from:"bernd . edlinger"

[openssl/openssl] f68bd6: Fix possible double-free in pkcs7 add_attribute fu...

2024-07-08 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: f68bd6f672e10d4101fa26c326daabfaaa3ddec6
  
https://github.com/openssl/openssl/commit/f68bd6f672e10d4101fa26c326daabfaaa3ddec6
  Author: Bernd Edlinger 
  Date:   2024-07-08 (Mon, 08 Jul 2024)

  Changed paths:
M crypto/pkcs7/pk7_doit.c

  Log Message:
  ---
  Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22721)

(cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] fab911: Fix possible double-free in pkcs7 add_attribute fu...

2024-07-08 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.3
  Home:   https://github.com/openssl/openssl
  Commit: fab9111520f17be27dead558fb0230c1653f7610
  
https://github.com/openssl/openssl/commit/fab9111520f17be27dead558fb0230c1653f7610
  Author: Bernd Edlinger 
  Date:   2024-07-08 (Mon, 08 Jul 2024)

  Changed paths:
M crypto/pkcs7/pk7_doit.c

  Log Message:
  ---
  Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22721)

(cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] 6560ca: Fix possible double-free in pkcs7 add_attribute fu...

2024-07-08 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 6560ca8f24094b14d17cc454aa49ad1b59041e41
  
https://github.com/openssl/openssl/commit/6560ca8f24094b14d17cc454aa49ad1b59041e41
  Author: Bernd Edlinger 
  Date:   2024-07-08 (Mon, 08 Jul 2024)

  Changed paths:
M crypto/pkcs7/pk7_doit.c

  Log Message:
  ---
  Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22721)

(cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] ebe874: Fix possible double-free in pkcs7 add_attribute fu...

2024-07-08 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: ebe874a0a510e04f3ff043acd1548abd2eef46cb
  
https://github.com/openssl/openssl/commit/ebe874a0a510e04f3ff043acd1548abd2eef46cb
  Author: Bernd Edlinger 
  Date:   2024-07-08 (Mon, 08 Jul 2024)

  Changed paths:
M crypto/pkcs7/pk7_doit.c

  Log Message:
  ---
  Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22721)

(cherry picked from commit 82a13a1f5053462f826bfb90061f0f77e3cc98a5)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] 82a13a: Fix possible double-free in pkcs7 add_attribute fu...

2024-07-08 Thread Bernd Edlinger

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 82a13a1f5053462f826bfb90061f0f77e3cc98a5
  
https://github.com/openssl/openssl/commit/82a13a1f5053462f826bfb90061f0f77e3cc98a5
  Author: Bernd Edlinger 
  Date:   2024-07-08 (Mon, 08 Jul 2024)

  Changed paths:
M crypto/pkcs7/pk7_doit.c

  Log Message:
  ---
  Fix possible double-free in pkcs7 add_attribute function

The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22721)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] 12d40c: Fix error handling in CMS_EncryptedData_encrypt

2024-05-06 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.3
  Home:   https://github.com/openssl/openssl
  Commit: 12d40c9af546607de5809fc10a211ac7ae4646b3
  
https://github.com/openssl/openssl/commit/12d40c9af546607de5809fc10a211ac7ae4646b3
  Author: Bernd Edlinger 
  Date:   2024-05-06 (Mon, 06 May 2024)

  Changed paths:
M crypto/cms/cms_asn1.c
M crypto/cms/cms_env.c
M crypto/cms/cms_lib.c
M crypto/cms/cms_local.h
M crypto/cms/cms_sd.c
M crypto/cms/cms_smime.c
M test/recipes/80-test_cms.t

  Log Message:
  ---
  Fix error handling in CMS_EncryptedData_encrypt

That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used in the normal way, but instead just deleted
by CMS_ContentInfo_free some memory was lost.

Fixes #21985

Reviewed-by: Todd Short 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22031)

(cherry picked from commit 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] a0f6e1: Fix error handling in CMS_EncryptedData_encrypt

2024-05-06 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: a0f6e1f26287280b2961f6bab7addb7a5ad45c1e
  
https://github.com/openssl/openssl/commit/a0f6e1f26287280b2961f6bab7addb7a5ad45c1e
  Author: Bernd Edlinger 
  Date:   2024-05-06 (Mon, 06 May 2024)

  Changed paths:
M crypto/cms/cms_asn1.c
M crypto/cms/cms_env.c
M crypto/cms/cms_lib.c
M crypto/cms/cms_local.h
M crypto/cms/cms_sd.c
M crypto/cms/cms_smime.c
M test/recipes/80-test_cms.t

  Log Message:
  ---
  Fix error handling in CMS_EncryptedData_encrypt

That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used in the normal way, but instead just deleted
by CMS_ContentInfo_free some memory was lost.

Fixes #21985

Reviewed-by: Todd Short 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22031)

(cherry picked from commit 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] 6d2a01: Fix error handling in CMS_EncryptedData_encrypt

2024-05-06 Thread Bernd Edlinger

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2
  
https://github.com/openssl/openssl/commit/6d2a01cdfb56fdb8ea5d5dd417724e6906c8b8e2
  Author: Bernd Edlinger 
  Date:   2024-05-06 (Mon, 06 May 2024)

  Changed paths:
M crypto/cms/cms_asn1.c
M crypto/cms/cms_env.c
M crypto/cms/cms_lib.c
M crypto/cms/cms_local.h
M crypto/cms/cms_sd.c
M crypto/cms/cms_smime.c
M test/recipes/80-test_cms.t

  Log Message:
  ---
  Fix error handling in CMS_EncryptedData_encrypt

That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used in the normal way, but instead just deleted
by CMS_ContentInfo_free some memory was lost.

Fixes #21985

Reviewed-by: Todd Short 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/22031)



To unsubscribe from these emails, change your notification settings at 
https://github.com/openssl/openssl/settings/notifications

[openssl/openssl] 511d8c: Resign test/certs/rootCA.pem to expire in 100 years

2022-11-12 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 511d8c0fb0eaaba4118362ac791f0ed09f89385e
  
https://github.com/openssl/openssl/commit/511d8c0fb0eaaba4118362ac791f0ed09f89385e
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/rootCA.pem

  Log Message:
  ---
  Resign test/certs/rootCA.pem to expire in 100 years

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)

[openssl/openssl] cf1a7c: Update the validity period of ed25519 cerificates

2022-11-12 Thread Bernd Edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.com/openssl/openssl
  Commit: cf1a7cf22eb4d66bb62e0424fa1c8b9e6f7aefaa
  
https://github.com/openssl/openssl/commit/cf1a7cf22eb4d66bb62e0424fa1c8b9e6f7aefaa
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/ee-ed25519.pem
M test/certs/root-ed25519.pem

  Log Message:
  ---
  Update the validity period of ed25519 cerificates

Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)


  Commit: f868abcc5dbcbed6ca2e33bdb9bf06c817a4cce3
  
https://github.com/openssl/openssl/commit/f868abcc5dbcbed6ca2e33bdb9bf06c817a4cce3
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/rootCA.pem

  Log Message:
  ---
  Resign test/certs/rootCA.pem to expire in 100 years

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)


Compare: https://github.com/openssl/openssl/compare/2c0ae1e92512...f868abcc5dbc

[openssl/openssl] 2f27b9: Update the validity period of ed25519 cerificates

2022-11-12 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 2f27b9363e878c0f318eefe59cd782b3f4530ce7
  
https://github.com/openssl/openssl/commit/2f27b9363e878c0f318eefe59cd782b3f4530ce7
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/ee-ed25519.pem
M test/certs/root-ed25519.pem

  Log Message:
  ---
  Update the validity period of ed25519 cerificates

Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)

[openssl/openssl] a7b0ea: Update the validity period of ed25519 cerificates

2022-11-12 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: a7b0ea5ad0486c83a4b58937b56ac06bc4f148c9
  
https://github.com/openssl/openssl/commit/a7b0ea5ad0486c83a4b58937b56ac06bc4f148c9
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/ee-ed25519.pem
M test/certs/root-ed25519.pem

  Log Message:
  ---
  Update the validity period of ed25519 cerificates

Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 42f917432999b34ad8618ae03a5f199738a2b5ba)


  Commit: 38977853ec07813535a0529b7b256b9180cb830b
  
https://github.com/openssl/openssl/commit/38977853ec07813535a0529b7b256b9180cb830b
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/rootCA.pem

  Log Message:
  ---
  Resign test/certs/rootCA.pem to expire in 100 years

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)

(cherry picked from commit 43086b1bd48958ce95fadba8459ad88675da4fdf)


Compare: https://github.com/openssl/openssl/compare/66ecce223ced...38977853ec07

[openssl/openssl] 42f917: Update the validity period of ed25519 cerificates

2022-11-12 Thread Bernd Edlinger

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 42f917432999b34ad8618ae03a5f199738a2b5ba
  
https://github.com/openssl/openssl/commit/42f917432999b34ad8618ae03a5f199738a2b5ba
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/ee-ed25519.pem
M test/certs/root-ed25519.pem

  Log Message:
  ---
  Update the validity period of ed25519 cerificates

Note: The private key is test/certs/root-ed25519.privkey.pem

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)


  Commit: 43086b1bd48958ce95fadba8459ad88675da4fdf
  
https://github.com/openssl/openssl/commit/43086b1bd48958ce95fadba8459ad88675da4fdf
  Author: Bernd Edlinger 
  Date:   2022-11-12 (Sat, 12 Nov 2022)

  Changed paths:
M test/certs/rootCA.pem

  Log Message:
  ---
  Resign test/certs/rootCA.pem to expire in 100 years

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19654)


Compare: https://github.com/openssl/openssl/compare/a0783b83a3bd...43086b1bd489

[openssl/openssl] 5b5ab6: Fix an occasional CI failure due to unaligned access

2022-10-16 Thread Bernd Edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: 5b5ab6ebe6d8bcb7487112d7382847abffb7c7ed
  
https://github.com/openssl/openssl/commit/5b5ab6ebe6d8bcb7487112d7382847abffb7c7ed
  Author: Bernd Edlinger 
  Date:   2022-10-13 (Thu, 13 Oct 2022)

  Changed paths:
M crypto/bn/rsaz_exp_x2.c

  Log Message:
  ---
  Fix an occasional CI failure due to unaligned access

This happens rarely, but only because very few CI runs
use the exotic CPU type that is necessary to execute
anything within rsaz_exp_x2.c and enable UBSAN at the same time.

crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 
0x61222cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte 
alignment
0x61222cc6: note: pointer points here
 84 a3 78 e0 8e 8d  4a a5 51 9c 57 d0 d6 41  f3 26 d1 4e e1 98 42 b5  3a 9f 04 
f1 73 d2 1d bf  73 44
 ^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
crypto/bn/rsaz_exp_x2.c:562:20 in
../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1
not ok 2 - Fuzzing server

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19412)

[openssl/openssl] 851152: Fix an occasional CI failure due to unaligned access

2022-10-13 Thread Bernd Edlinger

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 8511520842b744d1794ea794c032ce5f78cd874b
  
https://github.com/openssl/openssl/commit/8511520842b744d1794ea794c032ce5f78cd874b
  Author: Bernd Edlinger 
  Date:   2022-10-13 (Thu, 13 Oct 2022)

  Changed paths:
M crypto/bn/rsaz_exp_x2.c

  Log Message:
  ---
  Fix an occasional CI failure due to unaligned access

This happens rarely, but only because very few CI runs
use the exotic CPU type that is necessary to execute
anything within rsaz_exp_x2.c and enable UBSAN at the same time.

crypto/bn/rsaz_exp_x2.c:562:20: runtime error: load of misaligned address 
0x61222cc6 for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte 
alignment
0x61222cc6: note: pointer points here
 84 a3 78 e0 8e 8d  4a a5 51 9c 57 d0 d6 41  f3 26 d1 4e e1 98 42 b5  3a 9f 04 
f1 73 d2 1d bf  73 44
 ^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
crypto/bn/rsaz_exp_x2.c:562:20 in
../../util/wrap.pl ../../fuzz/server-test ../../fuzz/corpora/server => 1
not ok 2 - Fuzzing server

Reviewed-by: Hugo Landau 
Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/19394)

[openssl/openssl] 26cfeb: Fix copyright year issues

2022-07-30 Thread Bernd Edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.com/openssl/openssl
  Commit: 26cfeb76cfda55ba5248219f40252af7c2b22be1
  
https://github.com/openssl/openssl/commit/26cfeb76cfda55ba5248219f40252af7c2b22be1
  Author: Bernd Edlinger 
  Date:   2022-07-30 (Sat, 30 Jul 2022)

  Changed paths:
M .github/workflows/ci.yml
M crypto/asn1/charmap.pl
M crypto/bn/bn_prime.pl
M crypto/conf/keysets.pl
M crypto/objects/obj_dat.pl
M crypto/objects/objects.pl
M crypto/objects/objxref.pl
A util/perl/OpenSSL/copyright.pm

  Log Message:
  ---
  Fix copyright year issues

Fixes: #13765

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17706)

[openssl/openssl] 26cfeb: Fix copyright year issues

2022-07-30 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 26cfeb76cfda55ba5248219f40252af7c2b22be1
  
https://github.openssl.org/openssl/openssl/commit/26cfeb76cfda55ba5248219f40252af7c2b22be1
  Author: Bernd Edlinger 
  Date:   2022-07-30 (Sat, 30 Jul 2022)

  Changed paths:
M .github/workflows/ci.yml
M crypto/asn1/charmap.pl
M crypto/bn/bn_prime.pl
M crypto/conf/keysets.pl
M crypto/objects/obj_dat.pl
M crypto/objects/objects.pl
M crypto/objects/objxref.pl
A util/perl/OpenSSL/copyright.pm

  Log Message:
  ---
  Fix copyright year issues

Fixes: #13765

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17706)

[openssl/openssl] 625849: Fix visual glitch in non-verbose test output

2022-07-26 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 625849ef3834d66d59559648420e4506cb1f3671
  
https://github.openssl.org/openssl/openssl/commit/625849ef3834d66d59559648420e4506cb1f3671
  Author: Bernd Edlinger 
  Date:   2022-07-26 (Tue, 26 Jul 2022)

  Changed paths:
M test/recipes/80-test_cmp_http.t

  Log Message:
  ---
  Fix visual glitch in non-verbose test output

This fixes a glitch in the non-verbose test output
$ make test
[...]
80-test_ciphername.t  ok
80-test_cmp_http.t .. 5/?
80-test_cmp_http.t .. ok   611
80-test_cms.t ... ok
80-test_cmsapi.t  ok

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18401)

(cherry picked from commit 128d1c3c0a12fe68175a460e06daf1e0d940f681)

[openssl/openssl] ad2f4c: Remove duplicated BIO_get_ktls_send calls in do_ss...

2022-07-18 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: ad2f4cdcb1875b16e0f5581ab1ee0bae572c68e6
  
https://github.openssl.org/openssl/openssl/commit/ad2f4cdcb1875b16e0f5581ab1ee0bae572c68e6
  Author: Bernd Edlinger 
  Date:   2022-07-18 (Mon, 18 Jul 2022)

  Changed paths:
M ssl/record/rec_layer_s3.c
M ssl/record/ssl3_record.c

  Log Message:
  ---
  Remove duplicated BIO_get_ktls_send calls in do_ssl3_write

This rather long function used to call BIO_get_ktls_send
mutliple times, although that result cannot change during
the execution of that function.
There was a similar unnecessary call to BIO_get_ktls_recv
in ssl3_get_record.
And while I'm already there, rewrite ssl3_write_bytes
to use BIO_get_ktls_send as a boolean (so using "!" instead
of "== 0").

Reviewed-by: Hugo Landau 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18304)

[openssl/openssl] 17098c: Make the DRBG seed propagation thread safe

2022-07-09 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 17098c116d68b3a01fcb688487dccdc0c10b8f63
  
https://github.openssl.org/openssl/openssl/commit/17098c116d68b3a01fcb688487dccdc0c10b8f63
  Author: Bernd Edlinger 
  Date:   2022-07-09 (Sat, 09 Jul 2022)

  Changed paths:
M crypto/rand/drbg_lib.c
M crypto/rand/rand_lib.c

  Log Message:
  ---
  Make the DRBG seed propagation thread safe

Currently there is a race possible because the reseed_counter
of the master drbg may be incremented after the get_entropy call.
Therefore access the parent's reseed_counter while still holding
the rand_drbg_lock.

This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16900)

[openssl/openssl] 385026: Fix reported performance degradation on aarch64

2022-07-08 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 38502628e1d8450cf412c6ab180f46af26ecd8d9
  
https://github.openssl.org/openssl/openssl/commit/38502628e1d8450cf412c6ab180f46af26ecd8d9
  Author: Bernd Edlinger 
  Date:   2022-07-08 (Fri, 08 Jul 2022)

  Changed paths:
M crypto/aes/asm/aesv8-armx.pl

  Log Message:
  ---
  Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR 
mode")
for 64bit targets only, since it is reportedly 2-17% slower,
and the silicon errata only affects 32bit targets.
Only for 32bit targets the new algorithm is used.

Fixes #18445

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18581)

(cherry picked from commit 65523758e546fcef0f930e5f8878ef51d174dbc8)

[openssl/openssl] 655237: Fix reported performance degradation on aarch64

2022-07-08 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 65523758e546fcef0f930e5f8878ef51d174dbc8
  
https://github.openssl.org/openssl/openssl/commit/65523758e546fcef0f930e5f8878ef51d174dbc8
  Author: Bernd Edlinger 
  Date:   2022-07-08 (Fri, 08 Jul 2022)

  Changed paths:
M crypto/aes/asm/aesv8-armx.pl

  Log Message:
  ---
  Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR 
mode")
for 64bit targets only, since it is reportedly 2-17% slower,
and the silicon errata only affects 32bit targets.
Only for 32bit targets the new algorithm is used.

Fixes #18445

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18581)

[openssl/openssl] a93780: Fix a memory leak in tls13_generate_secret

2022-07-06 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: a937806043bda5775091844050e8c632a41922ac
  
https://github.openssl.org/openssl/openssl/commit/a937806043bda5775091844050e8c632a41922ac
  Author: Bernd Edlinger 
  Date:   2022-07-07 (Thu, 07 Jul 2022)

  Changed paths:
M ssl/tls13_enc.c

  Log Message:
  ---
  Fix a memory leak in tls13_generate_secret

This was found by my Reproducible Error Injection patch (#18356)

Due to the exact location of the injected memory
error the sha256 digest is missing, and this causes much later
the memory leak (and a failed assertion) in tls13_generate_secret.

But the reproduction is a bit challenging, as it requires AESNI
and RDRAND capability.

OPENSSL_ia32cap=0x4200 ERROR_INJECT=1657070330 
../util/shlib_wrap.sh ./client-test 
./corpora/client/791afc153e17db072175eeef85385a38d7f6d194
#0 0x7fceaffb7d4f in __sanitizer_print_stack_trace 
../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
#6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39
#7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275
#8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264
#9 0x7fceaf69b4de in __pthread_once_slow 
/build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
#10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
#11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677
#12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611
#13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190
#14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
#15 0x55fb9117e939 in main fuzz/test-corpus.c:194
#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
#17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)

#0 0x7fceaffb7d4f in __sanitizer_print_stack_trace 
../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
#6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87
#7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24
#8 0x7fceaf69b4de in __pthread_once_slow 
/build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
#9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
#10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193
#11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
#12 0x55fb9117e939 in main fuzz/test-corpus.c:194
#13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
#14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)

=
==1320996==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 80 byte(s) in 1 object(s) allocated from:
#0 0x7fceaffaa808 in __interceptor_malloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144
#3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250
#4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174
#5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833
#6 0x7fceafdde91c in tls_parse_stoc_key_share 
ssl/statem/extensions_clnt.c:1902
#7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752
#8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698
#9 0x7fceafe01f87 in ossl_statem_client_process_message 
ssl/statem/statem_clnt.c:1034
#10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636
#11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434
#12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98
#14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182
#15 0x55fb9117eb92 in main fuzz/test-corpus.c:226
#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308

Indirect leak of 1080 byte(s) in 1 object(s) allocated from:
#0 0x7fceaffaa808 in __interceptor_malloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51
#3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160
#4 0x7fceafa03b36 in

[openssl/openssl] a8f6d7: Fix reported performance degradation on aarch64

2022-07-06 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: a8f6d73fda64d514171e99a50d1483c0c0b8d968
  
https://github.openssl.org/openssl/openssl/commit/a8f6d73fda64d514171e99a50d1483c0c0b8d968
  Author: Bernd Edlinger 
  Date:   2022-07-06 (Wed, 06 Jul 2022)

  Changed paths:
M crypto/aes/asm/aesv8-armx.pl

  Log Message:
  ---
  Fix reported performance degradation on aarch64

This restores the implementation prior to
commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR 
mode")
for 64bit targets only, since it is reportedly 2-17% slower,
and the silicon errata only affects 32bit targets.
Only for 32bit targets the new algorithm is used.

Fixes #18445

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
Reviewed-by: Hugo Landau 
(Merged from https://github.com/openssl/openssl/pull/18539)

[openssl/openssl] 4c1cf6: Fix compile issues in test/v3ext.c with no-rfc3779

2022-07-04 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
  
https://github.openssl.org/openssl/openssl/commit/4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
  Author: Bernd Edlinger 
  Date:   2022-07-05 (Tue, 05 Jul 2022)

  Changed paths:
M test/v3ext.c

  Log Message:
  ---
  Fix compile issues in test/v3ext.c with no-rfc3779

There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18634)

(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)

[openssl/openssl] 6c8879: Fix a memory leak in EC_GROUP_new_from_ecparameters

2022-06-24 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 6c8879c8bf6030666c851623f93fff03c1266715
  
https://github.openssl.org/openssl/openssl/commit/6c8879c8bf6030666c851623f93fff03c1266715
  Author: Bernd Edlinger 
  Date:   2022-06-25 (Sat, 25 Jun 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix a memory leak in EC_GROUP_new_from_ecparameters

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto

[openssl/openssl] cc7c12: Fix a memory leak in EC_GROUP_new_from_ecparameters

2022-06-24 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: cc7c127d697aba4f9630f5516d6f0e680f20332a
  
https://github.openssl.org/openssl/openssl/commit/cc7c127d697aba4f9630f5516d6f0e680f20332a
  Author: Bernd Edlinger 
  Date:   2022-06-25 (Sat, 25 Jun 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix a memory leak in EC_GROUP_new_from_ecparameters

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn

[openssl/openssl] be5086: Fix a memory leak in EC_GROUP_new_from_ecparameters

2022-06-24 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: be50862e72d96e599fbbb69f41b5af651c97
  
https://github.openssl.org/openssl/openssl/commit/be50862e72d96e599fbbb69f41b5af651c97
  Author: Bernd Edlinger 
  Date:   2022-06-25 (Sat, 25 Jun 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix a memory leak in EC_GROUP_new_from_ecparameters

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756  (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)

=
==12221==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters 
crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c

[openssl/openssl] f49b5c: Add a CI workflow for no-rfc3779

2022-06-23 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: f49b5c3094a4b09ced0572e53a5ed1094b450618
  
https://github.openssl.org/openssl/openssl/commit/f49b5c3094a4b09ced0572e53a5ed1094b450618
  Author: Bernd Edlinger 
  Date:   2022-06-23 (Thu, 23 Jun 2022)

  Changed paths:
M .github/workflows/run-checker-ci.yml

  Log Message:
  ---
  Add a CI workflow for no-rfc3779

Currently this configurations seem to be failing.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18634)

(cherry picked from commit a09adac311975afcb5ad099b2e1cfc7eb1e72865)


  Commit: 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232
  
https://github.openssl.org/openssl/openssl/commit/665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232
  Author: Bernd Edlinger 
  Date:   2022-06-23 (Thu, 23 Jun 2022)

  Changed paths:
M test/v3ext.c

  Log Message:
  ---
  Fix compile issues in test/v3ext.c with no-rfc3779

There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18634)

(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)


Compare: 
https://github.openssl.org/openssl/openssl/compare/3d0da0c2a049...665ab12ed3f0

[openssl/openssl] a09ada: Add a CI workflow for no-rfc3779

2022-06-23 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: a09adac311975afcb5ad099b2e1cfc7eb1e72865
  
https://github.openssl.org/openssl/openssl/commit/a09adac311975afcb5ad099b2e1cfc7eb1e72865
  Author: Bernd Edlinger 
  Date:   2022-06-23 (Thu, 23 Jun 2022)

  Changed paths:
M .github/workflows/run-checker-ci.yml

  Log Message:
  ---
  Add a CI workflow for no-rfc3779

Currently this configurations seem to be failing.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18634)


  Commit: b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe
  
https://github.openssl.org/openssl/openssl/commit/b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe
  Author: Bernd Edlinger 
  Date:   2022-06-23 (Thu, 23 Jun 2022)

  Changed paths:
M test/v3ext.c

  Log Message:
  ---
  Fix compile issues in test/v3ext.c with no-rfc3779

There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18634)


Compare: 
https://github.openssl.org/openssl/openssl/compare/f7346cab45a7...b76efe61ea97

[openssl/openssl] 4650cf: Fix a use after free in error handling of hmac_dup

2022-06-10 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 4650cf23c84f33354e5284fbcf56f131aa83343b
  
https://github.openssl.org/openssl/openssl/commit/4650cf23c84f33354e5284fbcf56f131aa83343b
  Author: Bernd Edlinger 
  Date:   2022-06-10 (Fri, 10 Jun 2022)

  Changed paths:
M providers/implementations/macs/hmac_prov.c

  Log Message:
  ---
  Fix a use after free in error handling of hmac_dup

dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.

Fixes #18493

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18502)

(cherry picked from commit cec1699f1f54ba8b87f055776dc77b48dd37d5fa)

[openssl/openssl] cec169: Fix a use after free in error handling of hmac_dup

2022-06-10 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: cec1699f1f54ba8b87f055776dc77b48dd37d5fa
  
https://github.openssl.org/openssl/openssl/commit/cec1699f1f54ba8b87f055776dc77b48dd37d5fa
  Author: Bernd Edlinger 
  Date:   2022-06-10 (Fri, 10 Jun 2022)

  Changed paths:
M providers/implementations/macs/hmac_prov.c

  Log Message:
  ---
  Fix a use after free in error handling of hmac_dup

dst->digest needs to be zeroized in case HMAC_CTX_copy
or ossl_prov_digest_copy return failure.

Fixes #18493

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18502)

[openssl/openssl] 47d8a1: Change the SCT issuer key to RSA 2048

2022-06-03 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 47d8a1cb53e908132c26e96be0506dbc66773b0c
  
https://github.openssl.org/openssl/openssl/commit/47d8a1cb53e908132c26e96be0506dbc66773b0c
  Author: Bernd Edlinger 
  Date:   2022-06-03 (Fri, 03 Jun 2022)

  Changed paths:
M test/certs/embeddedSCTs1.pem
M test/certs/embeddedSCTs1.sct
M test/certs/embeddedSCTs1_issuer-key.pem
M test/certs/embeddedSCTs1_issuer.pem
M test/ssl-tests/12-ct.cnf.in

  Log Message:
  ---
  Change the SCT issuer key to RSA 2048

This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.

Reviewed-by: Paul Dale 
Reviewed-by: Todd Short 
(Merged from https://github.com/openssl/openssl/pull/18450)

(cherry picked from commit 479b9adb88b9050186c1e9fc94879906f378b14b)

[openssl/openssl] 479b9a: Change the SCT issuer key to RSA 2048

2022-06-03 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 479b9adb88b9050186c1e9fc94879906f378b14b
  
https://github.openssl.org/openssl/openssl/commit/479b9adb88b9050186c1e9fc94879906f378b14b
  Author: Bernd Edlinger 
  Date:   2022-06-03 (Fri, 03 Jun 2022)

  Changed paths:
M test/certs/embeddedSCTs1.pem
M test/certs/embeddedSCTs1.sct
M test/certs/embeddedSCTs1_issuer-key.pem
M test/certs/embeddedSCTs1_issuer.pem
M test/ssl-tests/12-ct.cnf
M test/ssl-tests/12-ct.cnf.in

  Log Message:
  ---
  Change the SCT issuer key to RSA 2048

This avoids the need to use SECLEVEL=1 in 12-ct.cnf.in.

Reviewed-by: Paul Dale 
Reviewed-by: Todd Short 
(Merged from https://github.com/openssl/openssl/pull/18450)

[openssl/openssl] 128d1c: Fix visual glitch in non-verbose test output

2022-05-28 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 128d1c3c0a12fe68175a460e06daf1e0d940f681
  
https://github.openssl.org/openssl/openssl/commit/128d1c3c0a12fe68175a460e06daf1e0d940f681
  Author: Bernd Edlinger 
  Date:   2022-05-28 (Sat, 28 May 2022)

  Changed paths:
M test/recipes/80-test_cmp_http.t

  Log Message:
  ---
  Fix visual glitch in non-verbose test output

This fixes a glitch in the non-verbose test output
$ make test
[...]
80-test_ciphername.t  ok
80-test_cmp_http.t .. 5/?
80-test_cmp_http.t .. ok   611
80-test_cms.t ... ok
80-test_cmsapi.t  ok

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18401)

[openssl/openssl] cb0c36: Fix style nits in crl_set_issuers

2022-05-25 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: cb0c36d124991e35a9e778056ec8fce23a14dad5
  
https://github.openssl.org/openssl/openssl/commit/cb0c36d124991e35a9e778056ec8fce23a14dad5
  Author: Bernd Edlinger 
  Date:   2022-05-25 (Wed, 25 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix style nits in crl_set_issuers

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18385)

[openssl/openssl] 8754fa: Fix a memory leak in crl_set_issuers

2022-05-25 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
  
https://github.openssl.org/openssl/openssl/commit/8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
  Author: Bernd Edlinger 
  Date:   2022-05-25 (Wed, 25 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a memory leak in crl_set_issuers

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test 
./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

=
==29625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28

[openssl/openssl] 046b0d: Fix a memory leak in crl_set_issuers

2022-05-25 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 046b0d7ad96d754cf39691fd3f1db01a9ee2dc7d
  
https://github.openssl.org/openssl/openssl/commit/046b0d7ad96d754cf39691fd3f1db01a9ee2dc7d
  Author: Bernd Edlinger 
  Date:   2022-05-25 (Wed, 25 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a memory leak in crl_set_issuers

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test 
./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

=
==29625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in

[openssl/openssl] e9007e: Fix a memory leak in crl_set_issuers

2022-05-25 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: e9007e09792e3735d4973743634ff55d354fc7d8
  
https://github.openssl.org/openssl/openssl/commit/e9007e09792e3735d4973743634ff55d354fc7d8
  Author: Bernd Edlinger 
  Date:   2022-05-25 (Wed, 25 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a memory leak in crl_set_issuers

This can be reproduced with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test 
./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706  (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)

=
==29625==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in

[openssl/openssl] 4a28f8: Fix a crash in ssl_security_cert_chain

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 4a28f8451fbc1848fd2d1b99203a7c75876123f6
  
https://github.openssl.org/openssl/openssl/commit/4a28f8451fbc1848fd2d1b99203a7c75876123f6
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M ssl/t1_lib.c

  Log Message:
  ---
  Fix a crash in ssl_security_cert_chain

Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty.  The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer:DEADLYSIGNAL
=
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 
0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in 
x509v3_cache_extensions
==8400==ABORTING

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18376)

(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

[openssl/openssl] 3be529: Fix a crash in ssl_security_cert_chain

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 3be529cd2eb4eb3eaaa7913af619fb9c918d4581
  
https://github.openssl.org/openssl/openssl/commit/3be529cd2eb4eb3eaaa7913af619fb9c918d4581
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M ssl/t1_lib.c

  Log Message:
  ---
  Fix a crash in ssl_security_cert_chain

Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty.  The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer:DEADLYSIGNAL
=
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 
0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in 
x509v3_cache_extensions
==8400==ABORTING

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18376)

(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)

[openssl/openssl] dc0ef2: Fix a crash in ssl_security_cert_chain

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: dc0ef292f7df4ce0c49c64b47726a6768f9ac044
  
https://github.openssl.org/openssl/openssl/commit/dc0ef292f7df4ce0c49c64b47726a6768f9ac044
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M ssl/t1_lib.c

  Log Message:
  ---
  Fix a crash in ssl_security_cert_chain

Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty.  The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# 
./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer:DEADLYSIGNAL
=
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x0158 (pc 
0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate 
ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936  (/home/ed/OPC/openssl/fuzz/server-test+0x402936)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in 
x509v3_cache_extensions
==8400==ABORTING

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18376)

[openssl/openssl] 59b8ec: Fix a memory leak in X509_issuer_and_serial_hash

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
  
https://github.openssl.org/openssl/openssl/commit/59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/x509/x509_cmp.c

  Log Message:
  ---
  Fix a memory leak in X509_issuer_and_serial_hash

This is reproducible with my error injection patch:

$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace 
../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start 
(/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

=
==1058475==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18370)

[openssl/openssl] 97c29c: Fix a memory leak in X509_issuer_and_serial_hash

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 97c29c0fdaab24898e449a3445609993b1c22e69
  
https://github.openssl.org/openssl/openssl/commit/97c29c0fdaab24898e449a3445609993b1c22e69
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/x509/x509_cmp.c

  Log Message:
  ---
  Fix a memory leak in X509_issuer_and_serial_hash

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace 
../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start 
(/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

=
==1058475==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18371)

(cherry picked from commit b7e28c0bb1cdc07e36c7dc2467083236b931de31)

[openssl/openssl] b7e28c: Fix a memory leak in X509_issuer_and_serial_hash

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: b7e28c0bb1cdc07e36c7dc2467083236b931de31
  
https://github.openssl.org/openssl/openssl/commit/b7e28c0bb1cdc07e36c7dc2467083236b931de31
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/x509/x509_cmp.c

  Log Message:
  ---
  Fix a memory leak in X509_issuer_and_serial_hash

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test 
./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace 
../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start 
(/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)

=
==1058475==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18371)

[openssl/openssl] e4b84b: Fix undefined behaviour in EC_GROUP_new_from_ecpar...

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
  
https://github.openssl.org/openssl/openssl/commit/e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix undefined behaviour in EC_GROUP_new_from_ecparameters

This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18363)

[openssl/openssl] 094304: Fix undefined behaviour in EC_GROUP_new_from_ecpar...

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 094304c5ef120f69e2bd2ff297515a91f348ace1
  
https://github.openssl.org/openssl/openssl/commit/094304c5ef120f69e2bd2ff297515a91f348ace1
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix undefined behaviour in EC_GROUP_new_from_ecparameters

This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18365)

(cherry picked from commit 97de6145851922a33f7afd9c308adfc1b2e5732b)

[openssl/openssl] 97de61: Fix undefined behaviour in EC_GROUP_new_from_ecpar...

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 97de6145851922a33f7afd9c308adfc1b2e5732b
  
https://github.openssl.org/openssl/openssl/commit/97de6145851922a33f7afd9c308adfc1b2e5732b
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_asn1.c

  Log Message:
  ---
  Fix undefined behaviour in EC_GROUP_new_from_ecparameters

This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18365)

[openssl/openssl] 8e1ece: Fix a memory leak in ec_key_simple_oct2priv

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 8e1ece20cdb4a584be5311370256c4e813c09826
  
https://github.openssl.org/openssl/openssl/commit/8e1ece20cdb4a584be5311370256c4e813c09826
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_key.c

  Log Message:
  ---
  Fix a memory leak in ec_key_simple_oct2priv

This is reproducible with my error injection patch:

$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test 
./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc 
failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve 
routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve 
routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong 
tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding 
routines:asn1_item_embed_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding 
routines:asn1_template_noexp_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 
lib:crypto/pem/pem_pkey.c:88:

=
==19676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18361)

[openssl/openssl] b8e87e: Fix a memory leak in ec_key_simple_oct2priv

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7
  
https://github.openssl.org/openssl/openssl/commit/b8e87e8ff33ed5c0325101ce6b1a6a01c80611f7
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_key.c

  Log Message:
  ---
  Fix a memory leak in ec_key_simple_oct2priv

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test 
./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc 
failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve 
routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve 
routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong 
tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding 
routines:asn1_item_embed_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding 
routines:asn1_template_noexp_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 
lib:crypto/pem/pem_pkey.c:88:

=
==19676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18366)

(cherry picked from commit 22a96c6be41897d11a18455b2ab142422bc57f3f)

[openssl/openssl] 22a96c: Fix a memory leak in ec_key_simple_oct2priv

2022-05-24 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 22a96c6be41897d11a18455b2ab142422bc57f3f
  
https://github.openssl.org/openssl/openssl/commit/22a96c6be41897d11a18455b2ab142422bc57f3f
  Author: Bernd Edlinger 
  Date:   2022-05-24 (Tue, 24 May 2022)

  Changed paths:
M crypto/ec/ec_key.c

  Log Message:
  ---
  Fix a memory leak in ec_key_simple_oct2priv

This is reproducible with my error injection patch.

The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.

$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test 
./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc 
failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve 
routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve 
routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong 
tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding 
routines:asn1_item_embed_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding 
routines:asn1_template_noexp_d2i:nested asn1 
error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 
lib:crypto/pem/pem_pkey.c:88:

=
==19676==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc 
../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18366)

[openssl/openssl] 8e60f4: Fix a crash in asn1_item_embed_new

2022-05-22 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 8e60f41d064786f95440e4c56660ffe983d7
  
https://github.openssl.org/openssl/openssl/commit/8e60f41d064786f95440e4c56660ffe983d7
  Author: Bernd Edlinger 
  Date:   2022-05-23 (Mon, 23 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a crash in asn1_item_embed_new

This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized.  Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.

The error can be reproduced with the reproducible error injection patch:

$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test 
./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer:DEADLYSIGNAL
=
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 
0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18360)

(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

[openssl/openssl] e539c4: Fix a crash in asn1_item_embed_new

2022-05-22 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: e539c4c41aa56fa66e7be86fcc14ac3910b474a6
  
https://github.openssl.org/openssl/openssl/commit/e539c4c41aa56fa66e7be86fcc14ac3910b474a6
  Author: Bernd Edlinger 
  Date:   2022-05-23 (Mon, 23 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a crash in asn1_item_embed_new

This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized.  Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.

The error can be reproduced with the reproducible error injection patch:

$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test 
./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer:DEADLYSIGNAL
=
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 
0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18360)

(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)

[openssl/openssl] 557825: Fix a crash in asn1_item_embed_new

2022-05-22 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 557825acd622f98fc21423aba092e374db84f483
  
https://github.openssl.org/openssl/openssl/commit/557825acd622f98fc21423aba092e374db84f483
  Author: Bernd Edlinger 
  Date:   2022-05-23 (Mon, 23 May 2022)

  Changed paths:
M crypto/x509/x_crl.c

  Log Message:
  ---
  Fix a crash in asn1_item_embed_new

This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized.  Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.

The error can be reproduced with the reproducible error injection patch:

$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test 
./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace 
../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer:DEADLYSIGNAL
=
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x0010 (pc 
0x7faae9b0625f bp 0x7fe41a00 sp 0x7fe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21f44)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18360)

[openssl/openssl] 03ba56: Backport some fuzzing data files from master

2022-05-20 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 03ba56f1525c93eb3dfe72f85cdc698b97918e59
  
https://github.openssl.org/openssl/openssl/commit/03ba56f1525c93eb3dfe72f85cdc698b97918e59
  Author: Bernd Edlinger 
  Date:   2022-05-21 (Sat, 21 May 2022)

  Changed paths:
A fuzz/corpora/x509/21c8004279f4b57fd8f904382cf138effd089b25
A fuzz/corpora/x509/2bd8a58cc944497f08ea233d69443d6696c9fb3f
A fuzz/corpora/x509/2fe700400bc899b9e7f30d66be5b19271ac47c64
A fuzz/corpora/x509/31305f3b3ee0a5510918efdad62d29da23c1d057
A fuzz/corpora/x509/382c9ce318e5d7abe889c3b2e9ace063d9ef5344
A fuzz/corpora/x509/39cf74c117b5dba51828cff51a27790c737045d7
A fuzz/corpora/x509/57927e05973120e02ca3e0af582a70d3398f085f
A fuzz/corpora/x509/5dbc640a493e76958fdb2c73c9da4d9101f30061
A fuzz/corpora/x509/6a1cee93d3b815669b0c65bde8e391c614a29ea3
A fuzz/corpora/x509/6dcc554810035cc46962eac88c1883623f3e69c6
A fuzz/corpora/x509/76b8ba06006375c9c47466dacf3a53021672df12
A fuzz/corpora/x509/8b5fc9262d78c8c87d100ead207dc93df6361295
A fuzz/corpora/x509/9900db635402ea32ef26249b5f811a0d85a56385
A fuzz/corpora/x509/9901a721c7fe85b8208198cc5e77ac719f592577
A fuzz/corpora/x509/aa0e6c5373568c9d7f48dc627d19400208baed83
A fuzz/corpora/x509/b1259bf4ca791b0f46887d9a959598e3ed5b6d33
A fuzz/corpora/x509/b73532123cb6a663e8cf7334de9c9771ecb432f7
A fuzz/corpora/x509/ce89063b8353b1880cb86f73f618a4008d83532a
A fuzz/corpora/x509/d056ac458b78c0344a83c0383f76a20dbb4dcdbc
A fuzz/corpora/x509/d57f9f790ec3895b7e11969a0b319bf274284be3
A fuzz/corpora/x509/d60a803dc64c2f98c732660fb006b944df9f9270
A fuzz/corpora/x509/e690741d65108fc3e8ce0af814e6b6967cfad51c
A fuzz/corpora/x509/e7c6f4d50fb62030e2259c94f3a423e0d1c0fa16
A fuzz/corpora/x509/e8ff454fe20035d1ee1c6fbb50cda330e8a48d47
A fuzz/corpora/x509/ea973eb22df5eedd5f52639e1ad0950118c76b2e
A fuzz/corpora/x509/ebabb2852689b7bedc46cc38d10deb4a4be8c8f7
A fuzz/corpora/x509/ec16dacfbdb34e2a1f0909ec9c59f9e6fa7d5ab3
A fuzz/corpora/x509/ee7a250cc7b123f8f3000fa2b0c045efd080f752
A fuzz/corpora/x509/f11550062adba3ac78fccf835a882a68e1bffab2
A fuzz/corpora/x509/f11f61828aa0a0fecaf44cbc155d7e174d814eb6
A fuzz/corpora/x509/f1506975d926f6e98be686ea147854951d8fefcc
A fuzz/corpora/x509/f3aebf0d2a2db39f8e4917e5b6a0e5fb0e0ce806
A fuzz/corpora/x509/f5f0426c6dafa100b79a8675f15aca90a68d9e16
A fuzz/corpora/x509/f6735b84d4c704f3674a50e6475c83bc2a3d6f1f
A fuzz/corpora/x509/fa4768c5efcb1b5c8ecda30b263f5e9ca4320718
A fuzz/corpora/x509/fae428be68618af3fc3fb89ab79d92f9d1a9b1b9
A fuzz/corpora/x509/fb92fed0a0bc2235437683e655533d84b64a59c0
A fuzz/corpora/x509/fc48a26e3e5e2a9229452819e8605b1cbfdd9892
A fuzz/corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2

  Log Message:
  ---
  Backport some fuzzing data files from master

This is a backport of the following commit from master:

commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy 
Date:   Tue Sep 21 15:48:27 2021 -0700

increase x509 code coverage metrics

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16651)

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18347)


  Commit: 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
  
https://github.openssl.org/openssl/openssl/commit/17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
  Author: Bernd Edlinger 
  Date:   2022-05-21 (Sat, 21 May 2022)

  Changed paths:
M crypto/x509v3/v3_sxnet.c
A fuzz/corpora/crl/4d72381f46c50eb9cabd8aa27f456962bf013b28

  Log Message:
  ---
  Backport a missing bug-fix from master

This is a backport of the following commit from master:

commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell 
Date:   Thu Nov 19 13:58:21 2020 +

Don't Overflow when printing Thawte Strong Extranet Version

When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.

Issue found by OSSFuzz.

Reviewed-by: Ben Kaduk 
(Merged from https://github.com/openssl/openssl/pull/13452)

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18347)


Compare: 
https://github.openssl.org/openssl/openssl/compare/e04ba889594d...17519e2595b5

[openssl/openssl] c6c360: Fix KTLS with BIO_new_connect

2022-05-17 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: c6c3602e943b1e9acfa79c3a27d3b47e7b116064
  
https://github.openssl.org/openssl/openssl/commit/c6c3602e943b1e9acfa79c3a27d3b47e7b116064
  Author: Bernd Edlinger 
  Date:   2022-05-17 (Tue, 17 May 2022)

  Changed paths:
M crypto/bio/bio_sock.c
M crypto/bio/bio_sock2.c
M crypto/bio/bss_conn.c
M test/ssl_old_test.c

  Log Message:
  ---
  Fix KTLS with BIO_new_connect

When a socket connection is done using BIO_new_connect,
the ktls_enable is done too early, and fails with ENOTCONN.
Therefore the KLTS ioctl will fail later with ENOPROTOOPT.
Fix that by doing the ktls_enable after the connection
succeeded, not when the socket is created as that will
always fail.

One example where this happens is doit_localhost in
test/ssl_old_test.c, and therefore, contrary to the expectation
the -client_ktls option did never enable the client KTLS
connection, but this was not noticed, because there was no
diagnostic output, and it was only visible with strace output.

Also enhanced the ssl_old_test -client_ktls/-server_ktls
options together with -v option to print a summary line
if and how KTLS was negotiated in server and client.

While I am already there adjusted the usage info of
the -s_cert, -s_key commands, and allow -time to print the
timings of ktls connections.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18318)

(cherry picked from commit 598bd7741568a1aae678e5472f18aae1ab991e8d)

[openssl/openssl] 598bd7: Fix KTLS with BIO_new_connect

2022-05-17 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 598bd7741568a1aae678e5472f18aae1ab991e8d
  
https://github.openssl.org/openssl/openssl/commit/598bd7741568a1aae678e5472f18aae1ab991e8d
  Author: Bernd Edlinger 
  Date:   2022-05-17 (Tue, 17 May 2022)

  Changed paths:
M crypto/bio/bio_sock.c
M crypto/bio/bio_sock2.c
M crypto/bio/bss_conn.c
M test/ssl_old_test.c

  Log Message:
  ---
  Fix KTLS with BIO_new_connect

When a socket connection is done using BIO_new_connect,
the ktls_enable is done too early, and fails with ENOTCONN.
Therefore the KLTS ioctl will fail later with ENOPROTOOPT.
Fix that by doing the ktls_enable after the connection
succeeded, not when the socket is created as that will
always fail.

One example where this happens is doit_localhost in
test/ssl_old_test.c, and therefore, contrary to the expectation
the -client_ktls option did never enable the client KTLS
connection, but this was not noticed, because there was no
diagnostic output, and it was only visible with strace output.

Also enhanced the ssl_old_test -client_ktls/-server_ktls
options together with -v option to print a summary line
if and how KTLS was negotiated in server and client.

While I am already there adjusted the usage info of
the -s_cert, -s_key commands, and allow -time to print the
timings of ktls connections.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/18318)

[openssl/openssl] fcbd8b: Update .gitignore

2022-05-06 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: fcbd8be18229ef7aa32369d2e9c747348f7d6490
  
https://github.openssl.org/openssl/openssl/commit/fcbd8be18229ef7aa32369d2e9c747348f7d6490
  Author: Bernd Edlinger 
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
M .gitignore

  Log Message:
  ---
  Update .gitignore

add /test/evp_pkey_ctx_new_from_name

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18251)

(cherry picked from commit ac23650c1e53658227436aecc8de03a7ac3d1b9a)

[openssl/openssl] ac2365: Update .gitignore

2022-05-06 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: ac23650c1e53658227436aecc8de03a7ac3d1b9a
  
https://github.openssl.org/openssl/openssl/commit/ac23650c1e53658227436aecc8de03a7ac3d1b9a
  Author: Bernd Edlinger 
  Date:   2022-05-06 (Fri, 06 May 2022)

  Changed paths:
M .gitignore

  Log Message:
  ---
  Update .gitignore

add /test/evp_pkey_ctx_new_from_name

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/18251)

[openssl/openssl] 564a8d: Fix an assertion in the DTLS server code

2022-04-14 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 564a8d442cbd8ce68d452ff2e8a58c0aea6b0632
  
https://github.openssl.org/openssl/openssl/commit/564a8d442cbd8ce68d452ff2e8a58c0aea6b0632
  Author: Bernd Edlinger 
  Date:   2022-04-14 (Thu, 14 Apr 2022)

  Changed paths:
M ssl/statem/statem_dtls.c
M test/dtls_mtu_test.c

  Log Message:
  ---
  Fix an assertion in the DTLS server code

This fixes an internal error alert from the server and
an unexpected connection failure in the release version,
but a failed assertion and a server crash in the
debug version.

Reproduce this issue with a DTLS server/client like that:

./openssl s_server -dtls -mtu 1500
./openssl s_client -dtls -maxfraglen 512

In the debug version a crash happens in the Server now:

./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == 
written
Aborted (core dumped)

While in the release version the handshake exceeds the
negotiated max fragment size, and fails because of this:

$ ./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ERROR
4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max 
fragment size:ssl/record/rec_layer_d1.c:826:
shutting down SSL
CONNECTION CLOSED

>From the client's point of view the connection fails
with an Internal Error Alert:

$ ./openssl s_client -dtls -maxfraglen 512
Connecting to ::1
CONNECTED(0003)
40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert 
internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80

and now the connection attempt fails unexpectedly.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18093)

(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)

[openssl/openssl] 0699e9: Fix an assertion in the DTLS server code

2022-04-14 Thread bernd-edlinger

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 0699e96f1f65a89222f1dfe054e69957801a4f1c
  
https://github.openssl.org/openssl/openssl/commit/0699e96f1f65a89222f1dfe054e69957801a4f1c
  Author: Bernd Edlinger 
  Date:   2022-04-14 (Thu, 14 Apr 2022)

  Changed paths:
M ssl/statem/statem_dtls.c
M test/dtls_mtu_test.c

  Log Message:
  ---
  Fix an assertion in the DTLS server code

This fixes an internal error alert from the server and
an unexpected connection failure in the release version,
but a failed assertion and a server crash in the
debug version.

Reproduce this issue with a DTLS server/client like that:

./openssl s_server -dtls -mtu 1500
./openssl s_client -dtls -maxfraglen 512

In the debug version a crash happens in the Server now:

./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == 
written
Aborted (core dumped)

While in the release version the handshake exceeds the
negotiated max fragment size, and fails because of this:

$ ./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ERROR
4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max 
fragment size:ssl/record/rec_layer_d1.c:826:
shutting down SSL
CONNECTION CLOSED

>From the client's point of view the connection fails
with an Internal Error Alert:

$ ./openssl s_client -dtls -maxfraglen 512
Connecting to ::1
CONNECTED(0003)
40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert 
internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80

and now the connection attempt fails unexpectedly.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18093)

(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)

[openssl/openssl] e915c3: Fix an assertion in the DTLS server code

2022-04-14 Thread bernd-edlinger

  Branch: refs/heads/master
  Home:   https://github.openssl.org/openssl/openssl
  Commit: e915c3f5381cd38ebdc1824c3ba9896ea7160103
  
https://github.openssl.org/openssl/openssl/commit/e915c3f5381cd38ebdc1824c3ba9896ea7160103
  Author: Bernd Edlinger 
  Date:   2022-04-14 (Thu, 14 Apr 2022)

  Changed paths:
M ssl/statem/statem_dtls.c
M test/dtls_mtu_test.c

  Log Message:
  ---
  Fix an assertion in the DTLS server code

This fixes an internal error alert from the server and
an unexpected connection failure in the release version,
but a failed assertion and a server crash in the
debug version.

Reproduce this issue with a DTLS server/client like that:

./openssl s_server -dtls -mtu 1500
./openssl s_client -dtls -maxfraglen 512

In the debug version a crash happens in the Server now:

./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == 
written
Aborted (core dumped)

While in the release version the handshake exceeds the
negotiated max fragment size, and fails because of this:

$ ./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ERROR
4057152ADA7F:error:0AC2:SSL routines:do_dtls1_write:exceeds max 
fragment size:ssl/record/rec_layer_d1.c:826:
shutting down SSL
CONNECTION CLOSED

>From the client's point of view the connection fails
with an Internal Error Alert:

$ ./openssl s_client -dtls -maxfraglen 512
Connecting to ::1
CONNECTED(0003)
40B76343377F:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert 
internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80

and now the connection attempt fails unexpectedly.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18093)

[openssl/openssl] 6e73a0: Fix a DTLS server hangup due to TLS13_AD_MISSING_E...

2022-04-13 Thread bernd-edlinger

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 6e73a0a0bd608daecb8e2c1e46de9d1014194c84
  
https://github.openssl.org/openssl/openssl/commit/6e73a0a0bd608daecb8e2c1e46de9d1014194c84
  Author: Bernd Edlinger 
  Date:   2022-04-13 (Wed, 13 Apr 2022)

  Changed paths:
M ssl/s3_enc.c
M ssl/t1_enc.c
M test/ssl-tests/10-resumption.conf
M test/ssl-tests/11-dtls_resumption.conf
M test/ssl-tests/protocol_version.pm

  Log Message:
  ---
  Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION

This causes the DTLS server to enter an error state:

./openssl s_server -dtls
./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt
[...]
Q
./openssl s_client -dtls -sess_in s1.txt
CONNECTED(0003)
^C
./openssl s_client -dtls
CONNECTED(0003)
140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert 
handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40

At this point the dtls server needs to be restarted,
because verify_cookie_callback always fails, because
the previous cookie is checked against the current one.
The reason for this is not fully understood.

In wireshark we see the following each time:
c->s Client Hello (without cookie)
s->c Hello Verify Request (with new cookie)
s->c Alert (Level: Fatal, Description: Handshake Failure)
c->s Client Hello (echoes new cookie)

The client gives up when the Alert arrives.
The Alert is triggered because the server calls
verify_cookie_callback with the previous cookie,
although it just sent the current cookie in the
Hello Verify Request.

However this does only happen because no Alert message
is sent when the client re-connects the session with
the missing -maxfraglen option.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/18094)

[openssl] master update

2022-02-12 Thread bernd . edlinger

The branch master has been updated
   via  8fff986d52606e1a33f9404504535e2e2aee3e8b (commit)
  from  0c47b8a879c6cd2d553831f930af5ee9df291eca (commit)


- Log -
commit 8fff986d52606e1a33f9404504535e2e2aee3e8b
Author: Bernd Edlinger 
Date:   Fri Jan 14 10:01:29 2022 +0100

Cleanup record length checks for KTLS

In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.

Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17504)

---

Summary of changes:
 ssl/record/ssl3_record.c   | 27 +--
 test/recipes/80-test_ssl_old.t | 22 --
 test/ssl_old_test.c| 11 +++
 3 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 86203849a9..5534814305 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -191,7 +191,7 @@ int ssl3_get_record(SSL *s)
 
 rr = RECORD_LAYER_get_rrec(&s->rlayer);
 rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
-is_ktls_left = (rbuf->left > 0);
+is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
 max_recs = s->max_pipelines;
 if (max_recs == 0)
 max_recs = 1;
@@ -408,7 +408,11 @@ int ssl3_get_record(SSL *s)
 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
 
-if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) {
+/* KTLS may use all of the buffer */
+if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left)
+len = SSL3_BUFFER_get_left(rbuf);
+
+if (thisrr->length > len) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW,
  SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
 return -1;
@@ -711,16 +715,27 @@ int ssl3_get_record(SSL *s)
 goto end;
 }
 
+/*
+ * Usually thisrr->length is the length of a single record, but when
+ * KTLS handles the decryption, thisrr->length may be larger than
+ * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced
+ * multiple records.
+ * Therefore we have to rely on KTLS to check the plaintext length
+ * limit in the kernel.
+ */
 if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
 
-/* If received packet overflows current Max Fragment Length setting */
+/*
+ * Check if the received packet overflows the current
+ * Max Fragment Length setting.
+ * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive.
+ */
 if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
-&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index b144bc9fb9..c1fb30f6b2 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -346,11 +346,9 @@ sub testssl {
 }
 
 
-# plan tests => 11;
-
 subtest 'standard SSL tests' => sub {
 ##
-plan tests => 13;
+plan tests => 19;
 
   SKIP: {
   skip "SSLv3 is not supported by this OpenSSL build", 4
@@ -378,7 +376,7 @@ sub testssl {
 }
 
   SKIP: {
-  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 8
+  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 14
   if $no_anytls;
 
 SKIP: {
@@ -406,17 +404,29 @@ sub testssl {
  'test sslv2/sslv3 with both client and server authentication via 
BIO pair and app verify');
 
 SKIP: {
-skip "No IPv4 available on this machine", 1
+skip "No IPv4 available on this machine", 4
 unless !disabled("sock") && have_IPv4();

[openssl] openssl-3.0 update

2022-02-12 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9 (commit)
  from  fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit)


- Log -
commit b5bcce5df1951ba2d7dd6a167826a3fe88f1dfd9
Author: Bernd Edlinger 
Date:   Fri Jan 14 10:01:29 2022 +0100

Cleanup record length checks for KTLS

In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.

Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17504)

(cherry picked from commit 8fff986d52606e1a33f9404504535e2e2aee3e8b)

---

Summary of changes:
 ssl/record/ssl3_record.c   | 27 +--
 test/recipes/80-test_ssl_old.t | 22 --
 test/ssl_old_test.c| 11 +++
 3 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index d4101618c6..4229c9c392 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -191,7 +191,7 @@ int ssl3_get_record(SSL *s)
 
 rr = RECORD_LAYER_get_rrec(&s->rlayer);
 rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
-is_ktls_left = (rbuf->left > 0);
+is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0);
 max_recs = s->max_pipelines;
 if (max_recs == 0)
 max_recs = 1;
@@ -408,7 +408,11 @@ int ssl3_get_record(SSL *s)
 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
 #endif
 
-if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) {
+/* KTLS may use all of the buffer */
+if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left)
+len = SSL3_BUFFER_get_left(rbuf);
+
+if (thisrr->length > len) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW,
  SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
 return -1;
@@ -711,16 +715,27 @@ int ssl3_get_record(SSL *s)
 goto end;
 }
 
+/*
+ * Usually thisrr->length is the length of a single record, but when
+ * KTLS handles the decryption, thisrr->length may be larger than
+ * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced
+ * multiple records.
+ * Therefore we have to rely on KTLS to check the plaintext length
+ * limit in the kernel.
+ */
 if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
 
-/* If received packet overflows current Max Fragment Length setting */
+/*
+ * Check if the received packet overflows the current
+ * Max Fragment Length setting.
+ * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive.
+ */
 if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
-&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)
-&& !BIO_get_ktls_recv(s->rbio)) {
+&& thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
 SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG);
 goto end;
 }
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index b144bc9fb9..c1fb30f6b2 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -346,11 +346,9 @@ sub testssl {
 }
 
 
-# plan tests => 11;
-
 subtest 'standard SSL tests' => sub {
 ##
-plan tests => 13;
+plan tests => 19;
 
   SKIP: {
   skip "SSLv3 is not supported by this OpenSSL build", 4
@@ -378,7 +376,7 @@ sub testssl {
 }
 
   SKIP: {
-  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 8
+  skip "Neither SSLv3 nor any TLS version are supported by this 
OpenSSL build", 14
   if $no_anytls;
 
 SKIP: {
@@ -406,17 +404,29 @@ sub testssl {
  'test sslv2/sslv3 with both client and server authentication via 
BIO pair and app verify');
 
 SKIP: {
-skip "No IPv4 available on this machine", 1
+skip "No IPv4 available on this machine", 4
 unle

[openssl] OpenSSL_1_1_1-stable update

2022-02-09 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  0418e993c717a6863f206feaa40673a261de7395 (commit)
   via  38ac4415a9cc4cca307c866e5fc548b889fe2bb6 (commit)
  from  8aa353679f0ad72f478a4800c22ad30f6b972370 (commit)


- Log -
commit 0418e993c717a6863f206feaa40673a261de7395
Author: Bernd Edlinger 
Date:   Sun Jan 16 17:59:17 2022 +0100

Check for presence of 3.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_get_base_id, we know it is linked to 3.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17541)

commit 38ac4415a9cc4cca307c866e5fc548b889fe2bb6
Author: Bernd Edlinger 
Date:   Mon Nov 22 21:50:04 2021 +0100

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17541)

---

Summary of changes:
 crypto/engine/eng_dyn.c  | 11 ++-
 include/openssl/engine.h |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 87c762edb8..b2c34b8da4 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -443,8 +443,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
  * We fail if the version checker veto'd the load *or* if it is
  * deferring to us (by returning its version) and we think it is too
  * old.
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 3.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_get_base_id is exported
+ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
+ * in openssl 1.1.x.  Therefore we take the presence of that symbol
+ * as an indication that the engine will be incompatible.
  */
-if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+if (vcheck_res < OSSL_DYNAMIC_OLDEST
+|| DSO_bind_func(ctx->dynamic_dso,
+ "EVP_PKEY_get_base_id") != NULL) {
 /* Fail */
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 0780f0fb5f..756751c6d3 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char 
*id,
 CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
  fns->mem_fns.realloc_fn, \
  fns->mem_fns.free_fn); \
+OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
 skip_cbs: \
 if (!fn(e, id)) return 0; \
 return 1; }

[openssl] openssl-3.0 update

2022-02-08 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2 (commit)
  from  01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit)


- Log -
commit db40ffab8dbf3ae0e932bb737ff787c6c1eb3ca2
Author: Bernd Edlinger 
Date:   Sun Jan 16 17:59:17 2022 +0100

Check for presence of 1.1.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 14db620282bea38dc44479e562cf9bb61a716444)

---

Summary of changes:
 crypto/engine/eng_dyn.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index c8a54f7d44..68b9ac311d 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -451,8 +451,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
  * We fail if the version checker veto'd the load *or* if it is
  * deferring to us (by returning its version) and we think it is too
  * old.
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 1.1.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_base_id is exported
+ * as a function in openssl 1.1.x, while it is a macro in openssl 3.x,
+ * and therefore only the symbol EVP_PKEY_get_base_id is available
+ * in openssl 3.x.
  */
-if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+if (vcheck_res < OSSL_DYNAMIC_OLDEST
+|| DSO_bind_func(ctx->dynamic_dso,
+ "EVP_PKEY_base_id") != NULL) {
 /* Fail */
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;

[openssl] openssl-3.0 update

2022-02-08 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  01d4f5cdd4125bd81878257ae357ff191bc31dd1 (commit)
  from  d7975674e5aaded44a6845d3d1beac08477a22ad (commit)


- Log -
commit 01d4f5cdd4125bd81878257ae357ff191bc31dd1
Author: Bernd Edlinger 
Date:   Mon Nov 22 21:50:04 2021 +0100

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

(cherry picked from commit 9362a1b32b7330e24d3bca230b412557caea095b)

---

Summary of changes:
 include/openssl/engine.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 25c3cf7c19..70c856a9cd 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -801,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char 
*id,
 CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
  fns->mem_fns.realloc_fn, \
  fns->mem_fns.free_fn); \
+OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
 skip_cbs: \
 if (!fn(e, id)) return 0; \
 return 1; }

[openssl] master update

2022-02-08 Thread bernd . edlinger

The branch master has been updated
   via  14db620282bea38dc44479e562cf9bb61a716444 (commit)
   via  9362a1b32b7330e24d3bca230b412557caea095b (commit)
  from  eafd3e9d07e99583a1439bb027e4d6af43e2df27 (commit)


- Log -
commit 14db620282bea38dc44479e562cf9bb61a716444
Author: Bernd Edlinger 
Date:   Sun Jan 16 17:59:17 2022 +0100

Check for presence of 1.1.x openssl runtime

if the newly loaded engine contains the symbol
EVP_PKEY_base_id, we know it is linked to 1.1.x openssl.
Abort loading this engine, as it will definitely crash.

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

commit 9362a1b32b7330e24d3bca230b412557caea095b
Author: Bernd Edlinger 
Date:   Mon Nov 22 21:50:04 2021 +0100

Prevent crash with engine using different openssl runtime

This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.

Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.

Fixes #15898

Reviewed-by: Richard Levitte 
(Merged from https://github.com/openssl/openssl/pull/17112)

---

Summary of changes:
 crypto/engine/eng_dyn.c  | 11 ++-
 include/openssl/engine.h |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index c8a54f7d44..68b9ac311d 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -451,8 +451,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
  * We fail if the version checker veto'd the load *or* if it is
  * deferring to us (by returning its version) and we think it is too
  * old.
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 1.1.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_base_id is exported
+ * as a function in openssl 1.1.x, while it is a macro in openssl 3.x,
+ * and therefore only the symbol EVP_PKEY_get_base_id is available
+ * in openssl 3.x.
  */
-if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+if (vcheck_res < OSSL_DYNAMIC_OLDEST
+|| DSO_bind_func(ctx->dynamic_dso,
+ "EVP_PKEY_base_id") != NULL) {
 /* Fail */
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 25c3cf7c19..70c856a9cd 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h
@@ -801,6 +801,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char 
*id,
 CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
  fns->mem_fns.realloc_fn, \
  fns->mem_fns.free_fn); \
+OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
 skip_cbs: \
 if (!fn(e, id)) return 0; \
 return 1; }

[openssl] OpenSSL_1_1_1-stable update

2022-01-12 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  5e7098e11581b6b3a4083a1c17889ed817e8ac22 (commit)
  from  f4942134815f95845706993c15ca7e4fd6e44627 (commit)


- Log -
commit 5e7098e11581b6b3a4083a1c17889ed817e8ac22
Author: Bernd Edlinger 
Date:   Tue Jan 11 12:10:35 2022 +0100

Remove unsafe call to OPENSSL_cpuid_setup

This function is inherently thread-unsafe,
and moreover it is unnecessary here, because
OPENSSL_init_crypto always calls it in a thread-safe way.

Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17468)

---

Summary of changes:
 crypto/engine/eng_all.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index b675ed7892..c570aeda3d 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -12,9 +12,6 @@
 
 void ENGINE_load_builtin_engines(void)
 {
-/* Some ENGINEs need this */
-OPENSSL_cpuid_setup();
-
 OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
 }

[openssl] master update

2022-01-08 Thread bernd . edlinger

The branch master has been updated
   via  40c24d74deaad8a0ad7566a68ea5ea757bc3ccef (commit)
  from  c30bc4e2093f47a37736944da548653bc08d774d (commit)


- Log -
commit 40c24d74deaad8a0ad7566a68ea5ea757bc3ccef
Author: David Benjamin 
Date:   Wed Dec 29 13:05:12 2021 -0500

Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.

However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.

Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.

(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
    Reviewed-by: Bernd Edlinger 
(Merged from https://github.com/openssl/openssl/pull/17373)

---

Summary of changes:
 crypto/aes/asm/aesv8-armx.pl  |  3 +++
 crypto/arm_arch.h |  5 -
 crypto/modes/asm/ghashv8-armx.pl  |  3 +++
 crypto/poly1305/asm/poly1305-armv8.pl | 24 
 4 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index c323179b2b..da10c44030 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -3613,6 +3613,9 @@ if ($flavour =~ /64/) {    64-bit 
code
s/\.[ui]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
 
+   # Switch preprocessor checks to aarch64 versions.
+   s/__ARME([BL])__/__AARCH64E$1__/go;
+
print $_,"\n";
 }
 } else {    32-bit code
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index ca48045670..848f06542c 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -21,11 +21,6 @@
 #  elif defined(__GNUC__)
 #   if   defined(__aarch64__)
 #define __ARM_ARCH__ 8
-#if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-# define __ARMEB__
-#else
-# define __ARMEL__
-#endif
   /*
* Why doesn't gcc define __ARM_ARCH__? Instead it defines
* bunch of below macros. See all_architectures[] table in
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
index 57f893e77c..a1cfad0ef6 100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
@@ -755,6 +755,9 @@ if ($flavour =~ /64/) {  64-bit 
code
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
 
+   # Switch preprocessor checks to aarch64 versions.
+   s/__ARME([BL])__/__AARCH64E$1__/go;
+
print $_,"\n";
 }
 } else {    32-bit code
diff --git a/crypto/poly1305/asm/poly1305-armv8.pl 
b/crypto/poly1305/asm/poly1305-armv8.pl
index 20816c4283..e2c7f2822c 100755
--- a/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/poly1305/asm/poly1305-armv8.pl
@@ -86,7 +86,7 @@ poly1305_init:
ldp $r0,$r1,[$inp]  // load key
mov $s1,#0xfffc0fff
movk$s1,#0x0fff,lsl#48
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $r0,$r0 // flip bytes
rev $r1,$r1
 #endif
@@ -136,7 +136,7 @@ poly1305_blocks:
 .Loop:
ldp $t0,$t1,[$inp],#16  // load input
sub $len,$len,#16
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $t0,$t0
rev $t1,$t1
 #endif
@@ -204,13 +204,13 @@ poly1305_emit:
csel$h0,$h0,$d0,eq
csel$h1,$h1,$d1,eq
 
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
 #endif
adds$h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
 #endif
@@ -345,7 +345,7 @@ poly1305_blocks_neon:
adcs$h1,$h1,xzr
adc $h2,$h2,xzr
 
-#ifdef __ARMEB__
+#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
 #endif
@@ -391,7 +391,7 @@ poly1305_blocks_neon:
ldp $d0,

[openssl] OpenSSL_1_1_1-stable update

2022-01-08 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  f4942134815f95845706993c15ca7e4fd6e44627 (commit)
  from  52d9a1d0448432182a5fab0753c236b29819a2a5 (commit)


- Log -
commit f4942134815f95845706993c15ca7e4fd6e44627
Author: Bernd Edlinger 
Date:   Fri Jan 7 10:18:58 2022 +0100

Fix password_callback to handle short passwords

Fixes #17426

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17439)

---

Summary of changes:
 apps/apps.c   | 8 ++--
 test/recipes/15-test_genrsa.t | 7 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index c06241abb9..531fbec551 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, 
PW_CB_DATA *cb_tmp)
 int ui_flags = 0;
 const char *prompt_info = NULL;
 char *prompt;
+int pw_min_len = PW_MIN_LENGTH;
 
 if (cb_data != NULL && cb_data->prompt_info != NULL)
 prompt_info = cb_data->prompt_info;
+if (cb_data != NULL && cb_data->password != NULL
+&& *(const char*)cb_data->password != '\0')
+pw_min_len = 1;
 prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
 if (!prompt) {
 BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, 
PW_CB_DATA *cb_tmp)
 (void)UI_add_user_data(ui, cb_data);
 
 ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ pw_min_len, bufsiz - 1);
 
 if (ok >= 0 && verify) {
 buff = app_malloc(bufsiz, "password buffer");
 ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
-  PW_MIN_LENGTH, bufsiz - 1, buf);
+  pw_min_len, bufsiz - 1, buf);
 }
 if (ok >= 0)
 do {
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e16a9a4042..c9bc6bdc8a 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
 
 setup("test_genrsa");
 
-plan tests => 5;
+plan tests => 7;
 
 # We want to know that an absurdly small number of bits isn't support
 is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, 
"genrsa -3 8");
@@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
 ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 
'genrsatest-enc.pem',
+   '-aes256', '-passout', 'pass:x' ])),
+   "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 
'pass:x' ])),
+   "rsa decrypt");

[openssl] openssl-3.0 update

2022-01-08 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  79fc479baf848e91a991a215d775d8aae844fbe5 (commit)
  from  e33f05660447c69e89f2e9f5d3140a56322411d5 (commit)


- Log -
commit 79fc479baf848e91a991a215d775d8aae844fbe5
Author: Bernd Edlinger 
Date:   Fri Jan 7 12:44:27 2022 +0100

Add a test case for the short password

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17441)

(cherry picked from commit 21095479c016f2ceaca0f71078fd27f0e9ba9375)

---

Summary of changes:
 test/recipes/15-test_genrsa.t | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e11ce8947a..1bba712863 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
 ($no_fips ? 0 : 3)  # Extra FIPS related tests
-+ 13;
++ 15;
 
 # We want to know that an absurdly small number of bits isn't support
 is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
@@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
 ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 
'genrsatest-enc.pem',
+   '-aes256', '-passout', 'pass:x' ])),
+   "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 
'pass:x' ])),
+   "rsa decrypt");
 
 unless ($no_fips) {
 my $provconf = srctop_file("test", "fips-and-base.cnf");

[openssl] master update

2022-01-08 Thread bernd . edlinger

The branch master has been updated
   via  21095479c016f2ceaca0f71078fd27f0e9ba9375 (commit)
  from  81b741f68984b2620166d0d6271fbd946bab9e7f (commit)


- Log -
commit 21095479c016f2ceaca0f71078fd27f0e9ba9375
Author: Bernd Edlinger 
Date:   Fri Jan 7 12:44:27 2022 +0100

Add a test case for the short password

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17441)

---

Summary of changes:
 test/recipes/15-test_genrsa.t | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e11ce8947a..1bba712863 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -25,7 +25,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 plan tests =>
 ($no_fips ? 0 : 3)  # Extra FIPS related tests
-+ 13;
++ 15;
 
 # We want to know that an absurdly small number of bits isn't support
 is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
@@ -103,6 +103,11 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 
'genrsatest.pem', $good ])),
"genrsa -f4 $good");
 ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 
'genrsatest-enc.pem',
+   '-aes256', '-passout', 'pass:x' ])),
+   "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 
'pass:x' ])),
+   "rsa decrypt");
 
 unless ($no_fips) {
 my $provconf = srctop_file("test", "fips-and-base.cnf");

[openssl] openssl-3.0 update

2022-01-06 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  ce2f4b6b1705526b3862b2f137dfcac0ad2cb558 (commit)
  from  7a30610902d6d19cfd1698498d3d4129f308e285 (commit)


- Log -
commit ce2f4b6b1705526b3862b2f137dfcac0ad2cb558
Author: Bernd Edlinger 
Date:   Wed Jan 5 17:25:02 2022 +0100

Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17427)

(cherry picked from commit fd84b9c3e94be1771d1b34ad857081f7693318aa)

---

Summary of changes:
 .github/workflows/ci.yml   | 2 ++
 crypto/asn1/charmap.h  | 2 +-
 crypto/bn/bn_prime.h   | 2 +-
 crypto/conf/conf_def.h | 2 +-
 crypto/objects/obj_xref.h  | 2 +-
 include/openssl/obj_mac.h  | 2 +-
 util/perl/OpenSSL/copyright.pm | 4 ++--
 7 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b52b8c15f4..32edfe064d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,6 +27,8 @@ jobs:
 sudo apt-get update
 sudo apt-get -yq --no-install-suggests --no-install-recommends 
--force-yes install unifdef
 - uses: actions/checkout@v2
+  with:
+fetch-depth: 0
 - name: config
   run: ./config --banner=Configured --strict-warnings enable-fips && perl 
configdata.pm --dump
 - name: make build_generated
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index 95928ca663..ac1eb076cc 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index d92f6dfa69..8a859ac02e 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index e5321bd30d..1f66a58e09 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index c08b5fc2ab..21a193ee98 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index edbd98b152..0e86027667 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/util/perl/OpenSSL/copyright.pm b/util/perl/OpenSSL/copyright.pm
index 1fd9f353f7..b82b67a0e6 100644
--- a/util/perl/OpenSSL/copyright.pm
+++ b/util/perl/OpenSSL/copyright.pm
@@ -23,11 +23,11 @@ sub year_of {
 
 # See if git's available
 open my $FH,
-   "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|"
+   "git log -1 --date=short --format=format:%cd $file 2>/dev/null|"
or return $YEAR;
 my $LINE = <$FH>;
 close $FH;
-chomp($LINE);
+$LINE =~ s/^([0-9]*)-.*/$1/;
 $YEAR = $LINE if $LINE;
 return $YEAR;
 }

[openssl] master update

2022-01-06 Thread bernd . edlinger

The branch master has been updated
   via  fd84b9c3e94be1771d1b34ad857081f7693318aa (commit)
  from  da198adb9c5626f31c52613fe2ae59a7066c3366 (commit)


- Log -
commit fd84b9c3e94be1771d1b34ad857081f7693318aa
Author: Bernd Edlinger 
Date:   Wed Jan 5 17:25:02 2022 +0100

Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17427)

---

Summary of changes:
 .github/workflows/ci.yml   | 2 ++
 crypto/asn1/charmap.h  | 2 +-
 crypto/bn/bn_prime.h   | 2 +-
 crypto/conf/conf_def.h | 2 +-
 crypto/objects/obj_xref.h  | 2 +-
 include/openssl/obj_mac.h  | 2 +-
 util/perl/OpenSSL/copyright.pm | 4 ++--
 7 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 103f4c774f..1f0ad4bc17 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,6 +27,8 @@ jobs:
 sudo apt-get update
 sudo apt-get -yq --no-install-suggests --no-install-recommends 
--force-yes install unifdef
 - uses: actions/checkout@v2
+  with:
+fetch-depth: 0
 - name: config
   run: ./config --banner=Configured --strict-warnings enable-fips && perl 
configdata.pm --dump
 - name: make build_generated
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index 95928ca663..ac1eb076cc 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index d92f6dfa69..8a859ac02e 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index e5321bd30d..1f66a58e09 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index c08b5fc2ab..21a193ee98 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index fb788d43d5..a9e51d7b38 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/util/perl/OpenSSL/copyright.pm b/util/perl/OpenSSL/copyright.pm
index 1fd9f353f7..b82b67a0e6 100644
--- a/util/perl/OpenSSL/copyright.pm
+++ b/util/perl/OpenSSL/copyright.pm
@@ -23,11 +23,11 @@ sub year_of {
 
 # See if git's available
 open my $FH,
-   "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|"
+   "git log -1 --date=short --format=format:%cd $file 2>/dev/null|"
or return $YEAR;
 my $LINE = <$FH>;
 close $FH;
-chomp($LINE);
+$LINE =~ s/^([0-9]*)-.*/$1/;
 $YEAR = $LINE if $LINE;
 return $YEAR;
 }

[openssl] master update

2021-12-13 Thread bernd . edlinger

The branch master has been updated
   via  17cca0e85e83eac23069ddc5c5ebab6d7dd13ee1 (commit)
  from  336923c0c8d705cb8af5216b29a205662db0d590 (commit)


- Log -
commit 17cca0e85e83eac23069ddc5c5ebab6d7dd13ee1
Author: Bernd Edlinger 
Date:   Sat Dec 11 21:25:23 2021 +0100

Remove some unnecessary undefs in bn_asm.c

This is likely the leftover of a previous hack,
and thus should be removed now.

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17259)

---

Summary of changes:
 crypto/bn/bn_asm.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
index 257701d9dc..485bfd838b 100644
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -422,11 +422,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, 
const BN_ULONG *b,
 
 #if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
 
-# undef bn_mul_comba8
-# undef bn_mul_comba4
-# undef bn_sqr_comba8
-# undef bn_sqr_comba4
-
 /* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
 /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
 /* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
@@ -950,8 +945,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const 
BN_ULONG *bp,
 #else   /* !BN_MUL_COMBA */
 
 /* hmm... is it faster just to do a multiply? */
-# undef bn_sqr_comba4
-# undef bn_sqr_comba8
 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 {
 BN_ULONG t[8];

[openssl] OpenSSL_1_1_1-stable update

2021-12-13 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (commit)
  from  8b35838b44e83f323eaa5d7aeecc45c8e2321cf8 (commit)


- Log -
commit e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
Author: Bernd Edlinger 
Date:   Sat Dec 11 20:28:11 2021 +0100

Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets

bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45

The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899

but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899

so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.

Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45

correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899

wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899

Fortunately the bn_mul_comba4/8 code paths are not affected.

Also the mips64 target does in fact not handle the carry propagation
correctly.

Example:
a=0x4aaac919 62056c84 fba7334e 1a6be678
022181ba fd3aa878 899b234635dad283 ee210f450001

correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17258)

(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)

---

Summary of changes:
 crypto/bn/asm/mips.pl |  4 
 test/bntest.c | 45 +
 2 files changed, 49 insertions(+)

diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 8ad715bda4..74101030f2 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1984,6 +1984,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
@@ -2194,6 +2196,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
diff --git a/test/bntest.c b/test/bntest.c
index b58028a301..bab34ba54b 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -627,6 +627,51 @@ static int test_modexp_mont5(void)
 if (!TEST_BN_eq(c, d))
 goto err;
 
+/*
+ * Regression test for overflow bug in bn_sqr_comba4/8 for
+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
+ */
+{
+static const char *ehex[] = {
+"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
+"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
+"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
+"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
+"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
+"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
+"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e",
+"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465",
+NULL};
+static const char *phex[] = {
+"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241",
+"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31",
+"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053",
+"c776d3982d391b6d04

[openssl] openssl-3.0 update

2021-12-13 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  3bf7b73ea7123045b8f972badc67ed6878e6c37f (commit)
  from  110b005465f3d3edb0fe0f61b87595d011770317 (commit)


- Log -
commit 3bf7b73ea7123045b8f972badc67ed6878e6c37f
Author: Bernd Edlinger 
Date:   Sat Dec 11 20:28:11 2021 +0100

Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets

bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45

The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899

but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899

so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.

Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45

correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899

wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899

Fortunately the bn_mul_comba4/8 code paths are not affected.

Also the mips64 target does in fact not handle the carry propagation
correctly.

Example:
a=0x4aaac919 62056c84 fba7334e 1a6be678
022181ba fd3aa878 899b234635dad283 ee210f450001

correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17258)

(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)

---

Summary of changes:
 crypto/bn/asm/mips.pl |  4 
 test/bntest.c | 45 +
 2 files changed, 49 insertions(+)

diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 95cb227dc5..91b7aac6e7 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1986,6 +1986,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
@@ -2196,6 +2198,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
diff --git a/test/bntest.c b/test/bntest.c
index 87e5c4065b..fa9fc07cef 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -630,6 +630,51 @@ static int test_modexp_mont5(void)
 if (!TEST_BN_eq(c, d))
 goto err;
 
+/*
+ * Regression test for overflow bug in bn_sqr_comba4/8 for
+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
+ */
+{
+static const char *ehex[] = {
+"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
+"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
+"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
+"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
+"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
+"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
+"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e",
+"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465",
+NULL};
+static const char *phex[] = {
+"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241",
+"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31",
+"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053",
+"c776d3982d391b6d04

[openssl] master update

2021-12-13 Thread bernd . edlinger

The branch master has been updated
   via  336923c0c8d705cb8af5216b29a205662db0d590 (commit)
  from  2490d10d5cca0163cad8045857248b175bdf83e7 (commit)


- Log -
commit 336923c0c8d705cb8af5216b29a205662db0d590
Author: Bernd Edlinger 
Date:   Sat Dec 11 20:28:11 2021 +0100

Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets

bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45

The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899

but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899

so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.

Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45

correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899

wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899

Fortunately the bn_mul_comba4/8 code paths are not affected.

Also the mips64 target does in fact not handle the carry propagation
correctly.

Example:
a=0x4aaac919 62056c84 fba7334e 1a6be678
022181ba fd3aa878 899b234635dad283 ee210f450001

correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a0001

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17258)

---

Summary of changes:
 crypto/bn/asm/mips.pl |  4 
 test/bntest.c | 45 +
 2 files changed, 49 insertions(+)

diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 95cb227dc5..91b7aac6e7 100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -1986,6 +1986,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
@@ -2196,6 +2198,8 @@ $code.=<<___;
sltu$at,$c_2,$t_1
$ADDU   $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+   sltu$at,$c_3,$t_2
+   $ADDU   $c_1,$at
mflo($t_1,$a_2,$a_0)
mfhi($t_2,$a_2,$a_0)
 ___
diff --git a/test/bntest.c b/test/bntest.c
index ebdd6fa944..69506a0e35 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -630,6 +630,51 @@ static int test_modexp_mont5(void)
 if (!TEST_BN_eq(c, d))
 goto err;
 
+/*
+ * Regression test for overflow bug in bn_sqr_comba4/8 for
+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
+ */
+{
+static const char *ehex[] = {
+"95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
+"38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
+"8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
+"5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
+"2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
+"a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
+"b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e",
+"da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465",
+NULL};
+static const char *phex[] = {
+"f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241",
+"a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31",
+"2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053",
+"c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439",
+"dc6fbd55

[openssl] OpenSSL_1_1_1-stable update

2021-12-09 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  ca607d6e94e11f5332abcc8fa4a4ccb967347efa (commit)
  from  7a045a4e5ad97f7e123ea33f1f188d2f1a03974b (commit)


- Log -
commit ca607d6e94e11f5332abcc8fa4a4ccb967347efa
Author: Bernd Edlinger 
Date:   Wed Dec 8 14:14:48 2021 +0100

Fix a deadlock in OBJ_NAME_add

This happened after an out of memory error:
CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17236)

---

Summary of changes:
 crypto/objects/o_names.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 979d83577c..15639d6778 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -67,8 +67,14 @@ static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(o_names_init)
 {
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+names_lh = NULL;
 obj_lock = CRYPTO_THREAD_lock_new();
+if (obj_lock != NULL)
+names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+if (names_lh == NULL) {
+CRYPTO_THREAD_lock_free(obj_lock);
+obj_lock = NULL;
+}
 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
 return names_lh != NULL && obj_lock != NULL;
 }
@@ -217,10 +223,8 @@ int OBJ_NAME_add(const char *name, int type, const char 
*data)
 type &= ~OBJ_NAME_ALIAS;
 
 onp = OPENSSL_malloc(sizeof(*onp));
-if (onp == NULL) {
-/* ERROR */
-goto unlock;
-}
+if (onp == NULL)
+return 0;
 
 onp->name = name;
 onp->alias = alias;

[openssl] openssl-3.0 update

2021-12-09 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  907b966981a1d6f1e1fcbf0ab752e040a49f1475 (commit)
  from  93838762b406efe3aad9c807a0fd1f48e6efe3ab (commit)


- Log -
commit 907b966981a1d6f1e1fcbf0ab752e040a49f1475
Author: Bernd Edlinger 
Date:   Wed Dec 8 14:14:48 2021 +0100

Minor code cleanup in o_names_init

This might result in a small memory leak.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17238)

(cherry picked from commit c50bf14450f3cd242f2211ca7e500191053d8050)

---

Summary of changes:
 crypto/objects/o_names.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 05aa8c44aa..92152eeb66 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -66,8 +66,14 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME 
*b);
 static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(o_names_init)
 {
-names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+names_lh = NULL;
 obj_lock = CRYPTO_THREAD_lock_new();
+if (obj_lock != NULL)
+names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+if (names_lh == NULL) {
+CRYPTO_THREAD_lock_free(obj_lock);
+obj_lock = NULL;
+}
 return names_lh != NULL && obj_lock != NULL;
 }

[openssl] master update

2021-12-09 Thread bernd . edlinger

The branch master has been updated
   via  c50bf14450f3cd242f2211ca7e500191053d8050 (commit)
  from  f0d5a3b6ea1bbe4e5dac5b69d853c015db635621 (commit)


- Log -
commit c50bf14450f3cd242f2211ca7e500191053d8050
Author: Bernd Edlinger 
Date:   Wed Dec 8 14:14:48 2021 +0100

Minor code cleanup in o_names_init

This might result in a small memory leak.

Reviewed-by: Tomas Mraz 
Reviewed-by: Matt Caswell 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17238)

---

Summary of changes:
 crypto/objects/o_names.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 05aa8c44aa..92152eeb66 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -66,8 +66,14 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME 
*b);
 static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(o_names_init)
 {
-names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+names_lh = NULL;
 obj_lock = CRYPTO_THREAD_lock_new();
+if (obj_lock != NULL)
+names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+if (names_lh == NULL) {
+CRYPTO_THREAD_lock_free(obj_lock);
+obj_lock = NULL;
+}
 return names_lh != NULL && obj_lock != NULL;
 }

[openssl] master update

2021-11-25 Thread bernd . edlinger

The branch master has been updated
   via  0a10825a009c830125fef94c81d34e41300a24a5 (commit)
  from  8e22f9d6d956ad583afe10b986519731c113ac80 (commit)


- Log -
commit 0a10825a009c830125fef94c81d34e41300a24a5
Author: Bernd Edlinger 
Date:   Wed Oct 24 23:10:38 2018 +0200

Enable brainpool curves for TLS1.3

See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/7485)

---

Summary of changes:
 include/internal/tlsgroups.h |  10 +++
 ssl/s3_lib.c |   5 +-
 ssl/ssl_local.h  |   5 ++
 ssl/statem/extensions.c  |   2 +-
 ssl/statem/extensions_clnt.c |  20 +-
 ssl/statem/extensions_srvr.c |  15 ++--
 ssl/statem/statem_lib.c  |   6 ++
 ssl/t1_lib.c | 129 +--
 ssl/t1_trce.c|   3 +
 test/ssl-tests/20-cert-select.cnf|   4 +-
 test/ssl-tests/20-cert-select.cnf.in |   4 +-
 11 files changed, 153 insertions(+), 50 deletions(-)

diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h
index 8a35ced122..73fb53bc5f 100644
--- a/include/internal/tlsgroups.h
+++ b/include/internal/tlsgroups.h
@@ -41,6 +41,16 @@
 # define OSSL_TLS_GROUP_ID_brainpoolP512r1  0x001C
 # define OSSL_TLS_GROUP_ID_x25519   0x001D
 # define OSSL_TLS_GROUP_ID_x448 0x001E
+# define OSSL_TLS_GROUP_ID_brainpoolP256r1_tls13 0x001F
+# define OSSL_TLS_GROUP_ID_brainpoolP384r1_tls13 0x0020
+# define OSSL_TLS_GROUP_ID_brainpoolP512r1_tls13 0x0021
+# define OSSL_TLS_GROUP_ID_gc256A   0x0022
+# define OSSL_TLS_GROUP_ID_gc256B   0x0023
+# define OSSL_TLS_GROUP_ID_gc256C   0x0024
+# define OSSL_TLS_GROUP_ID_gc256D   0x0025
+# define OSSL_TLS_GROUP_ID_gc512A   0x0026
+# define OSSL_TLS_GROUP_ID_gc512B   0x0027
+# define OSSL_TLS_GROUP_ID_gc512C   0x0028
 # define OSSL_TLS_GROUP_ID_ffdhe20480x0100
 # define OSSL_TLS_GROUP_ID_ffdhe30720x0101
 # define OSSL_TLS_GROUP_ID_ffdhe40960x0102
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 88565a7000..1a89bde851 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3607,8 +3607,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 int *cptr = parg;
 
 for (i = 0; i < clistlen; i++) {
+uint16_t cid = SSL_IS_TLS13(s)
+   ? ssl_group_id_tls13_to_internal(clist[i])
+   : clist[i];
 const TLS_GROUP_INFO *cinf
-= tls1_group_id_lookup(s->ctx, clist[i]);
+= tls1_group_id_lookup(s->ctx, cid);
 
 if (cinf != NULL)
 cptr[i] = tls1_group_id2nid(cinf->group_id, 1);
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 9b88140a28..ddae48b2af 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2169,6 +2169,9 @@ typedef enum downgrade_en {
 
 #define TLSEXT_SIGALG_ed25519   0x0807
 #define TLSEXT_SIGALG_ed448 0x0808
+#define TLSEXT_SIGALG_ecdsa_brainpoolP256r1_sha256  0x081a
+#define TLSEXT_SIGALG_ecdsa_brainpoolP384r1_sha384  0x081b
+#define TLSEXT_SIGALG_ecdsa_brainpoolP512r1_sha512  0x081c
 
 /* Known PSK key exchange modes */
 #define TLSEXT_KEX_MODE_KE  0x00
@@ -2642,6 +2645,8 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL 
*s);
 
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
 
+__owur uint16_t ssl_group_id_internal_to_tls13(uint16_t curve_id);
+__owur uint16_t ssl_group_id_tls13_to_internal(uint16_t curve_id);
 __owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t 
curve_id);
 __owur int tls1_group_id2nid(uint16_t group_id, int include_unknown);
 __owur uint16_t tls1_nid2group_id(int nid);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index bc437be26a..0ac8253be3 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1369,7 +1369,7 @@ static int final_key_share(SSL *s, unsigned int context, 
int sent)
 group_id = pgroups[i];
 
 if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
-  1))
+  2))
 break;
 }
 
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index b38c9ca684..d6d4e55ce7 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -224,6 +224,21 @

[openssl] OpenSSL_1_1_1-stable update

2021-11-23 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  6d022b04748c2a89b7f032a41965df19c584e0cf (commit)
  from  79ef18759a4f89af0b1e015766a73fa289095673 (commit)


- Log -
commit 6d022b04748c2a89b7f032a41965df19c584e0cf
Author: Bernd Edlinger 
Date:   Fri Nov 19 16:38:55 2021 +0100

Add a test case for duplicate engine loading

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17083)

---

Summary of changes:
 test/data.bin   |  4 
 test/recipes/20-test_dgst.t | 23 +--
 2 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 test/data.bin

diff --git a/test/data.bin b/test/data.bin
new file mode 100644
index 00..3442255280
--- /dev/null
+++ b/test/data.bin
@@ -0,0 +1,4 @@
+TEST DATA
+
+Please note that if a test involves a new testing executable,
+you will need to do some additions in test/build.info.
diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 13c2b3af4b..d1cbabe290 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -11,12 +11,12 @@ use strict;
 use warnings;
 
 use File::Spec;
-use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_file/;
 use OpenSSL::Test::Utils;
 
 setup("test_dgst");
 
-plan tests => 5;
+plan tests => 6;
 
 sub tsignverify {
 my $testtext = shift;
@@ -102,3 +102,22 @@ SKIP: {
 srctop_file("test","tested448pub.pem"));
 };
 }
+
+SKIP: {
+skip "dgst with engine is not supported by this OpenSSL build", 1
+if disabled("engine") || disabled("dynamic-engine");
+
+subtest "SHA1 generation by engine with `dgst` CLI" => sub {
+plan tests => 1;
+
+my $testdata = srctop_file('test', 'data.bin');
+# intentionally using -engine twice, please do not remove the 
duplicate line
+my @macdata = run(app(['openssl', 'dgst', '-sha1',
+   '-engine', $^O eq 'linux' ? 
bldtop_file("engines", "ossltest.so") : "ossltest",
+   '-engine', $^O eq 'linux' ? 
bldtop_file("engines", "ossltest.so") : "ossltest",
+   $testdata]), capture => 1);
+chomp(@macdata);
+my $expected = qr/SHA1\(\Q$testdata\E\)= 
000102030405060708090a0b0c0d0e0f10111213/;
+ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected 
($macdata[0]) vs ($expected)");
+}
+}

[openssl] OpenSSL_1_1_1-stable update

2021-11-22 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  9b06ebb1edfddffea083ba36090af7eb7cad207b (commit)
  from  c28bcc507be1b03523789218128383c3f2be (commit)


- Log -
commit 9b06ebb1edfddffea083ba36090af7eb7cad207b
Author: Bernd Edlinger 
Date:   Fri Nov 19 11:33:34 2021 +0100

Avoid loading of a dynamic engine twice

Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17073)

(cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)

---

Summary of changes:
 crypto/engine/eng_dyn.c   |  4 ++-
 crypto/engine/eng_lib.c   |  2 ++
 crypto/engine/eng_list.c  | 87 +++
 crypto/engine/eng_local.h |  9 +
 4 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 06e677290a..cb1a30799e 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -477,7 +477,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 engine_set_all_null(e);
 
 /* Try to bind the ENGINE onto our own ENGINE structure */
-if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
+|| !ctx->bind_engine(e, ctx->engine_id, &fns)) {
+engine_remove_dynamic_id(e, 1);
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;
 DSO_free(ctx->dynamic_dso);
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 5bd584c599..29da4a1699 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -67,6 +67,7 @@ void engine_set_all_null(ENGINE *e)
 e->load_pubkey = NULL;
 e->cmd_defns = NULL;
 e->flags = 0;
+e->dynamic_id = NULL;
 }
 
 int engine_free_util(ENGINE *e, int not_locked)
@@ -92,6 +93,7 @@ int engine_free_util(ENGINE *e, int not_locked)
  */
 if (e->destroy)
 e->destroy(e);
+engine_remove_dynamic_id(e, not_locked);
 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
 OPENSSL_free(e);
 return 1;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 1352fb7c96..4f9eb99d15 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -24,6 +24,12 @@
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
 
+/*
+ * The linked list of currently loaded dynamic engines.
+ */
+static ENGINE *engine_dyn_list_head = NULL;
+static ENGINE *engine_dyn_list_tail = NULL;
+
 /*
  * This cleanup function is only needed internally. If it should be called,
  * we register it with the "engine_cleanup_int()" stack to be called during
@@ -126,6 +132,85 @@ static int engine_list_remove(ENGINE *e)
 return 1;
 }
 
+/* Add engine to dynamic engine list. */
+int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
+  int not_locked)
+{
+int result = 0;
+ENGINE *iterator = NULL;
+
+if (e == NULL)
+return 0;
+
+if (e->dynamic_id == NULL && dynamic_id == NULL)
+return 0;
+
+if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
+return 0;
+
+if (dynamic_id != NULL) {
+iterator = engine_dyn_list_head;
+while (iterator != NULL) {
+if (iterator->dynamic_id == dynamic_id)
+goto err;
+iterator = iterator->next;
+}
+if (e->dynamic_id != NULL)
+goto err;
+e->dynamic_id = dynamic_id;
+}
+
+if (engine_dyn_list_head == NULL) {
+/* We are adding to an empty list. */
+if (engine_dyn_list_tail != NULL)
+goto err;
+engine_dyn_list_head = e;
+e->prev_dyn = NULL;
+} else {
+/* We are adding to the tail of an existing list. */
+if (engine_dyn_list_tail == NULL
+|| engine_dyn_list_tail->next_dyn != NULL)
+goto err;
+engine_dyn_list_tail->next_dyn = e;
+e->prev_dyn = engine_dyn_list_tail;
+}
+
+engine_dyn_list_tail = e;
+e->next_dyn = NULL;
+result = 1;
+
+ err:
+if (not_locked)
+CRYPTO_THREAD_unlock(global_engine_lock);
+return result;
+}
+
+/* Remove engine from dynamic engine list. */
+void engine_remove_dynamic_id(ENGINE *e, int not_locked)
+{
+if (e == NULL || e->dynamic_id == NULL)
+return;
+
+if (not_locked && !CRYPTO_THREAD_write_lock(global_eng

[openssl] openssl-3.0 update

2021-11-22 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  38e2957249c90317a26a080c7e7eb186dd5b6598 (commit)
  from  81c11349c2a0e945aa3dfc6bd81c957363dd2011 (commit)


- Log -
commit 38e2957249c90317a26a080c7e7eb186dd5b6598
Author: Bernd Edlinger 
Date:   Fri Nov 19 16:38:55 2021 +0100

Add a test case for duplicate engine loading

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17073)

(cherry picked from commit 2595eef82c2b67ea75cc3368529078b643a1ecb6)

---

Summary of changes:
 test/recipes/20-test_dgst.t | 23 +--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t
index 5af74aec2a..e72038d852 100644
--- a/test/recipes/20-test_dgst.t
+++ b/test/recipes/20-test_dgst.t
@@ -12,12 +12,12 @@ use warnings;
 
 use File::Spec;
 use File::Basename;
-use OpenSSL::Test qw/:DEFAULT with srctop_file/;
+use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_file/;
 use OpenSSL::Test::Utils;
 
 setup("test_dgst");
 
-plan tests => 9;
+plan tests => 10;
 
 sub tsignverify {
 my $testtext = shift;
@@ -103,6 +103,25 @@ SKIP: {
 };
 }
 
+SKIP: {
+skip "dgst with engine is not supported by this OpenSSL build", 1
+if disabled("engine") || disabled("dynamic-engine");
+
+subtest "SHA1 generation by engine with `dgst` CLI" => sub {
+plan tests => 1;
+
+my $testdata = srctop_file('test', 'data.bin');
+# intentionally using -engine twice, please do not remove the 
duplicate line
+my @macdata = run(app(['openssl', 'dgst', '-sha1',
+   '-engine', $^O eq 'linux' ? 
bldtop_file("engines", "ossltest.so") : "ossltest",
+   '-engine', $^O eq 'linux' ? 
bldtop_file("engines", "ossltest.so") : "ossltest",
+   $testdata]), capture => 1);
+chomp(@macdata);
+my $expected = qr/SHA1\(\Q$testdata\E\)= 
000102030405060708090a0b0c0d0e0f10111213/;
+ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected 
($macdata[0]) vs ($expected)");
+}
+}
+
 subtest "HMAC generation with `dgst` CLI" => sub {
 plan tests => 2;

[openssl] openssl-3.0 update

2021-11-22 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  81c11349c2a0e945aa3dfc6bd81c957363dd2011 (commit)
  from  fd6a1e21f906883d0cc7ebef7826cf2f55f87832 (commit)


- Log -
commit 81c11349c2a0e945aa3dfc6bd81c957363dd2011
Author: Bernd Edlinger 
Date:   Fri Nov 19 11:33:34 2021 +0100

Avoid loading of a dynamic engine twice

Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17073)

(cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)

---

Summary of changes:
 crypto/engine/eng_dyn.c   |  4 ++-
 crypto/engine/eng_lib.c   |  2 ++
 crypto/engine/eng_list.c  | 87 +++
 crypto/engine/eng_local.h |  9 +
 4 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index f401063d37..c8a54f7d44 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -484,7 +484,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 engine_set_all_null(e);
 
 /* Try to bind the ENGINE onto our own ENGINE structure */
-if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
+|| !ctx->bind_engine(e, ctx->engine_id, &fns)) {
+engine_remove_dynamic_id(e, 1);
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;
 DSO_free(ctx->dynamic_dso);
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 44e997e77b..05c6a67c1e 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -65,6 +65,7 @@ void engine_set_all_null(ENGINE *e)
 e->load_pubkey = NULL;
 e->cmd_defns = NULL;
 e->flags = 0;
+e->dynamic_id = NULL;
 }
 
 int engine_free_util(ENGINE *e, int not_locked)
@@ -90,6 +91,7 @@ int engine_free_util(ENGINE *e, int not_locked)
  */
 if (e->destroy)
 e->destroy(e);
+engine_remove_dynamic_id(e, not_locked);
 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
 OPENSSL_free(e);
 return 1;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index fec0ef7129..04c73c7628 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -27,6 +27,12 @@
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
 
+/*
+ * The linked list of currently loaded dynamic engines.
+ */
+static ENGINE *engine_dyn_list_head = NULL;
+static ENGINE *engine_dyn_list_tail = NULL;
+
 /*
  * This cleanup function is only needed internally. If it should be called,
  * we register it with the "engine_cleanup_int()" stack to be called during
@@ -128,6 +134,85 @@ static int engine_list_remove(ENGINE *e)
 return 1;
 }
 
+/* Add engine to dynamic engine list. */
+int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
+  int not_locked)
+{
+int result = 0;
+ENGINE *iterator = NULL;
+
+if (e == NULL)
+return 0;
+
+if (e->dynamic_id == NULL && dynamic_id == NULL)
+return 0;
+
+if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
+return 0;
+
+if (dynamic_id != NULL) {
+iterator = engine_dyn_list_head;
+while (iterator != NULL) {
+if (iterator->dynamic_id == dynamic_id)
+goto err;
+iterator = iterator->next;
+}
+if (e->dynamic_id != NULL)
+goto err;
+e->dynamic_id = dynamic_id;
+}
+
+if (engine_dyn_list_head == NULL) {
+/* We are adding to an empty list. */
+if (engine_dyn_list_tail != NULL)
+goto err;
+engine_dyn_list_head = e;
+e->prev_dyn = NULL;
+} else {
+/* We are adding to the tail of an existing list. */
+if (engine_dyn_list_tail == NULL
+|| engine_dyn_list_tail->next_dyn != NULL)
+goto err;
+engine_dyn_list_tail->next_dyn = e;
+e->prev_dyn = engine_dyn_list_tail;
+}
+
+engine_dyn_list_tail = e;
+e->next_dyn = NULL;
+result = 1;
+
+ err:
+if (not_locked)
+CRYPTO_THREAD_unlock(global_engine_lock);
+return result;
+}
+
+/* Remove engine from dynamic engine list. */
+void engine_remove_dynamic_id(ENGINE *e, int not_locked)
+{
+if (e == NULL || e->dynamic_id == NULL)
+return;
+
+if (not_locked && !CRYPTO_THREAD_write_lock(global_eng

[openssl] master update

2021-11-22 Thread bernd . edlinger

The branch master has been updated
   via  2595eef82c2b67ea75cc3368529078b643a1ecb6 (commit)
   via  e2571e02d2b0cd83ed1c79d384fe941f27e603c0 (commit)
  from  4599ea9fe31953c0c50738ed4b91ade76a693356 (commit)


- Log -
commit 2595eef82c2b67ea75cc3368529078b643a1ecb6
Author: Bernd Edlinger 
Date:   Fri Nov 19 16:38:55 2021 +0100

Add a test case for duplicate engine loading

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17073)

commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0
Author: Bernd Edlinger 
Date:   Fri Nov 19 11:33:34 2021 +0100

Avoid loading of a dynamic engine twice

Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.

Fixes #17023

Reviewed-by: Tomas Mraz 
Reviewed-by: Dmitry Belyavskiy 
(Merged from https://github.com/openssl/openssl/pull/17073)

---

Summary of changes:
 crypto/engine/eng_dyn.c |  4 ++-
 crypto/engine/eng_lib.c |  2 ++
 crypto/engine/eng_list.c| 87 +
 crypto/engine/eng_local.h   |  9 +
 test/recipes/20-test_dgst.t | 23 ++--
 5 files changed, 122 insertions(+), 3 deletions(-)

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index f401063d37..c8a54f7d44 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -484,7 +484,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 engine_set_all_null(e);
 
 /* Try to bind the ENGINE onto our own ENGINE structure */
-if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
+|| !ctx->bind_engine(e, ctx->engine_id, &fns)) {
+engine_remove_dynamic_id(e, 1);
 ctx->bind_engine = NULL;
 ctx->v_check = NULL;
 DSO_free(ctx->dynamic_dso);
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 44e997e77b..05c6a67c1e 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -65,6 +65,7 @@ void engine_set_all_null(ENGINE *e)
 e->load_pubkey = NULL;
 e->cmd_defns = NULL;
 e->flags = 0;
+e->dynamic_id = NULL;
 }
 
 int engine_free_util(ENGINE *e, int not_locked)
@@ -90,6 +91,7 @@ int engine_free_util(ENGINE *e, int not_locked)
  */
 if (e->destroy)
 e->destroy(e);
+engine_remove_dynamic_id(e, not_locked);
 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
 OPENSSL_free(e);
 return 1;
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index fec0ef7129..04c73c7628 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -27,6 +27,12 @@
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
 
+/*
+ * The linked list of currently loaded dynamic engines.
+ */
+static ENGINE *engine_dyn_list_head = NULL;
+static ENGINE *engine_dyn_list_tail = NULL;
+
 /*
  * This cleanup function is only needed internally. If it should be called,
  * we register it with the "engine_cleanup_int()" stack to be called during
@@ -128,6 +134,85 @@ static int engine_list_remove(ENGINE *e)
 return 1;
 }
 
+/* Add engine to dynamic engine list. */
+int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
+  int not_locked)
+{
+int result = 0;
+ENGINE *iterator = NULL;
+
+if (e == NULL)
+return 0;
+
+if (e->dynamic_id == NULL && dynamic_id == NULL)
+return 0;
+
+if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
+return 0;
+
+if (dynamic_id != NULL) {
+iterator = engine_dyn_list_head;
+while (iterator != NULL) {
+if (iterator->dynamic_id == dynamic_id)
+goto err;
+iterator = iterator->next;
+}
+if (e->dynamic_id != NULL)
+goto err;
+e->dynamic_id = dynamic_id;
+}
+
+if (engine_dyn_list_head == NULL) {
+/* We are adding to an empty list. */
+if (engine_dyn_list_tail != NULL)
+goto err;
+engine_dyn_list_head = e;
+e->prev_dyn = NULL;
+} else {
+/* We are adding to the tail of an existing list. */
+if (engine_dyn_list_tail == NULL
+|| engine_dyn_list_tail->next_dyn != NULL)
+goto err;
+engine_dyn_list_tail->next_dyn = e;
+e->prev_dyn = engine_dyn_list_tail;
+}
+
+engine_dyn_list_tail = e;
+e->next_dyn = NULL;
+result = 1;
+
+ err:
+if (not_l

[openssl] OpenSSL_1_1_1-stable update

2021-11-04 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  80e52bb852673cf6f1908549ff9960d02a644d51 (commit)
  from  bdaf55d0850056fcf3362e5dc1c868f2c8324f25 (commit)


- Log -
commit 80e52bb852673cf6f1908549ff9960d02a644d51
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:19:39 2021 +0100

Fix a memory leak in ssl_create_cipher_list

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16955)

---

Summary of changes:
 ssl/ssl_ciph.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 735a483c64..0820f2cd0c 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1601,6 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const 
SSL_METHOD *ssl_method,
 for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
 if (!sk_SSL_CIPHER_push(cipherstack,
 sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+OPENSSL_free(co_list);
 sk_SSL_CIPHER_free(cipherstack);
 return NULL;
 }

[openssl] openssl-3.0 update

2021-11-04 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  7aa5f7439fe045527db63d2b3ad99135b15f467c (commit)
  from  145d5d18b5790ee8ff16d11dd1aea5a105eee0ec (commit)


- Log -
commit 7aa5f7439fe045527db63d2b3ad99135b15f467c
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:19:39 2021 +0100

Fix a memory leak in ssl_create_cipher_list

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16954)

(cherry picked from commit 3a069c1b0b4857b838186aeb55378195dfa50823)

---

Summary of changes:
 ssl/ssl_ciph.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index dd22e57c59..be7a969071 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1638,6 +1638,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
 }
 
 if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
+OPENSSL_free(co_list);
 sk_SSL_CIPHER_free(cipherstack);
 return NULL;
 }

[openssl] master update

2021-11-04 Thread bernd . edlinger

The branch master has been updated
   via  3a069c1b0b4857b838186aeb55378195dfa50823 (commit)
  from  b3c34401c088dc247b8b54ea812e7cdde6caf361 (commit)


- Log -
commit 3a069c1b0b4857b838186aeb55378195dfa50823
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:19:39 2021 +0100

Fix a memory leak in ssl_create_cipher_list

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16954)

---

Summary of changes:
 ssl/ssl_ciph.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b2a5fb077e..c396f69c3a 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1643,6 +1643,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
 }
 
 if (!sk_SSL_CIPHER_push(cipherstack, sslc)) {
+OPENSSL_free(co_list);
 sk_SSL_CIPHER_free(cipherstack);
 return NULL;
 }

[openssl] OpenSSL_1_1_1-stable update

2021-11-04 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  bdaf55d0850056fcf3362e5dc1c868f2c8324f25 (commit)
  from  afbea17ded816aba6d7106671b405de82da5c6f3 (commit)


- Log -
commit bdaf55d0850056fcf3362e5dc1c868f2c8324f25
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:40:59 2021 +0100

Fix a memory leak in tls_parse_stoc_key_share

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16957)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index ce8a75794c..621fcfa561 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1872,6 +1872,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, 
unsigned int context, X509 *x,
 if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
  ERR_R_MALLOC_FAILURE);
+EVP_PKEY_free(skey);
 return 0;
 }
 if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),

[openssl] openssl-3.0 update

2021-11-04 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  145d5d18b5790ee8ff16d11dd1aea5a105eee0ec (commit)
  from  42dd2d1b719cad4359157f244270386ada781420 (commit)


- Log -
commit 145d5d18b5790ee8ff16d11dd1aea5a105eee0ec
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:40:59 2021 +0100

Fix a memory leak in tls_parse_stoc_key_share

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16956)

(cherry picked from commit b3c34401c088dc247b8b54ea812e7cdde6caf361)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 78cc226064..b38c9ca684 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1830,6 +1830,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, 
unsigned int context, X509 *x,
 skey = EVP_PKEY_new();
 if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COPY_PARAMETERS_FAILED);
+EVP_PKEY_free(skey);
 return 0;
 }

[openssl] master update

2021-11-04 Thread bernd . edlinger

The branch master has been updated
   via  b3c34401c088dc247b8b54ea812e7cdde6caf361 (commit)
  from  3841d0f6f02e1ad3a54beabf1d5395bd1c383254 (commit)


- Log -
commit b3c34401c088dc247b8b54ea812e7cdde6caf361
Author: Bernd Edlinger 
Date:   Wed Nov 3 09:40:59 2021 +0100

Fix a memory leak in tls_parse_stoc_key_share

Reviewed-by: Paul Dale 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/16956)

---

Summary of changes:
 ssl/statem/extensions_clnt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 78cc226064..b38c9ca684 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1830,6 +1830,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, 
unsigned int context, X509 *x,
 skey = EVP_PKEY_new();
 if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COPY_PARAMETERS_FAILED);
+EVP_PKEY_free(skey);
 return 0;
 }

[openssl] openssl-3.0 update

2021-10-14 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  7c8826032a5fedcaef9bc4a5e37eebad27599e08 (commit)
  from  1ca2bd42afc584c6eb9d909852d666ae634e638b (commit)


- Log -
commit 7c8826032a5fedcaef9bc4a5e37eebad27599e08
Author: Bernd Edlinger 
Date:   Tue Oct 12 19:38:14 2021 +0200

Fix a memory leak reported in CIFuzz

Direct leak of 4 byte(s) in 1 object(s) allocated from:
 #0 0x4a067d in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
 #6 0x56adf5 in NCONF_load_bio 
/src/openssl/crypto/conf/conf_lib.c:282:12
 #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
 #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
 #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned long) cxa_noexception.cpp
 #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, 
unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
 #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned 
char const*, unsigned long)) cxa_noexception.cpp
 #12 0x52ac82 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16813)

(cherry picked from commit 74b485848a608383d8d37c04480821ea7b613110)

---

Summary of changes:
 crypto/conf/conf_def.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7b67854c8b..1832cf535f 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -474,6 +474,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 if (conf->flag_abspath
 && !ossl_is_absolute_path(include_path)) {
 ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
+OPENSSL_free(include_path);
 goto err;
 }

[openssl] master update

2021-10-14 Thread bernd . edlinger

The branch master has been updated
   via  19b30f1c596a8df2a522f9d6dfc1c1782790fc78 (commit)
   via  74b485848a608383d8d37c04480821ea7b613110 (commit)
  from  a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c (commit)


- Log -
commit 19b30f1c596a8df2a522f9d6dfc1c1782790fc78
Author: Bernd Edlinger 
Date:   Wed Oct 13 06:37:46 2021 +0200

Fix another memory leak reported in CIFuzz

Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned long) cxa_noexception.cpp
#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, 
unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned 
char const*, unsigned long)) cxa_noexception.cpp
#10 0x52ac82 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f15336bf0b2 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16813)

commit 74b485848a608383d8d37c04480821ea7b613110
Author: Bernd Edlinger 
Date:   Tue Oct 12 19:38:14 2021 +0200

Fix a memory leak reported in CIFuzz

Direct leak of 4 byte(s) in 1 object(s) allocated from:
 #0 0x4a067d in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
 #1 0x57af0d in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
 #2 0x57af0d in CRYPTO_realloc /src/openssl/crypto/mem.c:207:16
 #3 0x569d17 in BUF_MEM_grow /src/openssl/crypto/buffer/buffer.c:97:15
 #4 0x5c3629 in str_copy /src/openssl/crypto/conf/conf_def.c:642:10
 #5 0x5c1cc1 in def_load_bio /src/openssl/crypto/conf/conf_def.c:452:22
 #6 0x56adf5 in NCONF_load_bio 
/src/openssl/crypto/conf/conf_lib.c:282:12
 #7 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
 #8 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
 #9 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned long) cxa_noexception.cpp
 #10 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, 
unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
 #11 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned 
char const*, unsigned long)) cxa_noexception.cpp
 #12 0x52ac82 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16813)

---

Summary of changes:
 crypto/conf/conf_api.c | 7 +--
 crypto/conf/conf_def.c | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index e4e305c714..7a4efe6dbb 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -135,7 +135,11 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
 
 void _CONF_free_data(CONF *conf)
 {
-if (conf == NULL || conf->data == NULL)
+if (conf == NULL)
+return;
+
+OPENSSL_free(conf->includedir);
+if (conf->data == NULL)
 return;
 
 /* evil thing to make sure the 'OPENSSL_free()' works as expected */
@@ -147,7 +151,6 @@ void _CONF_free_data(CONF *conf)
  * with
  */
 
-OPENSSL_free(conf->includedir);
 lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
 lh_CONF_VALUE_free(conf->data);
 }
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 7b67854c8b..c05c3c6b10 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -424,6 +424,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 if (!parsebool(pval, &conf->flag_abspath))
 goto err;
 } else if (strcmp(p, "includedir") == 0) {
+OPENSSL_free(conf->includedir);
 if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
 ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
 goto err;
@@ -474,6 +475,7 @@ static int def_load_bio(CONF *conf, BIO *in,

[openssl] openssl-3.0 update

2021-10-14 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  09fc3420b5eb2efe90c01e03715e00b361b9e6ab (commit)
  from  7c8826032a5fedcaef9bc4a5e37eebad27599e08 (commit)


- Log -
commit 09fc3420b5eb2efe90c01e03715e00b361b9e6ab
Author: Bernd Edlinger 
Date:   Wed Oct 13 06:37:46 2021 +0200

Fix another memory leak reported in CIFuzz

Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4a067d in __interceptor_malloc 
/src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3
#1 0x57acd9 in CRYPTO_malloc /src/openssl/crypto/mem.c:184:12
#2 0x57e106 in CRYPTO_strdup /src/openssl/crypto/o_str.c:24:11
#3 0x5c139f in def_load_bio /src/openssl/crypto/conf/conf_def.c:427:45
#4 0x56adf5 in NCONF_load_bio /src/openssl/crypto/conf/conf_lib.c:282:12
#5 0x4d96cf in FuzzerTestOneInput /src/openssl/fuzz/conf.c:38:5
#6 0x4d9830 in LLVMFuzzerTestOneInput /src/openssl/fuzz/driver.c:28:12
#7 0x510c23 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, 
unsigned long) cxa_noexception.cpp
#8 0x4fc4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, 
unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#9 0x501f85 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned 
char const*, unsigned long)) cxa_noexception.cpp
#10 0x52ac82 in main 
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f15336bf0b2 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16813)

(cherry picked from commit 19b30f1c596a8df2a522f9d6dfc1c1782790fc78)

---

Summary of changes:
 crypto/conf/conf_api.c | 7 +--
 crypto/conf/conf_def.c | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index e4e305c714..7a4efe6dbb 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -135,7 +135,11 @@ IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
 
 void _CONF_free_data(CONF *conf)
 {
-if (conf == NULL || conf->data == NULL)
+if (conf == NULL)
+return;
+
+OPENSSL_free(conf->includedir);
+if (conf->data == NULL)
 return;
 
 /* evil thing to make sure the 'OPENSSL_free()' works as expected */
@@ -147,7 +151,6 @@ void _CONF_free_data(CONF *conf)
  * with
  */
 
-OPENSSL_free(conf->includedir);
 lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
 lh_CONF_VALUE_free(conf->data);
 }
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 1832cf535f..c05c3c6b10 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -424,6 +424,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 if (!parsebool(pval, &conf->flag_abspath))
 goto err;
 } else if (strcmp(p, "includedir") == 0) {
+OPENSSL_free(conf->includedir);
 if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
 ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
 goto err;

[openssl] openssl-3.0 update

2021-10-11 Thread bernd . edlinger

The branch openssl-3.0 has been updated
   via  14fd5a0d55652a7539c66df18d1120baed42248e (commit)
  from  549675c54686b8fb0527720abf760313a78a1ae7 (commit)


- Log -
commit 14fd5a0d55652a7539c66df18d1120baed42248e
Author: Bernd Edlinger 
Date:   Sun May 24 16:14:02 2020 +0200

Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c

This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.

[extended tests]

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16693)

(cherry picked from commit 64da15c40d15aac58e211fd25d00e9ae84d0379b)

---

Summary of changes:
 engines/e_ossltest.c | 216 +++
 ssl/record/ssl3_record.c |  23 ++---
 ssl/record/tls_pad.c |   2 -
 ssl/tls_depr.c   |  10 ++-
 4 files changed, 210 insertions(+), 41 deletions(-)

diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index 8479414f01..0506faa628 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -38,6 +38,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "e_ossltest_err.c"
 
@@ -247,21 +248,39 @@ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **,
 const int **, int);
 
 static int ossltest_cipher_nids[] = {
-NID_aes_128_cbc, NID_aes_128_gcm, 0
+NID_aes_128_cbc, NID_aes_128_gcm,
+NID_aes_128_cbc_hmac_sha1, 0
 };
 
 /* AES128 */
 
-int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-   const unsigned char *in, size_t inl);
-int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-   const unsigned char *in, size_t inl);
+static int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx,
+const unsigned char *key,
+const unsigned char *iv, int enc);
+static int ossltest_aes128_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  const unsigned char *in, size_t inl);
+static int ossltest_aes128_gcm_init_key(EVP_CIPHER_CTX *ctx,
+const unsigned char *key,
+const unsigned char *iv, int enc);
+static int ossltest_aes128_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  const unsigned char *in, size_t inl);
 static int ossltest_aes128_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
 void *ptr);
+static int ossltest_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+  const unsigned char *key,
+  const unsigned char *iv,
+  int enc);
+static int ossltest_aes128_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+const unsigned char *in,
+size_t inl);
+static int ossltest_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type,
+  int arg, void *ptr);
+
+typedef struct {
+size_t payload_length;  /* AAD length in decrypt case */
+unsigned int tls_ver;
+} EVP_AES_HMAC_SHA1;
 
 static EVP_CIPHER *_hidden_aes_128_cbc = NULL;
 static const EVP_CIPHER *ossltest_aes_128_cbc(void)
@@ -285,6 +304,7 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void)
 }
 return _hidden_aes_128_cbc;
 }
+
 static EVP_CIPHER *_hidden_aes_128_gcm = NULL;
 
 #define AES_GCM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1 \
@@ -315,11 +335,45 @@ static const EVP_CIPHER *ossltest_aes_128_gcm(void)
 return _hidden_aes_128_gcm;
 }
 
+static EVP_CIPHER *_hidden_aes_128_cbc_hmac_sha1 = NULL;
+
+static const EVP_CIPHER *ossltest_aes_128_cbc_hmac_sha1(void)
+{
+if (_hidden_aes_128_cbc_hmac_sha1 == NULL
+&& ((_hidden_aes_128_cbc_hmac_sha1
+ = EVP_CIPHER_meth_new(NID_aes_128_cbc_hmac_sha1,
+   16 /* block size */,
+   16 /* key len */)) == NULL
+|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
+|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
+   EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+   EVP_CIP

[openssl] OpenSSL_1_1_1-stable update

2021-10-07 Thread bernd . edlinger

The branch OpenSSL_1_1_1-stable has been updated
   via  14357a51130510d87fe5f31e45baaf70bd5c9027 (commit)
  from  503eb0e108ca5819dacd5ae171aedd37268654d9 (commit)


- Log -
commit 14357a51130510d87fe5f31e45baaf70bd5c9027
Author: Bernd Edlinger 
Date:   Tue Oct 5 21:38:55 2021 +0200

Fix double-free in e_dasync.c

When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16751)

---

Summary of changes:
 engines/e_dasync.c | 21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 07793037df..1f5d4117f2 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e)
 || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
   EVP_CIPH_FLAG_DEFAULT_ASN1
   | EVP_CIPH_CBC_MODE
-  | EVP_CIPH_FLAG_PIPELINE)
+  | EVP_CIPH_FLAG_PIPELINE
+  | EVP_CIPH_CUSTOM_COPY)
 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
  dasync_aes128_init_key)
 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
@@ -270,7 +271,8 @@ static int bind_dasync(ENGINE *e)
 EVP_CIPH_CBC_MODE
   | EVP_CIPH_FLAG_DEFAULT_ASN1
   | EVP_CIPH_FLAG_AEAD_CIPHER
-  | EVP_CIPH_FLAG_PIPELINE)
+  | EVP_CIPH_FLAG_PIPELINE
+  | EVP_CIPH_CUSTOM_COPY)
 || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
  dasync_aes128_cbc_hmac_sha1_init_key)
 || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
@@ -629,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, 
int type, int arg,
 }
 }
 
+case EVP_CTRL_COPY:
+{
+const EVP_CIPHER *cipher = aeadcapable
+   ? EVP_aes_128_cbc_hmac_sha1()
+   : EVP_aes_128_cbc();
+size_t data_size = EVP_CIPHER_impl_ctx_size(cipher);
+void *cipher_data = OPENSSL_malloc(data_size);
+
+if (cipher_data == NULL)
+return 0;
+memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size);
+pipe_ctx->inner_cipher_data = cipher_data;
+return 1;
+}
+
 default:
 return 0;
 }

1 2 3 4 5 6 >

1 - 100 of 510 matches

Mail list logo