| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23422)
|
|
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
(cherry picked from commit ea6268cfceaba24328d66bd14bfc97c4fac14a58)
|
|
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
(cherry picked from commit 8a85df7c60ba1372ee98acc5982e902d75f52130)
|
|
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
(cherry picked from commit 041962b429ebe748c8b6b7922980dfb6decfef26)
|
|
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
(cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3)
|
|
actions-rs/toolchain is unmaintained and generates warnings
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23232)
(cherry picked from commit cd5911a6b300453eefb4b6d9d797c9d1cdefb956)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 15f479e25f9591a2749fabb436dcdfb9304c5c7b)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 825b7cb16e0624d81421441949e843e9876c81f9)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 150b3b18dfde317621a6bf26acfe0d06193e52fd)
|
|
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 017c7cf2bb5f5461071d9e992eb3206c34a69c2c)
|
|
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
(cherry picked from commit a0826b184eed2dccc56cdf80e3e0bc061cc89ddc)
|
|
this could be triggered by the following code (assuming 64 bit time_t):
time_t t = 67768011791126057ULL;
ASN1_TIME* at = ASN1_TIME_set(NULL, t);
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
(cherry picked from commit 5b2d8bc28a8ff59689da98f31459819db09a9099)
|
|
this needs a sanitized 64 bit time_t build to be detected (or possibly
valgrind, trapv or similar)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
(cherry picked from commit 017fd465a4f01323465823a3dcf318553365dfdd)
|
|
Don't check the Max Fragment Length if the it hasn't been negotiated. We
were checking it anyway, and using the default value
(SSL3_RT_MAX_PLAIN_LENGTH). This works in most cases but KTLS can cause the
record length to actually exceed this in some cases.
Fixes #23169
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit c1decd62460072082833909a962892e5042b16bb)
|
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit 2cac2feff2612c0a324675d8151fea3e2d03397c)
|
|
Check that we can write and read back long app data records when using
KTLS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit 563f4be8976ea776ec4fb90d084e2ce80c92f0d1)
|
|
use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
(cherry picked from commit 66adaf2b31bb51e00ffad784f60bdf195e5dd736)
|
|
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
(cherry picked from commit ead44e19fa3ff7d189876081880f1adb3dfdf30b)
|
|
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
(cherry picked from commit 3e938453be47751d50917e25b8f7334b482844b3)
|
|
The regression was introduced in PR #22817.
In that pull request, the input length check was moved forward,
but the related ori instruction was missing, and it will cause
input of any length down to the much slower scalar implementation.
Fixes #23300
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23301)
(cherry picked from commit 971028535e6531c89449e06b1f6862c18f04ff91)
|
|
GNU/Hurd does not have IP_PKTINFO yet, thus SUPPORT_LOCAL_ADDR is undef,
data->local_addr_enabled never set to 1, and thus the M_METHOD_RECVMSG
method would end up raising BIO_R_LOCAL_ADDR_NOT_AVAILABLE immediately.
Fixes #22872
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23293)
(cherry picked from commit 2f85736e9c66248528f132d46508f06a0bb8dd88)
|
|
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)
(cherry picked from commit aac531e5daa2edec5d47e702a7f115cf77fe07f9)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)
(cherry picked from commit 575117efe1e0eb8073c2d26ae3dff8926be00591)
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit 38b2508f638787842750aec9a75745e1d8786743)
|
|
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
|
|
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
|
|
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)
(cherry picked from commit 441b3b7ba15d5dc6e034b030bd8b88ce596f53ba)
|
|
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23270)
(cherry picked from commit 6b92a966e0de3ad848fcf11fbcab7ee8cae24ba1)
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit d4d9b57530b2ecdca6b4263b5841b42c820e5275)
|
|
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit 1d490694dfa790d8e47f8f2ea62ea1d9b1251179)
|
|
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min
Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value. As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.
Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
(cherry picked from commit 0981c20f8efa68bf9d68d7715280f83812c19a7e)
|
|
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.
This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 3cb1b51dddf4deaf5e3886b827f3245d81670bc7)
|
|
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit f9ccd209c3d121668c51a992613c698f2a774cb3)
|
|
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.
Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 576a3572bebf6115df1c03527114cbf74d06f861)
|
|
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated). As such, document the fact that
re-initalization requires passing an IV parameter
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
(cherry picked from commit 7c1d533a512181b13de3bc0b7fa2fd8c481032d3)
|
|
Fixes #22818
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)
(cherry picked from commit 493ad484e9312b54d177d85e2f4aa0b636e708f0)
|
|
Fixes #23226
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)
(cherry picked from commit da840c3775f52fc9766c654b5ad6ee031ffc9fd9)
|
|
Fixes #23205
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)
(cherry picked from commit ff7b32e1d7af590eab3163f0c6be7792876c36bc)
|
|
Even in the good case there was memory leak here.
Add a simple test case to have at least some test coverage.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit 398011848468c7e8e481b295f7904afc30934217)
|
|
When a subsequent call to SXNET_add_id_asc fails
e.g. because user is a string larger than 64 char
or the zone is a duplicate zone id,
or the zone is not an integer,
a memory leak may be the result.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit 0151e772195fc03cce0f12e5e266e51dc15243a0)
|
|
The base type OSSL_PARAM getters will NULL deref if they are initalized
as null. Add NULL checks for those parameters that have no expectation
of returning null (int32/64/uint32/64/BN). Other types can be left as
allowing NULL, as a NULL setting may be meaningful (string, utf8str,
octet string, etc).
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23083)
(cherry picked from commit 806bbafe2df5b699feac6ef26e50c14e701950cf)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit 858c7bc210a406cc7f891ac2aed78692d2e02937)
|
|
Fixes CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f)
|
|
Fixes Coverity 1560046
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23211)
(cherry picked from commit 7054fc1ca3945342777f588fba43b77f669509ad)
|
|
The pointer size support is already in the code, and is present for
all other supported hardwares.
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit a43f253d586279b5d96fffcaf1b26c7a2b0dd938)
|
|
An effort was made to update the VMS installation data to align with
configuration data. This touched the script templates in VMS/, but
didn't update the generation of vmsconfig.pm to match... and also
missed a spot.
This change adds the missing updates
Ref:
https://github.com/openssl/openssl/pull/16842
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit 4058e121cbc6818235b0dcb618e636ce3c4d1f2f)
|
|
kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning. Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)
(cherry picked from commit 5963aa8c196d7c5a940a979299a07418527932af)
|
