1.1.1n merge #361
Merged
1.1.1n merge #361
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When encountering a badly coded item, the DER printer (ASN1_print_dump()) sets a flag to ensure that an additional hex dump of the offending content is printed as part of the output. Unfortunately, this flag is never reset, which means that all following items are printed with the extra hex dump, whether they are faulty or not. Resetting the flag after hex dumping ensures that only the faulty contents are printed with the additional hex dump. Fixes openssl#14626 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#14627) (cherry picked from commit 6e34a10)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14639)
…urve The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates with explicitly encoded elliptic curve parameters in the chain was added to the strict checks. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then a subsequent check that the certificate is consistent with that purpose also checks that it is a valid CA. Therefore where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overriden by an application. Affected applications explicitly set the X509_V_FLAG_X509_STRICT verification flag and either do not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose to make it not set. CVE-2021-3450 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Previously TLSProxy only knew how to "repack" messages for TLSv1.3. Most of the handshake in <= TLSv1.2 is unencrypted so this hasn't been too much of restriction. However we now want to modify reneg handshakes which are encrypted so we need to add that capability. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
We perform a reneg handshake, where the second ClientHello drops the sig_algs extension. It must also contain cert_sig_algs for the test to work. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
As the variable peer_sigalgslen is not cleared on ssl rehandshake, it's possible to crash an openssl tls secured server remotely by sending a manipulated hello message in a rehandshake. On such a manipulated rehandshake, tls1_set_shared_sigalgs() calls tls12_shared_sigalgs() with the peer_sigalgslen of the previous handshake, while the peer_sigalgs has been freed. As a result tls12_shared_sigalgs() walks over the available peer_sigalgs and tries to access data of a NULL pointer. This issue was introduced by c589c34 (Add support for the TLS 1.3 signature_algorithms_cert extension, 2018-01-11). Signed-off-by: Peter Kästle <peter.kaestle@nokia.com> Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com> CVE-2021-3449 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Following on from CVE-2021-3449 which was caused by a non-zero length associated with a NULL buffer, other buffer/length pairs are updated to ensure that they too are always in sync. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14719) (cherry picked from commit 7947a1e)
CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14718) (cherry picked from commit 2db9bef)
Commit 70a56b9 introduced a regression. If utils/mkdir-p.pl fails to create a target dir because of insufficient file system permissions, the subsequent test for dir existence always fails and overwrites the system error. As a result, a user is presented with a misleading error message. E.g. if a user tries to create a dir under /usr/local and does not have permissions for it, the reported error message is "Cannot create directory /usr/local/lib: No such file or directory", whereas the expected error message is "Cannot create directory /usr/local/lib: Permission denied". This commit introduces a fix by declaring an additional local variable to cache the original error message from mkdir. If -d check fails and overwrites the system error, the user is still presented with the original error from mkdir. CLA: Trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14487) (cherry picked from commit af2e1e9)
CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14499) (cherry picked from commit 6635ea5)
Since BIO_do_connect() and BIO_do_handshake() are same, no need to invoke BIO_do_handshake() once more after BIO_do_connect(). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14725) (cherry picked from commit 975e37c)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14758) (cherry picked from commit 493e789)
CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14783) (cherry picked from commit 4c979cb)
If using crl2pkcs7 -nocrl and with no -certfiles, we shouldn't include the implicitly tagged [0] certs and [1] crls sets as they are marked optional and would be empty. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14781) (cherry picked from commit d3a5898)
It's possible to set an invalid protocol list that will be sent in a ClientHello. This validates the inputs to make sure this does not happen. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14679)
In function SRP_create_verifier_ex, it calls SRP_create_verifier_BN_ex(..., &v, ..) at line 653. In the implementation of SRP_create_verifier_BN_ex(), *verify (which is the paremeter of v) is allocated a pointer via BN_new() at line 738. And *verify is freed via BN_clear_free() at line 743, and return 0. Then the execution continues up to goto err at line 655, and the freed v is freed again at line 687. Bug reported by @Yunlongs Fixes openssl#14913 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14921) (cherry picked from commit b06450b)
In function int_ts_RESP_verify_token, if (flags & TS_VFY_DATA) is true, function ts_compute_imprint() will be called at line 299. In the implementation of ts_compute_imprint, it allocates md_alg at line 406. But after the allocation, if the execution goto err, then md_alg will be freed in the first time by X509_ALGOR_free at line 439. After that, ts_compute_imprint returns 0 and the execution goto err branch of int_ts_RESP_verify_token. In the err branch, md_alg will be freed in the second time at line 320. Bug reported by @Yunlongs Fixes openssl#14914 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14921) (cherry picked from commit db78c84)
In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481. If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8. In the nop8 branch, p8 is freed again at line 491. Bug reported by @Yunlongs Fixes openssl#14915 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14921) (cherry picked from commit efe8d69)
Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ . This causes c++ code that uses openssl to break on these compilers since _Noreturn is not a keyword in c++ . CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14944) (cherry picked from commit 1f3b58d)
Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14982)
Fixes openssl#14147 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#14982)
This file is outside the source tree, so we have no business removing it. This is especially concerning if that was the tarball the user had to create the source tree. Fixes openssl#14981 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#14985) (cherry picked from commit f58f7ec)
…reuse The 'sn' and 'ln' strings may be dynamically allocated, and the ASN1_OBJECT flags have a bit set to say this. If an ASN1_OBJECT with such strings is passed to d2i_ASN1_OBJECT() for reuse, the strings must be freed, or there is a memory leak. Fixes openssl#14667 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from openssl#14938)
Fixes openssl#14667 Reworked test supplied by @smcpeak into a unit test. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#14938)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from openssl#15098)
This problem happens usually because an application links libcrypto and/or libssl statically which installs an atexit handler, but later an engine using a shared instance of libcrypto is installed. The problem is in simple words that both instances of libcrypto have an atexit handler installed, but both are unable to coordinate with each other, which causes a crash, typically a use-after-free in the engine's destroy function. Work around that by preventing the engine's libcrypto to install the atexit handler. This may result in a small memory leak, but that memory is still reachable. Fixes openssl#15898 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17541)
if the newly loaded engine contains the symbol EVP_PKEY_get_base_id, we know it is linked to 3.x openssl. Abort loading this engine, as it will definitely crash. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17541)
Since the potential failure of memory allocation, it should be better to check the return value of the OPENSSL_strndup(), like x509v3_add_len_value(). And following the comment of 'if (astrlen < 0)', return -1 if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17737) (cherry picked from commit 366a162)
Fixes openssl#12491. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17744) (cherry picked from commit 8bfb750)
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer if BIGNUM argument m represents zero. Regression test added. Fixes openssl#17648. Backport from master to 1.1. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17787)
copy_argv was never initialization code. Make it self-cleaning too. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17746)
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already marked as aliases of each other in the headers. This commit, for each pair, replaces the leftover uses of the latter synonym with the first one, which is considered more common. (manually cherry picked from commit 66914fc) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17791)
…VEL >= 3 Fixes openssl#17743 (manually cherry picked from commit b139a95) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17791)
(manually cherry picked from commit d71151a) Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17791)
Documents a bug in openssl cms -binary for 1.1 whereby it cannot process input using LF line endings correctly. Binary input processing was reworked substantially for 3.0 and backporting these changes doesn't appear reasonable. Fixes openssl#17797. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17810)
Resolves openssl#17827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17828) (cherry picked from commit 1753559)
If TCP is being used, protocol = 0 is passed to init_client(), then protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#17838) (cherry picked from commit 54b6755)
This was previously fixed in 3.0 but not 1.1. Fixes openssl#13008. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17808)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from openssl#17854) (cherry picked from commit 2cb5211)
Make its value an absolute path. This was already fixed in all other build file templates, but for some reason, not here. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#17865)
…stic Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17861) (cherry picked from commit abdb227)
The calculation in some cases does not finish for non-prime p. This fixes CVE-2022-0778. Based on patch by David Benjamin <davidben@google.com>. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
dstebila
approved these changes
Mar 15, 2022
christianpaquin
approved these changes
Mar 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #360