6ca2e33bdb9bf06c817a4cce3 Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/rootCA.pem Log Message: --- Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf) Compare: https://github.com/openssl/openssl/compare/2c0ae1e92512...f868abcc5dbc
[openssl/openssl] 2f27b9: Update the validity period of ed25519 cerificates
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 2f27b9363e878c0f318eefe59cd782b3f4530ce7 https://github.com/openssl/openssl/commit/2f27b9363e878c0f318eefe59cd782b3f4530ce7 Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/ee-ed25519.pem M test/certs/root-ed25519.pem Log Message: --- Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)
[openssl/openssl] a7b0ea: Update the validity period of ed25519 cerificates
Branch: refs/heads/openssl-3.1 Home: https://github.com/openssl/openssl Commit: a7b0ea5ad0486c83a4b58937b56ac06bc4f148c9 https://github.com/openssl/openssl/commit/a7b0ea5ad0486c83a4b58937b56ac06bc4f148c9 Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/ee-ed25519.pem M test/certs/root-ed25519.pem Log Message: --- Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba) Commit: 38977853ec07813535a0529b7b256b9180cb830b https://github.com/openssl/openssl/commit/38977853ec07813535a0529b7b256b9180cb830b Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/rootCA.pem Log Message: --- Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) (cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf) Compare: https://github.com/openssl/openssl/compare/66ecce223ced...38977853ec07
[openssl/openssl] 42f917: Update the validity period of ed25519 cerificates
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 42f917432999b34ad8618ae03a5f199738a2b5ba https://github.com/openssl/openssl/commit/42f917432999b34ad8618ae03a5f199738a2b5ba Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/ee-ed25519.pem M test/certs/root-ed25519.pem Log Message: --- Update the validity period of ed25519 cerificates Note: The private key is test/certs/root-ed25519.privkey.pem Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) Commit: 43086b1bd48958ce95fadba8459ad88675da4fdf https://github.com/openssl/openssl/commit/43086b1bd48958ce95fadba8459ad88675da4fdf Author: Bernd Edlinger Date: 2022-11-12 (Sat, 12 Nov 2022) Changed paths: M test/certs/rootCA.pem Log Message: --- Resign test/certs/rootCA.pem to expire in 100 years Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19654) Compare: https://github.com/openssl/openssl/compare/a0783b83a3bd...43086b1bd489
[openssl/openssl] 5b5ab6: Fix an occasional CI failure due to unaligned access
Branch: refs/heads/openssl-3.0 Home: https://github.com/openssl/openssl Commit: 5b5ab6ebe6d8bcb7487112d7382847abffb7c7ed https://github.com/openssl/openssl/commit/5b5ab6ebe6d8bcb7487112d7382847abffb7c7ed Author: Bernd Edlinger Date: 2022-10-13 (Thu, 13 Oct 2022) Changed paths: M crypto/bn/rsaz_exp_x2.c Log Message: --- Fix an occasional CI failure due to unaligned access This happens rarely, but only because very few CI runs use the exotic CPU type that is necessary to execute anything within rsaz_exp_x2.c and enable UBSAN at the same time. crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 0x61222cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment 0x61222cc6: note: pointer points here 84 a3 78 e0 8e 8d 4a a5 51 9c 57 d0 d6 41 f3 26 d1 4e e1 98 42 b5 3a 9f 04 f1 73 d2 1d bf 73 44 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto/bn/rsaz_exp_x2.c:562:20 in ../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1 not ok 2 - Fuzzing server Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19412)
[openssl/openssl] 851152: Fix an occasional CI failure due to unaligned access
Branch: refs/heads/master Home: https://github.com/openssl/openssl Commit: 8511520842b744d1794ea794c032ce5f78cd874b https://github.com/openssl/openssl/commit/8511520842b744d1794ea794c032ce5f78cd874b Author: Bernd Edlinger Date: 2022-10-13 (Thu, 13 Oct 2022) Changed paths: M crypto/bn/rsaz_exp_x2.c Log Message: --- Fix an occasional CI failure due to unaligned access This happens rarely, but only because very few CI runs use the exotic CPU type that is necessary to execute anything within rsaz_exp_x2.c and enable UBSAN at the same time. crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 0x61222cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment 0x61222cc6: note: pointer points here 84 a3 78 e0 8e 8d 4a a5 51 9c 57 d0 d6 41 f3 26 d1 4e e1 98 42 b5 3a 9f 04 f1 73 d2 1d bf 73 44 ^ SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior crypto/bn/rsaz_exp_x2.c:562:20 in ../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1 not ok 2 - Fuzzing server Reviewed-by: Hugo Landau Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19394)
[openssl/openssl] 26cfeb: Fix copyright year issues
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.com/openssl/openssl Commit: 26cfeb76cfda55ba5248219f40252af7c2b22be1 https://github.com/openssl/openssl/commit/26cfeb76cfda55ba5248219f40252af7c2b22be1 Author: Bernd Edlinger Date: 2022-07-30 (Sat, 30 Jul 2022) Changed paths: M .github/workflows/ci.yml M crypto/asn1/charmap.pl M crypto/bn/bn_prime.pl M crypto/conf/keysets.pl M crypto/objects/obj_dat.pl M crypto/objects/objects.pl M crypto/objects/objxref.pl A util/perl/OpenSSL/copyright.pm Log Message: --- Fix copyright year issues Fixes: #13765 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17706)
[openssl/openssl] 26cfeb: Fix copyright year issues
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 26cfeb76cfda55ba5248219f40252af7c2b22be1 https://github.openssl.org/openssl/openssl/commit/26cfeb76cfda55ba5248219f40252af7c2b22be1 Author: Bernd Edlinger Date: 2022-07-30 (Sat, 30 Jul 2022) Changed paths: M .github/workflows/ci.yml M crypto/asn1/charmap.pl M crypto/bn/bn_prime.pl M crypto/conf/keysets.pl M crypto/objects/obj_dat.pl M crypto/objects/objects.pl M crypto/objects/objxref.pl A util/perl/OpenSSL/copyright.pm Log Message: --- Fix copyright year issues Fixes: #13765 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17706)
[openssl/openssl] 625849: Fix visual glitch in non-verbose test output
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 625849ef3834d66d59559648420e4506cb1f3671 https://github.openssl.org/openssl/openssl/commit/625849ef3834d66d59559648420e4506cb1f3671 Author: Bernd Edlinger Date: 2022-07-26 (Tue, 26 Jul 2022) Changed paths: M test/recipes/80-test_cmp_http.t Log Message: --- Fix visual glitch in non-verbose test output This fixes a glitch in the non-verbose test output $ make test [...] 80-test_ciphername.t ok 80-test_cmp_http.t .. 5/? 80-test_cmp_http.t .. ok 611 80-test_cms.t ... ok 80-test_cmsapi.t ok Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18401) (cherry picked from commit 128d1c3c0a12fe68175a460e06daf1e0d940f681)
[openssl/openssl] ad2f4c: Remove duplicated BIO_get_ktls_send calls in do_ss...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: ad2f4cdcb1875b16e0f5581ab1ee0bae572c68e6 https://github.openssl.org/openssl/openssl/commit/ad2f4cdcb1875b16e0f5581ab1ee0bae572c68e6 Author: Bernd Edlinger Date: 2022-07-18 (Mon, 18 Jul 2022) Changed paths: M ssl/record/rec_layer_s3.c M ssl/record/ssl3_record.c Log Message: --- Remove duplicated BIO_get_ktls_send calls in do_ssl3_write This rather long function used to call BIO_get_ktls_send mutliple times, although that result cannot change during the execution of that function. There was a similar unnecessary call to BIO_get_ktls_recv in ssl3_get_record. And while I'm already there, rewrite ssl3_write_bytes to use BIO_get_ktls_send as a boolean (so using "!" instead of "== 0"). Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18304)
[openssl/openssl] 17098c: Make the DRBG seed propagation thread safe
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 17098c116d68b3a01fcb688487dccdc0c10b8f63 https://github.openssl.org/openssl/openssl/commit/17098c116d68b3a01fcb688487dccdc0c10b8f63 Author: Bernd Edlinger Date: 2022-07-09 (Sat, 09 Jul 2022) Changed paths: M crypto/rand/drbg_lib.c M crypto/rand/rand_lib.c Log Message: --- Make the DRBG seed propagation thread safe Currently there is a race possible because the reseed_counter of the master drbg may be incremented after the get_entropy call. Therefore access the parent's reseed_counter while still holding the rand_drbg_lock. This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16900)
[openssl/openssl] 385026: Fix reported performance degradation on aarch64
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 38502628e1d8450cf412c6ab180f46af26ecd8d9 https://github.openssl.org/openssl/openssl/commit/38502628e1d8450cf412c6ab180f46af26ecd8d9 Author: Bernd Edlinger Date: 2022-07-08 (Fri, 08 Jul 2022) Changed paths: M crypto/aes/asm/aesv8-armx.pl Log Message: --- Fix reported performance degradation on aarch64 This restores the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower, and the silicon errata only affects 32bit targets. Only for 32bit targets the new algorithm is used. Fixes #18445 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18581) (cherry picked from commit 65523758e546fcef0f930e5f8878ef51d174dbc8)
[openssl/openssl] 655237: Fix reported performance degradation on aarch64
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 65523758e546fcef0f930e5f8878ef51d174dbc8 https://github.openssl.org/openssl/openssl/commit/65523758e546fcef0f930e5f8878ef51d174dbc8 Author: Bernd Edlinger Date: 2022-07-08 (Fri, 08 Jul 2022) Changed paths: M crypto/aes/asm/aesv8-armx.pl Log Message: --- Fix reported performance degradation on aarch64 This restores the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower, and the silicon errata only affects 32bit targets. Only for 32bit targets the new algorithm is used. Fixes #18445 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18581)
[openssl/openssl] a93780: Fix a memory leak in tls13_generate_secret
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: a937806043bda5775091844050e8c632a41922ac https://github.openssl.org/openssl/openssl/commit/a937806043bda5775091844050e8c632a41922ac Author: Bernd Edlinger Date: 2022-07-07 (Thu, 07 Jul 2022) Changed paths: M ssl/tls13_enc.c Log Message: --- Fix a memory leak in tls13_generate_secret This was found by my Reproducible Error Injection patch (#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #15 0x55fb9117e939 in main fuzz/test-corpus.c:194 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #12 0x55fb9117e939 in main fuzz/test-corpus.c:194 #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) = ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 #4 0x7fceafa03b36 in
[openssl/openssl] a8f6d7: Fix reported performance degradation on aarch64
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: a8f6d73fda64d514171e99a50d1483c0c0b8d968 https://github.openssl.org/openssl/openssl/commit/a8f6d73fda64d514171e99a50d1483c0c0b8d968 Author: Bernd Edlinger Date: 2022-07-06 (Wed, 06 Jul 2022) Changed paths: M crypto/aes/asm/aesv8-armx.pl Log Message: --- Fix reported performance degradation on aarch64 This restores the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower, and the silicon errata only affects 32bit targets. Only for 32bit targets the new algorithm is used. Fixes #18445 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18539)
[openssl/openssl] 4c1cf6: Fix compile issues in test/v3ext.c with no-rfc3779
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a https://github.openssl.org/openssl/openssl/commit/4c1cf6d39bb8e85658ac8c743dcff8ede730f76a Author: Bernd Edlinger Date: 2022-07-05 (Tue, 05 Jul 2022) Changed paths: M test/v3ext.c Log Message: --- Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) (cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
[openssl/openssl] 6c8879: Fix a memory leak in EC_GROUP_new_from_ecparameters
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 6c8879c8bf6030666c851623f93fff03c1266715 https://github.openssl.org/openssl/openssl/commit/6c8879c8bf6030666c851623f93fff03c1266715 Author: Bernd Edlinger Date: 2022-06-25 (Sat, 25 Jun 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) = ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto
[openssl/openssl] cc7c12: Fix a memory leak in EC_GROUP_new_from_ecparameters
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: cc7c127d697aba4f9630f5516d6f0e680f20332a https://github.openssl.org/openssl/openssl/commit/cc7c127d697aba4f9630f5516d6f0e680f20332a Author: Bernd Edlinger Date: 2022-06-25 (Sat, 25 Jun 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) = ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn
[openssl/openssl] be5086: Fix a memory leak in EC_GROUP_new_from_ecparameters
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: be50862e72d96e599fbbb69f41b5af651c97 https://github.openssl.org/openssl/openssl/commit/be50862e72d96e599fbbb69f41b5af651c97 Author: Bernd Edlinger Date: 2022-06-25 (Sat, 25 Jun 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #26 0x402afb in testfile fuzz/test-corpus.c:182 #27 0x402656 in main fuzz/test-corpus.c:226 #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) = ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 #22 0x402afb in testfile fuzz/test-corpus.c:182 #23 0x402656 in main fuzz/test-corpus.c:226 #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c
[openssl/openssl] f49b5c: Add a CI workflow for no-rfc3779
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: f49b5c3094a4b09ced0572e53a5ed1094b450618 https://github.openssl.org/openssl/openssl/commit/f49b5c3094a4b09ced0572e53a5ed1094b450618 Author: Bernd Edlinger Date: 2022-06-23 (Thu, 23 Jun 2022) Changed paths: M .github/workflows/run-checker-ci.yml Log Message: --- Add a CI workflow for no-rfc3779 Currently this configurations seem to be failing. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit a09adac311975afcb5ad099b2e1cfc7eb1e72865) Commit: 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232 https://github.openssl.org/openssl/openssl/commit/665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232 Author: Bernd Edlinger Date: 2022-06-23 (Thu, 23 Jun 2022) Changed paths: M test/v3ext.c Log Message: --- Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18634) (cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe) Compare: https://github.openssl.org/openssl/openssl/compare/3d0da0c2a049...665ab12ed3f0
[openssl/openssl] a09ada: Add a CI workflow for no-rfc3779
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: a09adac311975afcb5ad099b2e1cfc7eb1e72865 https://github.openssl.org/openssl/openssl/commit/a09adac311975afcb5ad099b2e1cfc7eb1e72865 Author: Bernd Edlinger Date: 2022-06-23 (Thu, 23 Jun 2022) Changed paths: M .github/workflows/run-checker-ci.yml Log Message: --- Add a CI workflow for no-rfc3779 Currently this configurations seem to be failing. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18634) Commit: b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe https://github.openssl.org/openssl/openssl/commit/b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe Author: Bernd Edlinger Date: 2022-06-23 (Thu, 23 Jun 2022) Changed paths: M test/v3ext.c Log Message: --- Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18634) Compare: https://github.openssl.org/openssl/openssl/compare/f7346cab45a7...b76efe61ea97
[openssl/openssl] 4650cf: Fix a use after free in error handling of hmac_dup
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 4650cf23c84f33354e5284fbcf56f131aa83343b https://github.openssl.org/openssl/openssl/commit/4650cf23c84f33354e5284fbcf56f131aa83343b Author: Bernd Edlinger Date: 2022-06-10 (Fri, 10 Jun 2022) Changed paths: M providers/implementations/macs/hmac_prov.c Log Message: --- Fix a use after free in error handling of hmac_dup dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18502) (cherry picked from commit cec1699f1f54ba8b87f055776dc77b48dd37d5fa)
[openssl/openssl] cec169: Fix a use after free in error handling of hmac_dup
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: cec1699f1f54ba8b87f055776dc77b48dd37d5fa https://github.openssl.org/openssl/openssl/commit/cec1699f1f54ba8b87f055776dc77b48dd37d5fa Author: Bernd Edlinger Date: 2022-06-10 (Fri, 10 Jun 2022) Changed paths: M providers/implementations/macs/hmac_prov.c Log Message: --- Fix a use after free in error handling of hmac_dup dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18502)
[openssl/openssl] 47d8a1: Change the SCT issuer key to RSA 2048
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 47d8a1cb53e908132c26e96be0506dbc66773b0c https://github.openssl.org/openssl/openssl/commit/47d8a1cb53e908132c26e96be0506dbc66773b0c Author: Bernd Edlinger Date: 2022-06-03 (Fri, 03 Jun 2022) Changed paths: M test/certs/embeddedSCTs1.pem M test/certs/embeddedSCTs1.sct M test/certs/embeddedSCTs1_issuer-key.pem M test/certs/embeddedSCTs1_issuer.pem M test/ssl-tests/12-ct.cnf.in Log Message: --- Change the SCT issuer key to RSA 2048 This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in. Reviewed-by: Paul Dale Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/18450) (cherry picked from commit 479b9adb88b9050186c1e9fc94879906f378b14b)
[openssl/openssl] 479b9a: Change the SCT issuer key to RSA 2048
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 479b9adb88b9050186c1e9fc94879906f378b14b https://github.openssl.org/openssl/openssl/commit/479b9adb88b9050186c1e9fc94879906f378b14b Author: Bernd Edlinger Date: 2022-06-03 (Fri, 03 Jun 2022) Changed paths: M test/certs/embeddedSCTs1.pem M test/certs/embeddedSCTs1.sct M test/certs/embeddedSCTs1_issuer-key.pem M test/certs/embeddedSCTs1_issuer.pem M test/ssl-tests/12-ct.cnf M test/ssl-tests/12-ct.cnf.in Log Message: --- Change the SCT issuer key to RSA 2048 This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in. Reviewed-by: Paul Dale Reviewed-by: Todd Short (Merged from https://github.com/openssl/openssl/pull/18450)
[openssl/openssl] 128d1c: Fix visual glitch in non-verbose test output
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 128d1c3c0a12fe68175a460e06daf1e0d940f681 https://github.openssl.org/openssl/openssl/commit/128d1c3c0a12fe68175a460e06daf1e0d940f681 Author: Bernd Edlinger Date: 2022-05-28 (Sat, 28 May 2022) Changed paths: M test/recipes/80-test_cmp_http.t Log Message: --- Fix visual glitch in non-verbose test output This fixes a glitch in the non-verbose test output $ make test [...] 80-test_ciphername.t ok 80-test_cmp_http.t .. 5/? 80-test_cmp_http.t .. ok 611 80-test_cms.t ... ok 80-test_cmsapi.t ok Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18401)
[openssl/openssl] cb0c36: Fix style nits in crl_set_issuers
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: cb0c36d124991e35a9e778056ec8fce23a14dad5 https://github.openssl.org/openssl/openssl/commit/cb0c36d124991e35a9e778056ec8fce23a14dad5 Author: Bernd Edlinger Date: 2022-05-25 (Wed, 25 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix style nits in crl_set_issuers Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18385)
[openssl/openssl] 8754fa: Fix a memory leak in crl_set_issuers
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 https://github.openssl.org/openssl/openssl/commit/8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 Author: Bernd Edlinger Date: 2022-05-25 (Wed, 25 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #24 0x402bbb in testfile fuzz/test-corpus.c:182 #25 0x402626 in main fuzz/test-corpus.c:226 #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) = ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #28
[openssl/openssl] 046b0d: Fix a memory leak in crl_set_issuers
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 046b0d7ad96d754cf39691fd3f1db01a9ee2dc7d https://github.openssl.org/openssl/openssl/commit/046b0d7ad96d754cf39691fd3f1db01a9ee2dc7d Author: Bernd Edlinger Date: 2022-05-25 (Wed, 25 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #24 0x402bbb in testfile fuzz/test-corpus.c:182 #25 0x402626 in main fuzz/test-corpus.c:226 #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) = ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #28 0x402845 in
[openssl/openssl] e9007e: Fix a memory leak in crl_set_issuers
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: e9007e09792e3735d4973743634ff55d354fc7d8 https://github.openssl.org/openssl/openssl/commit/e9007e09792e3735d4973743634ff55d354fc7d8 Author: Bernd Edlinger Date: 2022-05-25 (Wed, 25 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 #24 0x402bbb in testfile fuzz/test-corpus.c:182 #25 0x402626 in main fuzz/test-corpus.c:226 #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) = ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 #28 0x402845 in
[openssl/openssl] 4a28f8: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 4a28f8451fbc1848fd2d1b99203a7c75876123f6 https://github.openssl.org/openssl/openssl/commit/4a28f8451fbc1848fd2d1b99203a7c75876123f6 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
[openssl/openssl] 3be529: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 3be529cd2eb4eb3eaaa7913af619fb9c918d4581 https://github.openssl.org/openssl/openssl/commit/3be529cd2eb4eb3eaaa7913af619fb9c918d4581 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376) (cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
[openssl/openssl] dc0ef2: Fix a crash in ssl_security_cert_chain
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: dc0ef292f7df4ce0c49c64b47726a6768f9ac044 https://github.openssl.org/openssl/openssl/commit/dc0ef292f7df4ce0c49c64b47726a6768f9ac044 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M ssl/t1_lib.c Log Message: --- Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL = ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18376)
[openssl/openssl] 59b8ec: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a https://github.openssl.org/openssl/openssl/commit/59b8eca400d9ea7b77dc98fe08a91bbfe35d025a Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18370)
[openssl/openssl] 97c29c: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 97c29c0fdaab24898e449a3445609993b1c22e69 https://github.openssl.org/openssl/openssl/commit/97c29c0fdaab24898e449a3445609993b1c22e69 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18371) (cherry picked from commit b7e28c0bb1cdc07e36c7dc2467083236b931de31)
[openssl/openssl] b7e28c: Fix a memory leak in X509_issuer_and_serial_hash
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: b7e28c0bb1cdc07e36c7dc2467083236b931de31 https://github.openssl.org/openssl/openssl/commit/b7e28c0bb1cdc07e36c7dc2467083236b931de31 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/x509/x509_cmp.c Log Message: --- Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) = ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18371)
[openssl/openssl] e4b84b: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb https://github.openssl.org/openssl/openssl/commit/e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18363)
[openssl/openssl] 094304: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 094304c5ef120f69e2bd2ff297515a91f348ace1 https://github.openssl.org/openssl/openssl/commit/094304c5ef120f69e2bd2ff297515a91f348ace1 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18365) (cherry picked from commit 97de6145851922a33f7afd9c308adfc1b2e5732b)
[openssl/openssl] 97de61: Fix undefined behaviour in EC_GROUP_new_from_ecpar...
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 97de6145851922a33f7afd9c308adfc1b2e5732b https://github.openssl.org/openssl/openssl/commit/97de6145851922a33f7afd9c308adfc1b2e5732b Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_asn1.c Log Message: --- Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18365)
[openssl/openssl] 8e1ece: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 8e1ece20cdb4a584be5311370256c4e813c09826 https://github.openssl.org/openssl/openssl/commit/8e1ece20cdb4a584be5311370256c4e813c09826 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18361)
[openssl/openssl] b8e87e: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7 https://github.openssl.org/openssl/openssl/commit/b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7 Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18366) (cherry picked from commit 22a96c6be41897d11a18455b2ab142422bc57f3f)
[openssl/openssl] 22a96c: Fix a memory leak in ec_key_simple_oct2priv
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 22a96c6be41897d11a18455b2ab142422bc57f3f https://github.openssl.org/openssl/openssl/commit/22a96c6be41897d11a18455b2ab142422bc57f3f Author: Bernd Edlinger Date: 2022-05-24 (Tue, 24 May 2022) Changed paths: M crypto/ec/ec_key.c Log Message: --- Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: = ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18366)
[openssl/openssl] 8e60f4: Fix a crash in asn1_item_embed_new
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 8e60f41d064786f95440e4c56660ffe983d7 https://github.openssl.org/openssl/openssl/commit/8e60f41d064786f95440e4c56660ffe983d7 Author: Bernd Edlinger Date: 2022-05-23 (Mon, 23 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL = ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18360) (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
[openssl/openssl] e539c4: Fix a crash in asn1_item_embed_new
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: e539c4c41aa56fa66e7be86fcc14ac3910b474a6 https://github.openssl.org/openssl/openssl/commit/e539c4c41aa56fa66e7be86fcc14ac3910b474a6 Author: Bernd Edlinger Date: 2022-05-23 (Mon, 23 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL = ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18360) (cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
[openssl/openssl] 557825: Fix a crash in asn1_item_embed_new
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 557825acd622f98fc21423aba092e374db84f483 https://github.openssl.org/openssl/openssl/commit/557825acd622f98fc21423aba092e374db84f483 Author: Bernd Edlinger Date: 2022-05-23 (Mon, 23 May 2022) Changed paths: M crypto/x509/x_crl.c Log Message: --- Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #21 0x40893b in testfile fuzz/test-corpus.c:182 #22 0x406b86 in main fuzz/test-corpus.c:226 #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL = ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 #14 0x40893b in testfile fuzz/test-corpus.c:182 #15 0x406b86 in main fuzz/test-corpus.c:226 #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18360)
[openssl/openssl] 03ba56: Backport some fuzzing data files from master
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 03ba56f1525c93eb3dfe72f85cdc698b97918e59 https://github.openssl.org/openssl/openssl/commit/03ba56f1525c93eb3dfe72f85cdc698b97918e59 Author: Bernd Edlinger Date: 2022-05-21 (Sat, 21 May 2022) Changed paths: A fuzz/corpora/x509/21c8004279f4b57fd8f904382cf138effd089b25 A fuzz/corpora/x509/2bd8a58cc944497f08ea233d69443d6696c9fb3f A fuzz/corpora/x509/2fe700400bc899b9e7f30d66be5b19271ac47c64 A fuzz/corpora/x509/31305f3b3ee0a5510918efdad62d29da23c1d057 A fuzz/corpora/x509/382c9ce318e5d7abe889c3b2e9ace063d9ef5344 A fuzz/corpora/x509/39cf74c117b5dba51828cff51a27790c737045d7 A fuzz/corpora/x509/57927e05973120e02ca3e0af582a70d3398f085f A fuzz/corpora/x509/5dbc640a493e76958fdb2c73c9da4d9101f30061 A fuzz/corpora/x509/6a1cee93d3b815669b0c65bde8e391c614a29ea3 A fuzz/corpora/x509/6dcc554810035cc46962eac88c1883623f3e69c6 A fuzz/corpora/x509/76b8ba06006375c9c47466dacf3a53021672df12 A fuzz/corpora/x509/8b5fc9262d78c8c87d100ead207dc93df6361295 A fuzz/corpora/x509/9900db635402ea32ef26249b5f811a0d85a56385 A fuzz/corpora/x509/9901a721c7fe85b8208198cc5e77ac719f592577 A fuzz/corpora/x509/aa0e6c5373568c9d7f48dc627d19400208baed83 A fuzz/corpora/x509/b1259bf4ca791b0f46887d9a959598e3ed5b6d33 A fuzz/corpora/x509/b73532123cb6a663e8cf7334de9c9771ecb432f7 A fuzz/corpora/x509/ce89063b8353b1880cb86f73f618a4008d83532a A fuzz/corpora/x509/d056ac458b78c0344a83c0383f76a20dbb4dcdbc A fuzz/corpora/x509/d57f9f790ec3895b7e11969a0b319bf274284be3 A fuzz/corpora/x509/d60a803dc64c2f98c732660fb006b944df9f9270 A fuzz/corpora/x509/e690741d65108fc3e8ce0af814e6b6967cfad51c A fuzz/corpora/x509/e7c6f4d50fb62030e2259c94f3a423e0d1c0fa16 A fuzz/corpora/x509/e8ff454fe20035d1ee1c6fbb50cda330e8a48d47 A fuzz/corpora/x509/ea973eb22df5eedd5f52639e1ad0950118c76b2e A fuzz/corpora/x509/ebabb2852689b7bedc46cc38d10deb4a4be8c8f7 A fuzz/corpora/x509/ec16dacfbdb34e2a1f0909ec9c59f9e6fa7d5ab3 A fuzz/corpora/x509/ee7a250cc7b123f8f3000fa2b0c045efd080f752 A fuzz/corpora/x509/f11550062adba3ac78fccf835a882a68e1bffab2 A fuzz/corpora/x509/f11f61828aa0a0fecaf44cbc155d7e174d814eb6 A fuzz/corpora/x509/f1506975d926f6e98be686ea147854951d8fefcc A fuzz/corpora/x509/f3aebf0d2a2db39f8e4917e5b6a0e5fb0e0ce806 A fuzz/corpora/x509/f5f0426c6dafa100b79a8675f15aca90a68d9e16 A fuzz/corpora/x509/f6735b84d4c704f3674a50e6475c83bc2a3d6f1f A fuzz/corpora/x509/fa4768c5efcb1b5c8ecda30b263f5e9ca4320718 A fuzz/corpora/x509/fae428be68618af3fc3fb89ab79d92f9d1a9b1b9 A fuzz/corpora/x509/fb92fed0a0bc2235437683e655533d84b64a59c0 A fuzz/corpora/x509/fc48a26e3e5e2a9229452819e8605b1cbfdd9892 A fuzz/corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 Log Message: --- Backport some fuzzing data files from master This is a backport of the following commit from master: commit 415e6ac80405e13b20b083315747e431274fbd33 Author: Tavis Ormandy Date: Tue Sep 21 15:48:27 2021 -0700 increase x509 code coverage metrics Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16651) Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18347) Commit: 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb https://github.openssl.org/openssl/openssl/commit/17519e2595b5ed8211a7763ff6eb2d6cf47c13cb Author: Bernd Edlinger Date: 2022-05-21 (Sat, 21 May 2022) Changed paths: M crypto/x509v3/v3_sxnet.c A fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28 Log Message: --- Backport a missing bug-fix from master This is a backport of the following commit from master: commit 61b0fead5e6079ca826594df5b9ca00e65883cb0 Author: Matt Caswell Date: Thu Nov 19 13:58:21 2020 + Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/13452) Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18347) Compare: https://github.openssl.org/openssl/openssl/compare/e04ba889594d...17519e2595b5
[openssl/openssl] c6c360: Fix KTLS with BIO_new_connect
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: c6c3602e943b1e9acfa79c3a27d3b47e7b116064 https://github.openssl.org/openssl/openssl/commit/c6c3602e943b1e9acfa79c3a27d3b47e7b116064 Author: Bernd Edlinger Date: 2022-05-17 (Tue, 17 May 2022) Changed paths: M crypto/bio/bio_sock.c M crypto/bio/bio_sock2.c M crypto/bio/bss_conn.c M test/ssl_old_test.c Log Message: --- Fix KTLS with BIO_new_connect When a socket connection is done using BIO_new_connect, the ktls_enable is done too early, and fails with ENOTCONN. Therefore the KLTS ioctl will fail later with ENOPROTOOPT. Fix that by doing the ktls_enable after the connection succeeded, not when the socket is created as that will always fail. One example where this happens is doit_localhost in test/ssl_old_test.c, and therefore, contrary to the expectation the -client_ktls option did never enable the client KTLS connection, but this was not noticed, because there was no diagnostic output, and it was only visible with strace output. Also enhanced the ssl_old_test -client_ktls/-server_ktls options together with -v option to print a summary line if and how KTLS was negotiated in server and client. While I am already there adjusted the usage info of the -s_cert, -s_key commands, and allow -time to print the timings of ktls connections. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18318) (cherry picked from commit 598bd7741568a1aae678e5472f18aae1ab991e8d)
[openssl/openssl] 598bd7: Fix KTLS with BIO_new_connect
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: 598bd7741568a1aae678e5472f18aae1ab991e8d https://github.openssl.org/openssl/openssl/commit/598bd7741568a1aae678e5472f18aae1ab991e8d Author: Bernd Edlinger Date: 2022-05-17 (Tue, 17 May 2022) Changed paths: M crypto/bio/bio_sock.c M crypto/bio/bio_sock2.c M crypto/bio/bss_conn.c M test/ssl_old_test.c Log Message: --- Fix KTLS with BIO_new_connect When a socket connection is done using BIO_new_connect, the ktls_enable is done too early, and fails with ENOTCONN. Therefore the KLTS ioctl will fail later with ENOPROTOOPT. Fix that by doing the ktls_enable after the connection succeeded, not when the socket is created as that will always fail. One example where this happens is doit_localhost in test/ssl_old_test.c, and therefore, contrary to the expectation the -client_ktls option did never enable the client KTLS connection, but this was not noticed, because there was no diagnostic output, and it was only visible with strace output. Also enhanced the ssl_old_test -client_ktls/-server_ktls options together with -v option to print a summary line if and how KTLS was negotiated in server and client. While I am already there adjusted the usage info of the -s_cert, -s_key commands, and allow -time to print the timings of ktls connections. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/18318)
[openssl/openssl] fcbd8b: Update .gitignore
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: fcbd8be18229ef7aa32369d2e9c747348f7d6490 https://github.openssl.org/openssl/openssl/commit/fcbd8be18229ef7aa32369d2e9c747348f7d6490 Author: Bernd Edlinger Date: 2022-05-06 (Fri, 06 May 2022) Changed paths: M .gitignore Log Message: --- Update .gitignore add /test/evp_pkey_ctx_new_from_name Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18251) (cherry picked from commit ac23650c1e53658227436aecc8de03a7ac3d1b9a)
[openssl/openssl] ac2365: Update .gitignore
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: ac23650c1e53658227436aecc8de03a7ac3d1b9a https://github.openssl.org/openssl/openssl/commit/ac23650c1e53658227436aecc8de03a7ac3d1b9a Author: Bernd Edlinger Date: 2022-05-06 (Fri, 06 May 2022) Changed paths: M .gitignore Log Message: --- Update .gitignore add /test/evp_pkey_ctx_new_from_name Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18251)
[openssl/openssl] 564a8d: Fix an assertion in the DTLS server code
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 https://github.openssl.org/openssl/openssl/commit/564a8d442cbd8ce68d452ff2e8a58c0aea6b0632 Author: Bernd Edlinger Date: 2022-04-14 (Thu, 14 Apr 2022) Changed paths: M ssl/statem/statem_dtls.c M test/dtls_mtu_test.c Log Message: --- Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED >From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(0003) 40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18093) (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)
[openssl/openssl] 0699e9: Fix an assertion in the DTLS server code
Branch: refs/heads/openssl-3.0 Home: https://github.openssl.org/openssl/openssl Commit: 0699e96f1f65a89222f1dfe054e69957801a4f1c https://github.openssl.org/openssl/openssl/commit/0699e96f1f65a89222f1dfe054e69957801a4f1c Author: Bernd Edlinger Date: 2022-04-14 (Thu, 14 Apr 2022) Changed paths: M ssl/statem/statem_dtls.c M test/dtls_mtu_test.c Log Message: --- Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED >From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(0003) 40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18093) (cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)
[openssl/openssl] e915c3: Fix an assertion in the DTLS server code
Branch: refs/heads/master Home: https://github.openssl.org/openssl/openssl Commit: e915c3f5381cd38ebdc1824c3ba9896ea7160103 https://github.openssl.org/openssl/openssl/commit/e915c3f5381cd38ebdc1824c3ba9896ea7160103 Author: Bernd Edlinger Date: 2022-04-14 (Thu, 14 Apr 2022) Changed paths: M ssl/statem/statem_dtls.c M test/dtls_mtu_test.c Log Message: --- Fix an assertion in the DTLS server code This fixes an internal error alert from the server and an unexpected connection failure in the release version, but a failed assertion and a server crash in the debug version. Reproduce this issue with a DTLS server/client like that: ./openssl s_server -dtls -mtu 1500 ./openssl s_client -dtls -maxfraglen 512 In the debug version a crash happens in the Server now: ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written Aborted (core dumped) While in the release version the handshake exceeds the negotiated max fragment size, and fails because of this: $ ./openssl s_server -dtls -mtu 1500 Using default temp DH parameters ACCEPT ERROR 4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826: shutting down SSL CONNECTION CLOSED >From the client's point of view the connection fails with an Internal Error Alert: $ ./openssl s_client -dtls -maxfraglen 512 Connecting to ::1 CONNECTED(0003) 40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80 and now the connection attempt fails unexpectedly. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18093)
[openssl/openssl] 6e73a0: Fix a DTLS server hangup due to TLS13_AD_MISSING_E...
Branch: refs/heads/OpenSSL_1_1_1-stable Home: https://github.openssl.org/openssl/openssl Commit: 6e73a0a0bd608daecb8e2c1e46de9d1014194c84 https://github.openssl.org/openssl/openssl/commit/6e73a0a0bd608daecb8e2c1e46de9d1014194c84 Author: Bernd Edlinger Date: 2022-04-13 (Wed, 13 Apr 2022) Changed paths: M ssl/s3_enc.c M ssl/t1_enc.c M test/ssl-tests/10-resumption.conf M test/ssl-tests/11-dtls_resumption.conf M test/ssl-tests/protocol_version.pm Log Message: --- Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION This causes the DTLS server to enter an error state: ./openssl s_server -dtls ./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt [...] Q ./openssl s_client -dtls -sess_in s1.txt CONNECTED(0003) ^C ./openssl s_client -dtls CONNECTED(0003) 140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40 At this point the dtls server needs to be restarted, because verify_cookie_callback always fails, because the previous cookie is checked against the current one. The reason for this is not fully understood. In wireshark we see the following each time: c->s Client Hello (without cookie) s->c Hello Verify Request (with new cookie) s->c Alert (Level: Fatal, Description: Handshake Failure) c->s Client Hello (echoes new cookie) The client gives up when the Alert arrives. The Alert is triggered because the server calls verify_cookie_callback with the previous cookie, although it just sent the current cookie in the Hello Verify Request. However this does only happen because no Alert message is sent when the client re-connects the session with the missing -maxfraglen option. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/18094)
[openssl] master update
The branch master has been updated via 8fff986d52606e1a33f9404504535e2e2aee3e8b (commit) from 0c47b8a879c6cd2d553831f930af5ee9df291eca (commit) - Log - commit 8fff986d52606e1a33f9404504535e2e2aee3e8b Author: Bernd Edlinger Date: Fri Jan 14 10:01:29 2022 +0100 Cleanup record length checks for KTLS In some corner cases the check for packets which exceed the allowed record length was missing when KTLS is initially enabled, when some unprocessed packets are still pending. Add at least some tests for KTLS, since we have currently not very much test coverage for KTLS. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17504) --- Summary of changes: ssl/record/ssl3_record.c | 27 +-- test/recipes/80-test_ssl_old.t | 22 -- test/ssl_old_test.c| 11 +++ 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 86203849a9..5534814305 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -191,7 +191,7 @@ int ssl3_get_record(SSL *s) rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); -is_ktls_left = (rbuf->left > 0); +is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; @@ -408,7 +408,11 @@ int ssl3_get_record(SSL *s) len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif -if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) { +/* KTLS may use all of the buffer */ +if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) +len = SSL3_BUFFER_get_left(rbuf); + +if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -711,16 +715,27 @@ int ssl3_get_record(SSL *s) goto end; } +/* + * Usually thisrr->length is the length of a single record, but when + * KTLS handles the decryption, thisrr->length may be larger than + * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced + * multiple records. + * Therefore we have to rely on KTLS to check the plaintext length + * limit in the kernel. + */ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH -&& !BIO_get_ktls_recv(s->rbio)) { +&& (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } -/* If received packet overflows current Max Fragment Length setting */ +/* + * Check if the received packet overflows the current + * Max Fragment Length setting. + * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive. + */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) -&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session) -&& !BIO_get_ktls_recv(s->rbio)) { +&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index b144bc9fb9..c1fb30f6b2 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -346,11 +346,9 @@ sub testssl { } -# plan tests => 11; - subtest 'standard SSL tests' => sub { ## -plan tests => 13; +plan tests => 19; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 @@ -378,7 +376,7 @@ sub testssl { } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14 if $no_anytls; SKIP: { @@ -406,17 +404,29 @@ sub testssl { 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); SKIP: { -skip "No IPv4 available on this machine", 1 +skip "No IPv4 available on this machine", 4 unless !disabled("sock") && have_IPv4();
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9 (commit) from fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit) - Log - commit b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9 Author: Bernd Edlinger Date: Fri Jan 14 10:01:29 2022 +0100 Cleanup record length checks for KTLS In some corner cases the check for packets which exceed the allowed record length was missing when KTLS is initially enabled, when some unprocessed packets are still pending. Add at least some tests for KTLS, since we have currently not very much test coverage for KTLS. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17504) (cherry picked from commit 8fff986d52606e1a33f9404504535e2e2aee3e8b) --- Summary of changes: ssl/record/ssl3_record.c | 27 +-- test/recipes/80-test_ssl_old.t | 22 -- test/ssl_old_test.c| 11 +++ 3 files changed, 48 insertions(+), 12 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index d4101618c6..4229c9c392 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -191,7 +191,7 @@ int ssl3_get_record(SSL *s) rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); -is_ktls_left = (rbuf->left > 0); +is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; @@ -408,7 +408,11 @@ int ssl3_get_record(SSL *s) len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif -if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) { +/* KTLS may use all of the buffer */ +if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) +len = SSL3_BUFFER_get_left(rbuf); + +if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -711,16 +715,27 @@ int ssl3_get_record(SSL *s) goto end; } +/* + * Usually thisrr->length is the length of a single record, but when + * KTLS handles the decryption, thisrr->length may be larger than + * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced + * multiple records. + * Therefore we have to rely on KTLS to check the plaintext length + * limit in the kernel. + */ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH -&& !BIO_get_ktls_recv(s->rbio)) { +&& (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } -/* If received packet overflows current Max Fragment Length setting */ +/* + * Check if the received packet overflows the current + * Max Fragment Length setting. + * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive. + */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) -&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session) -&& !BIO_get_ktls_recv(s->rbio)) { +&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index b144bc9fb9..c1fb30f6b2 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -346,11 +346,9 @@ sub testssl { } -# plan tests => 11; - subtest 'standard SSL tests' => sub { ## -plan tests => 13; +plan tests => 19; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 @@ -378,7 +376,7 @@ sub testssl { } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14 if $no_anytls; SKIP: { @@ -406,17 +404,29 @@ sub testssl { 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); SKIP: { -skip "No IPv4 available on this machine", 1 +skip "No IPv4 available on this machine", 4 unle
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 0418e993c717a6863f206feaa40673a261de7395 (commit) via 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 (commit) from 8aa353679f0ad72f478a4800c22ad30f6b972370 (commit) - Log - commit 0418e993c717a6863f206feaa40673a261de7395 Author: Bernd Edlinger Date: Sun Jan 16 17:59:17 2022 +0100 Check for presence of 3.x openssl runtime if the newly loaded engine contains the symbol EVP_PKEY_get_base_id, we know it is linked to 3.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17541) commit 38ac4415a9cc4cca307c866e5fc548b889fe2bb6 Author: Bernd Edlinger Date: Mon Nov 22 21:50:04 2021 +0100 Prevent crash with engine using different openssl runtime This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes #15898 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17541) --- Summary of changes: crypto/engine/eng_dyn.c | 11 ++- include/openssl/engine.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 87c762edb8..b2c34b8da4 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -443,8 +443,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 3.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_get_base_id is exported + * as a function in openssl 3.x, while it is named EVP_PKEY_base_id + * in openssl 1.1.x. Therefore we take the presence of that symbol + * as an indication that the engine will be incompatible. */ -if (vcheck_res < OSSL_DYNAMIC_OLDEST) { +if (vcheck_res < OSSL_DYNAMIC_OLDEST +|| DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_get_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f..756751c6d3 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ +OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; }
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2 (commit) from 01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit) - Log - commit db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2 Author: Bernd Edlinger Date: Sun Jan 16 17:59:17 2022 +0100 Check for presence of 1.1.x openssl runtime if the newly loaded engine contains the symbol EVP_PKEY_base_id, we know it is linked to 1.1.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17112) (cherry picked from commit 14db620282bea38dc44479e562cf9bb61a716444) --- Summary of changes: crypto/engine/eng_dyn.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index c8a54f7d44..68b9ac311d 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -451,8 +451,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 1.1.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_base_id is exported + * as a function in openssl 1.1.x, while it is a macro in openssl 3.x, + * and therefore only the symbol EVP_PKEY_get_base_id is available + * in openssl 3.x. */ -if (vcheck_res < OSSL_DYNAMIC_OLDEST) { +if (vcheck_res < OSSL_DYNAMIC_OLDEST +|| DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit) from d7975674e5aaded44a6845d3d1beac08477a22ad (commit) - Log - commit 01d4f5cdd4125bd81878257ae357ff191bc31dd1 Author: Bernd Edlinger Date: Mon Nov 22 21:50:04 2021 +0100 Prevent crash with engine using different openssl runtime This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes #15898 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17112) (cherry picked from commit 9362a1b32b7330e24d3bca230b412557caea095b) --- Summary of changes: include/openssl/engine.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 25c3cf7c19..70c856a9cd 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -801,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ +OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; }
[openssl] master update
The branch master has been updated via 14db620282bea38dc44479e562cf9bb61a716444 (commit) via 9362a1b32b7330e24d3bca230b412557caea095b (commit) from eafd3e9d07e99583a1439bb027e4d6af43e2df27 (commit) - Log - commit 14db620282bea38dc44479e562cf9bb61a716444 Author: Bernd Edlinger Date: Sun Jan 16 17:59:17 2022 +0100 Check for presence of 1.1.x openssl runtime if the newly loaded engine contains the symbol EVP_PKEY_base_id, we know it is linked to 1.1.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17112) commit 9362a1b32b7330e24d3bca230b412557caea095b Author: Bernd Edlinger Date: Mon Nov 22 21:50:04 2021 +0100 Prevent crash with engine using different openssl runtime This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes #15898 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/17112) --- Summary of changes: crypto/engine/eng_dyn.c | 11 ++- include/openssl/engine.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index c8a54f7d44..68b9ac311d 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -451,8 +451,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 1.1.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_base_id is exported + * as a function in openssl 1.1.x, while it is a macro in openssl 3.x, + * and therefore only the symbol EVP_PKEY_get_base_id is available + * in openssl 3.x. */ -if (vcheck_res < OSSL_DYNAMIC_OLDEST) { +if (vcheck_res < OSSL_DYNAMIC_OLDEST +|| DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 25c3cf7c19..70c856a9cd 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -801,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ +OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 5e7098e11581b6b3a4083a1c17889ed817e8ac22 (commit) from f4942134815f95845706993c15ca7e4fd6e44627 (commit) - Log - commit 5e7098e11581b6b3a4083a1c17889ed817e8ac22 Author: Bernd Edlinger Date: Tue Jan 11 12:10:35 2022 +0100 Remove unsafe call to OPENSSL_cpuid_setup This function is inherently thread-unsafe, and moreover it is unnecessary here, because OPENSSL_init_crypto always calls it in a thread-safe way. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17468) --- Summary of changes: crypto/engine/eng_all.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index b675ed7892..c570aeda3d 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -12,9 +12,6 @@ void ENGINE_load_builtin_engines(void) { -/* Some ENGINEs need this */ -OPENSSL_cpuid_setup(); - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); }
[openssl] master update
The branch master has been updated via 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef (commit) from c30bc4e2093f47a37736944da548653bc08d774d (commit) - Log - commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef Author: David Benjamin Date: Wed Dec 29 13:05:12 2021 -0500 Don't use __ARMEL__/__ARMEB__ in aarch64 assembly GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm, respectively. They are not defined on aarch64, which instead use __AARCH64EL__ and __AARCH64EB__. However, OpenSSL's assembly originally used the 32-bit defines on both platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is less portable and can even interfere with other headers, which use __ARMEL__ to detect little-endian arm. Over time, the aarch64 assembly has switched to the correct defines, such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit finishes the job: poly1305-armv8.pl needed a fix and the dual-arch armx.pl files get one more transform to convert from 32-bit to 64-bit. (There is an even more official endianness detector, __ARM_BIG_ENDIAN in the Arm C Language Extensions. But I've stuck with the GCC ones here as that would be a larger change.) Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17373) --- Summary of changes: crypto/aes/asm/aesv8-armx.pl | 3 +++ crypto/arm_arch.h | 5 - crypto/modes/asm/ghashv8-armx.pl | 3 +++ crypto/poly1305/asm/poly1305-armv8.pl | 24 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index c323179b2b..da10c44030 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -3613,6 +3613,9 @@ if ($flavour =~ /64/) { 64-bit code s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { 32-bit code diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index ca48045670..848f06542c 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) #define __ARM_ARCH__ 8 -#if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -#else -# define __ARMEL__ -#endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 57f893e77c..a1cfad0ef6 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -755,6 +755,9 @@ if ($flavour =~ /64/) { 64-bit code s/\.[uisp]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { 32-bit code diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 20816c4283..e2c7f2822c 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -86,7 +86,7 @@ poly1305_init: ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffc0fff movk$s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -136,7 +136,7 @@ poly1305_blocks: .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -204,13 +204,13 @@ poly1305_emit: csel$h0,$h0,$d0,eq csel$h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds$h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -345,7 +345,7 @@ poly1305_blocks_neon: adcs$h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -391,7 +391,7 @@ poly1305_blocks_neon: ldp $d0,
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via f4942134815f95845706993c15ca7e4fd6e44627 (commit) from 52d9a1d0448432182a5fab0753c236b29819a2a5 (commit) - Log - commit f4942134815f95845706993c15ca7e4fd6e44627 Author: Bernd Edlinger Date: Fri Jan 7 10:18:58 2022 +0100 Fix password_callback to handle short passwords Fixes #17426 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17439) --- Summary of changes: apps/apps.c | 8 ++-- test/recipes/15-test_genrsa.t | 7 ++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index c06241abb9..531fbec551 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) int ui_flags = 0; const char *prompt_info = NULL; char *prompt; +int pw_min_len = PW_MIN_LENGTH; if (cb_data != NULL && cb_data->prompt_info != NULL) prompt_info = cb_data->prompt_info; +if (cb_data != NULL && cb_data->password != NULL +&& *(const char*)cb_data->password != '\0') +pw_min_len = 1; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); @@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) (void)UI_add_user_data(ui, cb_data); ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + pw_min_len, bufsiz - 1); if (ok >= 0 && verify) { buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); + pw_min_len, bufsiz - 1, buf); } if (ok >= 0) do { diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e16a9a4042..c9bc6bdc8a 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 5; +plan tests => 7; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); @@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt");
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 79fc479baf848e91a991a215d775d8aae844fbe5 (commit) from e33f05660447c69e89f2e9f5d3140a56322411d5 (commit) - Log - commit 79fc479baf848e91a991a215d775d8aae844fbe5 Author: Bernd Edlinger Date: Fri Jan 7 12:44:27 2022 +0100 Add a test case for the short password Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17441) (cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375) --- Summary of changes: test/recipes/15-test_genrsa.t | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e11ce8947a..1bba712863 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 3) # Extra FIPS related tests -+ 13; ++ 15; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] master update
The branch master has been updated via 21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit) from 81b741f68984b2620166d0d6271fbd946bab9e7f (commit) - Log - commit 21095479c016f2ceaca0f71078fd27f0e9ba9375 Author: Bernd Edlinger Date: Fri Jan 7 12:44:27 2022 +0100 Add a test case for the short password Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17441) --- Summary of changes: test/recipes/15-test_genrsa.t | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e11ce8947a..1bba712863 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 3) # Extra FIPS related tests -+ 13; ++ 15; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf");
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via ce2f4b6b1705526b3862b2f137dfcac0ad2cb558 (commit) from 7a30610902d6d19cfd1698498d3d4129f308e285 (commit) - Log - commit ce2f4b6b1705526b3862b2f137dfcac0ad2cb558 Author: Bernd Edlinger Date: Wed Jan 5 17:25:02 2022 +0100 Fix copyright year issues Fixes: #13765 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17427) (cherry picked from commit fd84b9c3e94be1771d1b34ad857081f7693318aa) --- Summary of changes: .github/workflows/ci.yml | 2 ++ crypto/asn1/charmap.h | 2 +- crypto/bn/bn_prime.h | 2 +- crypto/conf/conf_def.h | 2 +- crypto/objects/obj_xref.h | 2 +- include/openssl/obj_mac.h | 2 +- util/perl/OpenSSL/copyright.pm | 4 ++-- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b52b8c15f4..32edfe064d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,8 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef - uses: actions/checkout@v2 + with: +fetch-depth: 0 - name: config run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index 95928ca663..ac1eb076cc 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index d92f6dfa69..8a859ac02e 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index e5321bd30d..1f66a58e09 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index c08b5fc2ab..21a193ee98 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index edbd98b152..0e86027667 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/util/perl/OpenSSL/copyright.pm b/util/perl/OpenSSL/copyright.pm index 1fd9f353f7..b82b67a0e6 100644 --- a/util/perl/OpenSSL/copyright.pm +++ b/util/perl/OpenSSL/copyright.pm @@ -23,11 +23,11 @@ sub year_of { # See if git's available open my $FH, - "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|" + "git log -1 --date=short --format=format:%cd $file 2>/dev/null|" or return $YEAR; my $LINE = <$FH>; close $FH; -chomp($LINE); +$LINE =~ s/^([0-9]*)-.*/$1/; $YEAR = $LINE if $LINE; return $YEAR; }
[openssl] master update
The branch master has been updated via fd84b9c3e94be1771d1b34ad857081f7693318aa (commit) from da198adb9c5626f31c52613fe2ae59a7066c3366 (commit) - Log - commit fd84b9c3e94be1771d1b34ad857081f7693318aa Author: Bernd Edlinger Date: Wed Jan 5 17:25:02 2022 +0100 Fix copyright year issues Fixes: #13765 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17427) --- Summary of changes: .github/workflows/ci.yml | 2 ++ crypto/asn1/charmap.h | 2 +- crypto/bn/bn_prime.h | 2 +- crypto/conf/conf_def.h | 2 +- crypto/objects/obj_xref.h | 2 +- include/openssl/obj_mac.h | 2 +- util/perl/OpenSSL/copyright.pm | 4 ++-- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 103f4c774f..1f0ad4bc17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,8 @@ jobs: sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef - uses: actions/checkout@v2 + with: +fetch-depth: 0 - name: config run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index 95928ca663..ac1eb076cc 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index d92f6dfa69..8a859ac02e 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index e5321bd30d..1f66a58e09 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index c08b5fc2ab..21a193ee98 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index fb788d43d5..a9e51d7b38 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/util/perl/OpenSSL/copyright.pm b/util/perl/OpenSSL/copyright.pm index 1fd9f353f7..b82b67a0e6 100644 --- a/util/perl/OpenSSL/copyright.pm +++ b/util/perl/OpenSSL/copyright.pm @@ -23,11 +23,11 @@ sub year_of { # See if git's available open my $FH, - "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|" + "git log -1 --date=short --format=format:%cd $file 2>/dev/null|" or return $YEAR; my $LINE = <$FH>; close $FH; -chomp($LINE); +$LINE =~ s/^([0-9]*)-.*/$1/; $YEAR = $LINE if $LINE; return $YEAR; }
[openssl] master update
The branch master has been updated via 17cca0e85e83eac23069ddc5c5ebab6d7dd13ee1 (commit) from 336923c0c8d705cb8af5216b29a205662db0d590 (commit) - Log - commit 17cca0e85e83eac23069ddc5c5ebab6d7dd13ee1 Author: Bernd Edlinger Date: Sat Dec 11 21:25:23 2021 +0100 Remove some unnecessary undefs in bn_asm.c This is likely the leftover of a previous hack, and thus should be removed now. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17259) --- Summary of changes: crypto/bn/bn_asm.c | 7 --- 1 file changed, 7 deletions(-) diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index 257701d9dc..485bfd838b 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -422,11 +422,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) -# undef bn_mul_comba8 -# undef bn_mul_comba4 -# undef bn_sqr_comba8 -# undef bn_sqr_comba4 - /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ @@ -950,8 +945,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, #else /* !BN_MUL_COMBA */ /* hmm... is it faster just to do a multiply? */ -# undef bn_sqr_comba4 -# undef bn_sqr_comba8 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t[8];
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (commit) from 8b35838b44e83f323eaa5d7aeecc45c8e2321cf8 (commit) - Log - commit e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb Author: Bernd Edlinger Date: Sat Dec 11 20:28:11 2021 +0100 Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets bn_sqr_comba8 does for instance compute a wrong result for the value: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 The correct result is: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 but the actual result was: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 so the forth word of the result was 0x75be8e3c but should have been 0x75be8e3d instead. Likewise bn_sqr_comba4 has an identical bug for the same value as well: a=0x022181ba fd3aa878 899b2346 ee210f45 correct result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 wrong result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 Fortunately the bn_mul_comba4/8 code paths are not affected. Also the mips64 target does in fact not handle the carry propagation correctly. Example: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b234635dad283 ee210f450001 correct result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 wrong result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17258) (cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) --- Summary of changes: crypto/bn/asm/mips.pl | 4 test/bntest.c | 45 + 2 files changed, 49 insertions(+) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 8ad715bda4..74101030f2 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1984,6 +1984,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ @@ -2194,6 +2196,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ diff --git a/test/bntest.c b/test/bntest.c index b58028a301..bab34ba54b 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -627,6 +627,51 @@ static int test_modexp_mont5(void) if (!TEST_BN_eq(c, d)) goto err; +/* + * Regression test for overflow bug in bn_sqr_comba4/8 for + * mips-linux-gnu and mipsel-linux-gnu 32bit targets. + */ +{ +static const char *ehex[] = { +"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", +"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", +"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", +"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", +"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", +"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", +"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", +"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", +NULL}; +static const char *phex[] = { +"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", +"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", +"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", +"c776d3982d391b6d04
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 3bf7b73ea7123045b8f972badc67ed6878e6c37f (commit) from 110b005465f3d3edb0fe0f61b87595d011770317 (commit) - Log - commit 3bf7b73ea7123045b8f972badc67ed6878e6c37f Author: Bernd Edlinger Date: Sat Dec 11 20:28:11 2021 +0100 Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets bn_sqr_comba8 does for instance compute a wrong result for the value: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 The correct result is: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 but the actual result was: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 so the forth word of the result was 0x75be8e3c but should have been 0x75be8e3d instead. Likewise bn_sqr_comba4 has an identical bug for the same value as well: a=0x022181ba fd3aa878 899b2346 ee210f45 correct result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 wrong result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 Fortunately the bn_mul_comba4/8 code paths are not affected. Also the mips64 target does in fact not handle the carry propagation correctly. Example: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b234635dad283 ee210f450001 correct result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 wrong result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17258) (cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590) --- Summary of changes: crypto/bn/asm/mips.pl | 4 test/bntest.c | 45 + 2 files changed, 49 insertions(+) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 95cb227dc5..91b7aac6e7 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1986,6 +1986,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ @@ -2196,6 +2198,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ diff --git a/test/bntest.c b/test/bntest.c index 87e5c4065b..fa9fc07cef 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -630,6 +630,51 @@ static int test_modexp_mont5(void) if (!TEST_BN_eq(c, d)) goto err; +/* + * Regression test for overflow bug in bn_sqr_comba4/8 for + * mips-linux-gnu and mipsel-linux-gnu 32bit targets. + */ +{ +static const char *ehex[] = { +"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", +"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", +"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", +"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", +"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", +"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", +"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", +"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", +NULL}; +static const char *phex[] = { +"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", +"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", +"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", +"c776d3982d391b6d04
[openssl] master update
The branch master has been updated via 336923c0c8d705cb8af5216b29a205662db0d590 (commit) from 2490d10d5cca0163cad8045857248b175bdf83e7 (commit) - Log - commit 336923c0c8d705cb8af5216b29a205662db0d590 Author: Bernd Edlinger Date: Sat Dec 11 20:28:11 2021 +0100 Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets bn_sqr_comba8 does for instance compute a wrong result for the value: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45 The correct result is: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899 but the actual result was: r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f 912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899 so the forth word of the result was 0x75be8e3c but should have been 0x75be8e3d instead. Likewise bn_sqr_comba4 has an identical bug for the same value as well: a=0x022181ba fd3aa878 899b2346 ee210f45 correct result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899 wrong result: r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899 Fortunately the bn_mul_comba4/8 code paths are not affected. Also the mips64 target does in fact not handle the carry propagation correctly. Example: a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b234635dad283 ee210f450001 correct result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 wrong result: r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1 0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d 3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06 2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17258) --- Summary of changes: crypto/bn/asm/mips.pl | 4 test/bntest.c | 45 + 2 files changed, 49 insertions(+) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 95cb227dc5..91b7aac6e7 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1986,6 +1986,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ @@ -2196,6 +2198,8 @@ $code.=<<___; sltu$at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu$at,$c_3,$t_2 + $ADDU $c_1,$at mflo($t_1,$a_2,$a_0) mfhi($t_2,$a_2,$a_0) ___ diff --git a/test/bntest.c b/test/bntest.c index ebdd6fa944..69506a0e35 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -630,6 +630,51 @@ static int test_modexp_mont5(void) if (!TEST_BN_eq(c, d)) goto err; +/* + * Regression test for overflow bug in bn_sqr_comba4/8 for + * mips-linux-gnu and mipsel-linux-gnu 32bit targets. + */ +{ +static const char *ehex[] = { +"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", +"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", +"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", +"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", +"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", +"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", +"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", +"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", +NULL}; +static const char *phex[] = { +"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", +"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", +"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", +"c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439", +"dc6fbd55
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ca607d6e94e11f5332abcc8fa4a4ccb967347efa (commit) from 7a045a4e5ad97f7e123ea33f1f188d2f1a03974b (commit) - Log - commit ca607d6e94e11f5332abcc8fa4a4ccb967347efa Author: Bernd Edlinger Date: Wed Dec 8 14:14:48 2021 +0100 Fix a deadlock in OBJ_NAME_add This happened after an out of memory error: CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17236) --- Summary of changes: crypto/objects/o_names.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 979d83577c..15639d6778 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -67,8 +67,14 @@ static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); -names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +names_lh = NULL; obj_lock = CRYPTO_THREAD_lock_new(); +if (obj_lock != NULL) +names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +if (names_lh == NULL) { +CRYPTO_THREAD_lock_free(obj_lock); +obj_lock = NULL; +} CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return names_lh != NULL && obj_lock != NULL; } @@ -217,10 +223,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data) type &= ~OBJ_NAME_ALIAS; onp = OPENSSL_malloc(sizeof(*onp)); -if (onp == NULL) { -/* ERROR */ -goto unlock; -} +if (onp == NULL) +return 0; onp->name = name; onp->alias = alias;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 907b966981a1d6f1e1fcbf0ab752e040a49f1475 (commit) from 93838762b406efe3aad9c807a0fd1f48e6efe3ab (commit) - Log - commit 907b966981a1d6f1e1fcbf0ab752e040a49f1475 Author: Bernd Edlinger Date: Wed Dec 8 14:14:48 2021 +0100 Minor code cleanup in o_names_init This might result in a small memory leak. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17238) (cherry picked from commit c50bf14450f3cd242f2211ca7e500191053d8050) --- Summary of changes: crypto/objects/o_names.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 05aa8c44aa..92152eeb66 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -66,8 +66,14 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { -names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +names_lh = NULL; obj_lock = CRYPTO_THREAD_lock_new(); +if (obj_lock != NULL) +names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +if (names_lh == NULL) { +CRYPTO_THREAD_lock_free(obj_lock); +obj_lock = NULL; +} return names_lh != NULL && obj_lock != NULL; }
[openssl] master update
The branch master has been updated via c50bf14450f3cd242f2211ca7e500191053d8050 (commit) from f0d5a3b6ea1bbe4e5dac5b69d853c015db635621 (commit) - Log - commit c50bf14450f3cd242f2211ca7e500191053d8050 Author: Bernd Edlinger Date: Wed Dec 8 14:14:48 2021 +0100 Minor code cleanup in o_names_init This might result in a small memory leak. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17238) --- Summary of changes: crypto/objects/o_names.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 05aa8c44aa..92152eeb66 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -66,8 +66,14 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { -names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +names_lh = NULL; obj_lock = CRYPTO_THREAD_lock_new(); +if (obj_lock != NULL) +names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +if (names_lh == NULL) { +CRYPTO_THREAD_lock_free(obj_lock); +obj_lock = NULL; +} return names_lh != NULL && obj_lock != NULL; }
[openssl] master update
The branch master has been updated via 0a10825a009c830125fef94c81d34e41300a24a5 (commit) from 8e22f9d6d956ad583afe10b986519731c113ac80 (commit) - Log - commit 0a10825a009c830125fef94c81d34e41300a24a5 Author: Bernd Edlinger Date: Wed Oct 24 23:10:38 2018 +0200 Enable brainpool curves for TLS1.3 See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7485) --- Summary of changes: include/internal/tlsgroups.h | 10 +++ ssl/s3_lib.c | 5 +- ssl/ssl_local.h | 5 ++ ssl/statem/extensions.c | 2 +- ssl/statem/extensions_clnt.c | 20 +- ssl/statem/extensions_srvr.c | 15 ++-- ssl/statem/statem_lib.c | 6 ++ ssl/t1_lib.c | 129 +-- ssl/t1_trce.c| 3 + test/ssl-tests/20-cert-select.cnf| 4 +- test/ssl-tests/20-cert-select.cnf.in | 4 +- 11 files changed, 153 insertions(+), 50 deletions(-) diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h index 8a35ced122..73fb53bc5f 100644 --- a/include/internal/tlsgroups.h +++ b/include/internal/tlsgroups.h @@ -41,6 +41,16 @@ # define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C # define OSSL_TLS_GROUP_ID_x25519 0x001D # define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F +# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020 +# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021 +# define OSSL_TLS_GROUP_ID_gc256A 0x0022 +# define OSSL_TLS_GROUP_ID_gc256B 0x0023 +# define OSSL_TLS_GROUP_ID_gc256C 0x0024 +# define OSSL_TLS_GROUP_ID_gc256D 0x0025 +# define OSSL_TLS_GROUP_ID_gc512A 0x0026 +# define OSSL_TLS_GROUP_ID_gc512B 0x0027 +# define OSSL_TLS_GROUP_ID_gc512C 0x0028 # define OSSL_TLS_GROUP_ID_ffdhe20480x0100 # define OSSL_TLS_GROUP_ID_ffdhe30720x0101 # define OSSL_TLS_GROUP_ID_ffdhe40960x0102 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 88565a7000..1a89bde851 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3607,8 +3607,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) int *cptr = parg; for (i = 0; i < clistlen; i++) { +uint16_t cid = SSL_IS_TLS13(s) + ? ssl_group_id_tls13_to_internal(clist[i]) + : clist[i]; const TLS_GROUP_INFO *cinf -= tls1_group_id_lookup(s->ctx, clist[i]); += tls1_group_id_lookup(s->ctx, cid); if (cinf != NULL) cptr[i] = tls1_group_id2nid(cinf->group_id, 1); diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 9b88140a28..ddae48b2af 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2169,6 +2169,9 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_ed25519 0x0807 #define TLSEXT_SIGALG_ed448 0x0808 +#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256 0x081a +#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384 0x081b +#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512 0x081c /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 @@ -2642,6 +2645,8 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); +__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id); +__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id); __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur uint16_t tls1_nid2group_id(int nid); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index bc437be26a..0ac8253be3 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1369,7 +1369,7 @@ static int final_key_share(SSL *s, unsigned int context, int sent) group_id = pgroups[i]; if (check_in_list(s, group_id, clntgroups, clnt_num_groups, - 1)) + 2)) break; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index b38c9ca684..d6d4e55ce7 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -224,6 +224,21 @
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 6d022b04748c2a89b7f032a41965df19c584e0cf (commit) from 79ef18759a4f89af0b1e015766a73fa289095673 (commit) - Log - commit 6d022b04748c2a89b7f032a41965df19c584e0cf Author: Bernd Edlinger Date: Fri Nov 19 16:38:55 2021 +0100 Add a test case for duplicate engine loading Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17083) --- Summary of changes: test/data.bin | 4 test/recipes/20-test_dgst.t | 23 +-- 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 test/data.bin diff --git a/test/data.bin b/test/data.bin new file mode 100644 index 00..3442255280 --- /dev/null +++ b/test/data.bin @@ -0,0 +1,4 @@ +TEST DATA + +Please note that if a test involves a new testing executable, +you will need to do some additions in test/build.info. diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 13c2b3af4b..d1cbabe290 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -11,12 +11,12 @@ use strict; use warnings; use File::Spec; -use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_file/; use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 5; +plan tests => 6; sub tsignverify { my $testtext = shift; @@ -102,3 +102,22 @@ SKIP: { srctop_file("test","tested448pub.pem")); }; } + +SKIP: { +skip "dgst with engine is not supported by this OpenSSL build", 1 +if disabled("engine") || disabled("dynamic-engine"); + +subtest "SHA1 generation by engine with `dgst` CLI" => sub { +plan tests => 1; + +my $testdata = srctop_file('test', 'data.bin'); +# intentionally using -engine twice, please do not remove the duplicate line +my @macdata = run(app(['openssl', 'dgst', '-sha1', + '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", + '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", + $testdata]), capture => 1); +chomp(@macdata); +my $expected = qr/SHA1\(\Q$testdata\E\)= 000102030405060708090a0b0c0d0e0f10111213/; +ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected ($macdata[0]) vs ($expected)"); +} +}
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 9b06ebb1edfddffea083ba36090af7eb7cad207b (commit) from c28bcc507be1b03523789218128383c3f2be (commit) - Log - commit 9b06ebb1edfddffea083ba36090af7eb7cad207b Author: Bernd Edlinger Date: Fri Nov 19 11:33:34 2021 +0100 Avoid loading of a dynamic engine twice Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0) --- Summary of changes: crypto/engine/eng_dyn.c | 4 ++- crypto/engine/eng_lib.c | 2 ++ crypto/engine/eng_list.c | 87 +++ crypto/engine/eng_local.h | 9 + 4 files changed, 101 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 06e677290a..cb1a30799e 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -477,7 +477,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ -if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { +if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) +|| !ctx->bind_engine(e, ctx->engine_id, &fns)) { +engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 5bd584c599..29da4a1699 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -67,6 +67,7 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; +e->dynamic_id = NULL; } int engine_free_util(ENGINE *e, int not_locked) @@ -92,6 +93,7 @@ int engine_free_util(ENGINE *e, int not_locked) */ if (e->destroy) e->destroy(e); +engine_remove_dynamic_id(e, not_locked); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 1352fb7c96..4f9eb99d15 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -24,6 +24,12 @@ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; +/* + * The linked list of currently loaded dynamic engines. + */ +static ENGINE *engine_dyn_list_head = NULL; +static ENGINE *engine_dyn_list_tail = NULL; + /* * This cleanup function is only needed internally. If it should be called, * we register it with the "engine_cleanup_int()" stack to be called during @@ -126,6 +132,85 @@ static int engine_list_remove(ENGINE *e) return 1; } +/* Add engine to dynamic engine list. */ +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked) +{ +int result = 0; +ENGINE *iterator = NULL; + +if (e == NULL) +return 0; + +if (e->dynamic_id == NULL && dynamic_id == NULL) +return 0; + +if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) +return 0; + +if (dynamic_id != NULL) { +iterator = engine_dyn_list_head; +while (iterator != NULL) { +if (iterator->dynamic_id == dynamic_id) +goto err; +iterator = iterator->next; +} +if (e->dynamic_id != NULL) +goto err; +e->dynamic_id = dynamic_id; +} + +if (engine_dyn_list_head == NULL) { +/* We are adding to an empty list. */ +if (engine_dyn_list_tail != NULL) +goto err; +engine_dyn_list_head = e; +e->prev_dyn = NULL; +} else { +/* We are adding to the tail of an existing list. */ +if (engine_dyn_list_tail == NULL +|| engine_dyn_list_tail->next_dyn != NULL) +goto err; +engine_dyn_list_tail->next_dyn = e; +e->prev_dyn = engine_dyn_list_tail; +} + +engine_dyn_list_tail = e; +e->next_dyn = NULL; +result = 1; + + err: +if (not_locked) +CRYPTO_THREAD_unlock(global_engine_lock); +return result; +} + +/* Remove engine from dynamic engine list. */ +void engine_remove_dynamic_id(ENGINE *e, int not_locked) +{ +if (e == NULL || e->dynamic_id == NULL) +return; + +if (not_locked && !CRYPTO_THREAD_write_lock(global_eng
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 38e2957249c90317a26a080c7e7eb186dd5b6598 (commit) from 81c11349c2a0e945aa3dfc6bd81c957363dd2011 (commit) - Log - commit 38e2957249c90317a26a080c7e7eb186dd5b6598 Author: Bernd Edlinger Date: Fri Nov 19 16:38:55 2021 +0100 Add a test case for duplicate engine loading Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit 2595eef82c2b67ea75cc3368529078b643a1ecb6) --- Summary of changes: test/recipes/20-test_dgst.t | 23 +-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 5af74aec2a..e72038d852 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -12,12 +12,12 @@ use warnings; use File::Spec; use File::Basename; -use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_file/; use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 9; +plan tests => 10; sub tsignverify { my $testtext = shift; @@ -103,6 +103,25 @@ SKIP: { }; } +SKIP: { +skip "dgst with engine is not supported by this OpenSSL build", 1 +if disabled("engine") || disabled("dynamic-engine"); + +subtest "SHA1 generation by engine with `dgst` CLI" => sub { +plan tests => 1; + +my $testdata = srctop_file('test', 'data.bin'); +# intentionally using -engine twice, please do not remove the duplicate line +my @macdata = run(app(['openssl', 'dgst', '-sha1', + '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", + '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", + $testdata]), capture => 1); +chomp(@macdata); +my $expected = qr/SHA1\(\Q$testdata\E\)= 000102030405060708090a0b0c0d0e0f10111213/; +ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected ($macdata[0]) vs ($expected)"); +} +} + subtest "HMAC generation with `dgst` CLI" => sub { plan tests => 2;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 81c11349c2a0e945aa3dfc6bd81c957363dd2011 (commit) from fd6a1e21f906883d0cc7ebef7826cf2f55f87832 (commit) - Log - commit 81c11349c2a0e945aa3dfc6bd81c957363dd2011 Author: Bernd Edlinger Date: Fri Nov 19 11:33:34 2021 +0100 Avoid loading of a dynamic engine twice Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17073) (cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0) --- Summary of changes: crypto/engine/eng_dyn.c | 4 ++- crypto/engine/eng_lib.c | 2 ++ crypto/engine/eng_list.c | 87 +++ crypto/engine/eng_local.h | 9 + 4 files changed, 101 insertions(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index f401063d37..c8a54f7d44 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -484,7 +484,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ -if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { +if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) +|| !ctx->bind_engine(e, ctx->engine_id, &fns)) { +engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 44e997e77b..05c6a67c1e 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -65,6 +65,7 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; +e->dynamic_id = NULL; } int engine_free_util(ENGINE *e, int not_locked) @@ -90,6 +91,7 @@ int engine_free_util(ENGINE *e, int not_locked) */ if (e->destroy) e->destroy(e); +engine_remove_dynamic_id(e, not_locked); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index fec0ef7129..04c73c7628 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -27,6 +27,12 @@ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; +/* + * The linked list of currently loaded dynamic engines. + */ +static ENGINE *engine_dyn_list_head = NULL; +static ENGINE *engine_dyn_list_tail = NULL; + /* * This cleanup function is only needed internally. If it should be called, * we register it with the "engine_cleanup_int()" stack to be called during @@ -128,6 +134,85 @@ static int engine_list_remove(ENGINE *e) return 1; } +/* Add engine to dynamic engine list. */ +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked) +{ +int result = 0; +ENGINE *iterator = NULL; + +if (e == NULL) +return 0; + +if (e->dynamic_id == NULL && dynamic_id == NULL) +return 0; + +if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) +return 0; + +if (dynamic_id != NULL) { +iterator = engine_dyn_list_head; +while (iterator != NULL) { +if (iterator->dynamic_id == dynamic_id) +goto err; +iterator = iterator->next; +} +if (e->dynamic_id != NULL) +goto err; +e->dynamic_id = dynamic_id; +} + +if (engine_dyn_list_head == NULL) { +/* We are adding to an empty list. */ +if (engine_dyn_list_tail != NULL) +goto err; +engine_dyn_list_head = e; +e->prev_dyn = NULL; +} else { +/* We are adding to the tail of an existing list. */ +if (engine_dyn_list_tail == NULL +|| engine_dyn_list_tail->next_dyn != NULL) +goto err; +engine_dyn_list_tail->next_dyn = e; +e->prev_dyn = engine_dyn_list_tail; +} + +engine_dyn_list_tail = e; +e->next_dyn = NULL; +result = 1; + + err: +if (not_locked) +CRYPTO_THREAD_unlock(global_engine_lock); +return result; +} + +/* Remove engine from dynamic engine list. */ +void engine_remove_dynamic_id(ENGINE *e, int not_locked) +{ +if (e == NULL || e->dynamic_id == NULL) +return; + +if (not_locked && !CRYPTO_THREAD_write_lock(global_eng
[openssl] master update
The branch master has been updated via 2595eef82c2b67ea75cc3368529078b643a1ecb6 (commit) via e2571e02d2b0cd83ed1c79d384fe941f27e603c0 (commit) from 4599ea9fe31953c0c50738ed4b91ade76a693356 (commit) - Log - commit 2595eef82c2b67ea75cc3368529078b643a1ecb6 Author: Bernd Edlinger Date: Fri Nov 19 16:38:55 2021 +0100 Add a test case for duplicate engine loading Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17073) commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0 Author: Bernd Edlinger Date: Fri Nov 19 11:33:34 2021 +0100 Avoid loading of a dynamic engine twice Use the address of the bind function as a DYNAMIC_ID, since the true name of the engine is not known before the bind function returns, but invoking the bind function before the engine is unloaded results in memory corruption. Fixes #17023 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/17073) --- Summary of changes: crypto/engine/eng_dyn.c | 4 ++- crypto/engine/eng_lib.c | 2 ++ crypto/engine/eng_list.c| 87 + crypto/engine/eng_local.h | 9 + test/recipes/20-test_dgst.t | 23 ++-- 5 files changed, 122 insertions(+), 3 deletions(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index f401063d37..c8a54f7d44 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -484,7 +484,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ -if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { +if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) +|| !ctx->bind_engine(e, ctx->engine_id, &fns)) { +engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 44e997e77b..05c6a67c1e 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -65,6 +65,7 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; +e->dynamic_id = NULL; } int engine_free_util(ENGINE *e, int not_locked) @@ -90,6 +91,7 @@ int engine_free_util(ENGINE *e, int not_locked) */ if (e->destroy) e->destroy(e); +engine_remove_dynamic_id(e, not_locked); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index fec0ef7129..04c73c7628 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -27,6 +27,12 @@ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; +/* + * The linked list of currently loaded dynamic engines. + */ +static ENGINE *engine_dyn_list_head = NULL; +static ENGINE *engine_dyn_list_tail = NULL; + /* * This cleanup function is only needed internally. If it should be called, * we register it with the "engine_cleanup_int()" stack to be called during @@ -128,6 +134,85 @@ static int engine_list_remove(ENGINE *e) return 1; } +/* Add engine to dynamic engine list. */ +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked) +{ +int result = 0; +ENGINE *iterator = NULL; + +if (e == NULL) +return 0; + +if (e->dynamic_id == NULL && dynamic_id == NULL) +return 0; + +if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) +return 0; + +if (dynamic_id != NULL) { +iterator = engine_dyn_list_head; +while (iterator != NULL) { +if (iterator->dynamic_id == dynamic_id) +goto err; +iterator = iterator->next; +} +if (e->dynamic_id != NULL) +goto err; +e->dynamic_id = dynamic_id; +} + +if (engine_dyn_list_head == NULL) { +/* We are adding to an empty list. */ +if (engine_dyn_list_tail != NULL) +goto err; +engine_dyn_list_head = e; +e->prev_dyn = NULL; +} else { +/* We are adding to the tail of an existing list. */ +if (engine_dyn_list_tail == NULL +|| engine_dyn_list_tail->next_dyn != NULL) +goto err; +engine_dyn_list_tail->next_dyn = e; +e->prev_dyn = engine_dyn_list_tail; +} + +engine_dyn_list_tail = e; +e->next_dyn = NULL; +result = 1; + + err: +if (not_l
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 80e52bb852673cf6f1908549ff9960d02a644d51 (commit) from bdaf55d0850056fcf3362e5dc1c868f2c8324f25 (commit) - Log - commit 80e52bb852673cf6f1908549ff9960d02a644d51 Author: Bernd Edlinger Date: Wed Nov 3 09:19:39 2021 +0100 Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16955) --- Summary of changes: ssl/ssl_ciph.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 735a483c64..0820f2cd0c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1601,6 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { if (!sk_SSL_CIPHER_push(cipherstack, sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { +OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); return NULL; }
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 7aa5f7439fe045527db63d2b3ad99135b15f467c (commit) from 145d5d18b5790ee8ff16d11dd1aea5a105eee0ec (commit) - Log - commit 7aa5f7439fe045527db63d2b3ad99135b15f467c Author: Bernd Edlinger Date: Wed Nov 3 09:19:39 2021 +0100 Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16954) (cherry picked from commit 3a069c1b0b4857b838186aeb55378195dfa50823) --- Summary of changes: ssl/ssl_ciph.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index dd22e57c59..be7a969071 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1638,6 +1638,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, } if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { +OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); return NULL; }
[openssl] master update
The branch master has been updated via 3a069c1b0b4857b838186aeb55378195dfa50823 (commit) from b3c34401c088dc247b8b54ea812e7cdde6caf361 (commit) - Log - commit 3a069c1b0b4857b838186aeb55378195dfa50823 Author: Bernd Edlinger Date: Wed Nov 3 09:19:39 2021 +0100 Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16954) --- Summary of changes: ssl/ssl_ciph.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b2a5fb077e..c396f69c3a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1643,6 +1643,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, } if (!sk_SSL_CIPHER_push(cipherstack, sslc)) { +OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); return NULL; }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via bdaf55d0850056fcf3362e5dc1c868f2c8324f25 (commit) from afbea17ded816aba6d7106671b405de82da5c6f3 (commit) - Log - commit bdaf55d0850056fcf3362e5dc1c868f2c8324f25 Author: Bernd Edlinger Date: Wed Nov 3 09:40:59 2021 +0100 Fix a memory leak in tls_parse_stoc_key_share Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16957) --- Summary of changes: ssl/statem/extensions_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ce8a75794c..621fcfa561 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1872,6 +1872,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); +EVP_PKEY_free(skey); return 0; } if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 145d5d18b5790ee8ff16d11dd1aea5a105eee0ec (commit) from 42dd2d1b719cad4359157f244270386ada781420 (commit) - Log - commit 145d5d18b5790ee8ff16d11dd1aea5a105eee0ec Author: Bernd Edlinger Date: Wed Nov 3 09:40:59 2021 +0100 Fix a memory leak in tls_parse_stoc_key_share Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16956) (cherry picked from commit b3c34401c088dc247b8b54ea812e7cdde6caf361) --- Summary of changes: ssl/statem/extensions_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 78cc226064..b38c9ca684 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1830,6 +1830,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, skey = EVP_PKEY_new(); if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COPY_PARAMETERS_FAILED); +EVP_PKEY_free(skey); return 0; }
[openssl] master update
The branch master has been updated via b3c34401c088dc247b8b54ea812e7cdde6caf361 (commit) from 3841d0f6f02e1ad3a54beabf1d5395bd1c383254 (commit) - Log - commit b3c34401c088dc247b8b54ea812e7cdde6caf361 Author: Bernd Edlinger Date: Wed Nov 3 09:40:59 2021 +0100 Fix a memory leak in tls_parse_stoc_key_share Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16956) --- Summary of changes: ssl/statem/extensions_clnt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 78cc226064..b38c9ca684 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1830,6 +1830,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, skey = EVP_PKEY_new(); if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COPY_PARAMETERS_FAILED); +EVP_PKEY_free(skey); return 0; }
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 7c8826032a5fedcaef9bc4a5e37eebad27599e08 (commit) from 1ca2bd42afc584c6eb9d909852d666ae634e638b (commit) - Log - commit 7c8826032a5fedcaef9bc4a5e37eebad27599e08 Author: Bernd Edlinger Date: Tue Oct 12 19:38:14 2021 +0200 Fix a memory leak reported in CIFuzz Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22 #6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp #12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16813) (cherry picked from commit 74b485848a608383d8d37c04480821ea7b613110) --- Summary of changes: crypto/conf/conf_def.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 7b67854c8b..1832cf535f 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -474,6 +474,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (conf->flag_abspath && !ossl_is_absolute_path(include_path)) { ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); +OPENSSL_free(include_path); goto err; }
[openssl] master update
The branch master has been updated via 19b30f1c596a8df2a522f9d6dfc1c1782790fc78 (commit) via 74b485848a608383d8d37c04480821ea7b613110 (commit) from a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c (commit) - Log - commit 19b30f1c596a8df2a522f9d6dfc1c1782790fc78 Author: Bernd Edlinger Date: Wed Oct 13 06:37:46 2021 +0200 Fix another memory leak reported in CIFuzz Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11 #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45 #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 #6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 #7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp #8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp #10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16813) commit 74b485848a608383d8d37c04480821ea7b613110 Author: Bernd Edlinger Date: Tue Oct 12 19:38:14 2021 +0200 Fix a memory leak reported in CIFuzz Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22 #6 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp #12 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16813) --- Summary of changes: crypto/conf/conf_api.c | 7 +-- crypto/conf/conf_def.c | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index e4e305c714..7a4efe6dbb 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -135,7 +135,11 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE); void _CONF_free_data(CONF *conf) { -if (conf == NULL || conf->data == NULL) +if (conf == NULL) +return; + +OPENSSL_free(conf->includedir); +if (conf->data == NULL) return; /* evil thing to make sure the 'OPENSSL_free()' works as expected */ @@ -147,7 +151,6 @@ void _CONF_free_data(CONF *conf) * with */ -OPENSSL_free(conf->includedir); lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); lh_CONF_VALUE_free(conf->data); } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 7b67854c8b..c05c3c6b10 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -424,6 +424,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (!parsebool(pval, &conf->flag_abspath)) goto err; } else if (strcmp(p, "includedir") == 0) { +OPENSSL_free(conf->includedir); if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) { ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); goto err; @@ -474,6 +475,7 @@ static int def_load_bio(CONF *conf, BIO *in,
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 09fc3420b5eb2efe90c01e03715e00b361b9e6ab (commit) from 7c8826032a5fedcaef9bc4a5e37eebad27599e08 (commit) - Log - commit 09fc3420b5eb2efe90c01e03715e00b361b9e6ab Author: Bernd Edlinger Date: Wed Oct 13 06:37:46 2021 +0200 Fix another memory leak reported in CIFuzz Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x4a067d in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12 #2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11 #3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45 #4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12 #5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5 #6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12 #7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) cxa_noexception.cpp #8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6 #9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) cxa_noexception.cpp #10 0x52ac82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #11 0x7f15336bf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16813) (cherry picked from commit 19b30f1c596a8df2a522f9d6dfc1c1782790fc78) --- Summary of changes: crypto/conf/conf_api.c | 7 +-- crypto/conf/conf_def.c | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index e4e305c714..7a4efe6dbb 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -135,7 +135,11 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE); void _CONF_free_data(CONF *conf) { -if (conf == NULL || conf->data == NULL) +if (conf == NULL) +return; + +OPENSSL_free(conf->includedir); +if (conf->data == NULL) return; /* evil thing to make sure the 'OPENSSL_free()' works as expected */ @@ -147,7 +151,6 @@ void _CONF_free_data(CONF *conf) * with */ -OPENSSL_free(conf->includedir); lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); lh_CONF_VALUE_free(conf->data); } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 1832cf535f..c05c3c6b10 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -424,6 +424,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (!parsebool(pval, &conf->flag_abspath)) goto err; } else if (strcmp(p, "includedir") == 0) { +OPENSSL_free(conf->includedir); if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) { ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); goto err;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 14fd5a0d55652a7539c66df18d1120baed42248e (commit) from 549675c54686b8fb0527720abf760313a78a1ae7 (commit) - Log - commit 14fd5a0d55652a7539c66df18d1120baed42248e Author: Bernd Edlinger Date: Sun May 24 16:14:02 2020 +0200 Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c This replaces the AES-128-CBC-HMAC-SHA1 cipher with a non-encrypting version for use the test suite. [extended tests] Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16693) (cherry picked from commit 64da15c40d15aac58e211fd25d00e9ae84d0379b) --- Summary of changes: engines/e_ossltest.c | 216 +++ ssl/record/ssl3_record.c | 23 ++--- ssl/record/tls_pad.c | 2 - ssl/tls_depr.c | 10 ++- 4 files changed, 210 insertions(+), 41 deletions(-) diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 8479414f01..0506faa628 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -38,6 +38,7 @@ #include #include #include +#include #include "e_ossltest_err.c" @@ -247,21 +248,39 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, const int **, int); static int ossltest_cipher_nids[] = { -NID_aes_128_cbc, NID_aes_128_gcm, 0 +NID_aes_128_cbc, NID_aes_128_gcm, +NID_aes_128_cbc_hmac_sha1, 0 }; /* AES128 */ -int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); +static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, +const unsigned char *key, +const unsigned char *iv, int enc); +static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, +const unsigned char *key, +const unsigned char *iv, int enc); +static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, + const unsigned char *iv, + int enc); +static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, +unsigned char *out, +const unsigned char *in, +size_t inl); +static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, + int arg, void *ptr); + +typedef struct { +size_t payload_length; /* AAD length in decrypt case */ +unsigned int tls_ver; +} EVP_AES_HMAC_SHA1; static EVP_CIPHER *_hidden_aes_128_cbc = NULL; static const EVP_CIPHER *ossltest_aes_128_cbc(void) @@ -285,6 +304,7 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void) } return _hidden_aes_128_cbc; } + static EVP_CIPHER *_hidden_aes_128_gcm = NULL; #define AES_GCM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ @@ -315,11 +335,45 @@ static const EVP_CIPHER *ossltest_aes_128_gcm(void) return _hidden_aes_128_gcm; } +static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL; + +static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void) +{ +if (_hidden_aes_128_cbc_hmac_sha1 == NULL +&& ((_hidden_aes_128_cbc_hmac_sha1 + = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1, + 16 /* block size */, + 16 /* key len */)) == NULL +|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) +|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIP
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 14357a51130510d87fe5f31e45baaf70bd5c9027 (commit) from 503eb0e108ca5819dacd5ae171aedd37268654d9 (commit) - Log - commit 14357a51130510d87fe5f31e45baaf70bd5c9027 Author: Bernd Edlinger Date: Tue Oct 5 21:38:55 2021 +0200 Fix double-free in e_dasync.c When the cipher is copied, the inner_cihper_data need to be copied as well, using the EVP_CTRL_COPY method. The EVP_CIPH_CUSTOM_COPY bit needs to be set as well. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16751) --- Summary of changes: engines/e_dasync.c | 21 +++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 07793037df..1f5d4117f2 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, dasync_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, @@ -270,7 +271,8 @@ static int bind_dasync(ENGINE *e) EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, @@ -629,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, } } +case EVP_CTRL_COPY: +{ +const EVP_CIPHER *cipher = aeadcapable + ? EVP_aes_128_cbc_hmac_sha1() + : EVP_aes_128_cbc(); +size_t data_size = EVP_CIPHER_impl_ctx_size(cipher); +void *cipher_data = OPENSSL_malloc(data_size); + +if (cipher_data == NULL) +return 0; +memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size); +pipe_ctx->inner_cipher_data = cipher_data; +return 1; +} + default: return 0; }