Fix bn_gcd code to check return value when calling BN_one() #18697
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR openssl#18355
slontis
added
branch: master
github-actions
bot
added
the
severity: fips change
|
This one should go into 1.1.1 too. |
|
I did check the BN_zero() also :) (Which checks version is > 0.9.8) |
paulidale
approved these changes
Jul 1, 2022
paulidale
removed
the
approval: otc review pending
|
Yes, but interestingly |
t8m
approved these changes
Jul 1, 2022
t8m
added
approval: done
openssl-machine
added
approval: ready to merge
|
This pull request is ready to merge |
|
Merged master: 3.0: 1.1.1: |
openssl-machine
pushed a commit
that referenced
this pull request
Jul 5, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18697)
openssl-machine
pushed a commit
that referenced
this pull request
Jul 5, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18697) (cherry picked from commit 7fe7cc5)
openssl-machine
pushed a commit
that referenced
this pull request
Jul 5, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #18697) (cherry picked from commit 7fe7cc5)
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Jul 5, 2022
commit 29708a5 Author: Richard Levitte <levitte@openssl.org> Date: Tue Jul 5 11:08:33 2022 +0200 Prepare for 1.1.1q release Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes commit 95a17c0 Author: Richard Levitte <levitte@openssl.org> Date: Tue Jul 5 10:33:00 2022 +0200 Update copyright year Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes commit 78ba51a Author: Richard Levitte <levitte@openssl.org> Date: Tue Jul 5 10:25:00 2022 +0200 Update CHANGES and NEWS for upcoming release 1.1.1q Reviewed-by: Paul Dale <pauli@openssl.org> Release: yes commit 9131afd Author: Alex Chernyakhovsky <achernya@google.com> Date: Thu Jun 16 12:02:37 2022 +1000 AES OCB test vectors Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> commit 9199256 Author: Alex Chernyakhovsky <achernya@google.com> Date: Thu Jun 16 12:00:22 2022 +1000 Fix AES OCB encrypt/decrypt for x86 AES-NI aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path that performs operations on 6 16-byte blocks concurrently (the "grandloop") and then proceeds to handle the "short" tail (which can be anywhere from 0 to 5 blocks) that remain. As part of initialization, the assembly initializes $len to the true length, less 96 bytes and converts it to a pointer so that the $inp can be compared to it. Each iteration of "grandloop" checks to see if there's a full 96-byte chunk to process, and if so, continues. Once this has been exhausted, it falls through to "short", which handles the remaining zero to five blocks. Unfortunately, the jump at the end of "grandloop" had a fencepost error, doing a `jb` ("jump below") rather than `jbe` (jump below or equal). This should be `jbe`, as $inp is pointing to the *end* of the chunk currently being handled. If $inp == $len, that means that there's a whole 96-byte chunk waiting to be handled. If $inp > $len, then there's 5 or fewer 16-byte blocks left to be handled, and the fall-through is intended. The net effect of `jb` instead of `jbe` is that the last 16-byte block of the last 96-byte chunk was completely omitted. The contents of `out` in this position were never written to. Additionally, since those bytes were never processed, the authentication tag generated is also incorrect. The same fencepost error, and identical logic, exists in both aesni_ocb_encrypt and aesni_ocb_decrypt. This addresses CVE-2022-2097. Co-authored-by: Alejandro Sedeño <asedeno@google.com> Co-authored-by: David Benjamin <davidben@google.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> commit 6495cab Author: slontis <shane.lontis@oracle.com> Date: Fri Jul 1 13:47:11 2022 +1000 Fix bn_gcd code to check return value when calling BN_one() BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR openssl#18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18697) (cherry picked from commit 7fe7cc5) commit 7a05fcb Author: xkernel <xkernel.wang@foxmail.com> Date: Mon Jun 20 17:46:39 2022 +0800 v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from openssl#18608) (cherry picked from commit 9ef1f84) commit a1d80ed Author: Matt Caswell <matt@openssl.org> Date: Fri Jun 10 15:58:58 2022 +0100 Fix range_should_be_prefix() to actually return the correct result range_should_be_prefix() was misidentifying whether an IP address range should in fact be represented as a prefix. This was due to a bug introduced in commit 42d7d7d which made this incorrect change: - OPENSSL_assert(memcmp(min, max, length) <= 0); + if (memcmp(min, max, length) <= 0) + return -1; This error leads to incorrect DER being encoded/accepted. Reported by Theo Buehler (@botovq) Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18524) (cherry picked from commit 30532e5) (cherry picked from commit 2c6550c) commit 4c1cf6d Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Fri Jun 17 10:25:24 2022 +0200 Fix compile issues in test/v3ext.c with no-rfc3779 There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined, therefore the test cannot be compiled. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18634) (cherry picked from commit b76efe6) (cherry picked from commit 665ab12) commit 8825732 Author: olszomal <Malgorzata.Olszowka@stunnel.org> Date: Fri Jun 17 15:01:11 2022 +0200 SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *' Fix the documentation. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18599) (cherry picked from commit d842b6e) commit 6c8879c Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Wed Jun 22 17:05:55 2022 +0200 Fix a memory leak in EC_GROUP_new_from_ecparameters This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 openssl#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 openssl#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 openssl#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#26 0x402afb in testfile fuzz/test-corpus.c:182 openssl#27 0x402656 in main fuzz/test-corpus.c:226 openssl#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) ================================================================= ==12221==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#22 0x402afb in testfile fuzz/test-corpus.c:182 openssl#23 0x402656 in main fuzz/test-corpus.c:226 openssl#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) Indirect leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 openssl#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 openssl#23 0x402afb in testfile fuzz/test-corpus.c:182 openssl#24 0x402656 in main fuzz/test-corpus.c:226 openssl#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from openssl#18632) commit 7f77ecd Author: Matt Caswell <matt@openssl.org> Date: Tue Jun 21 14:39:48 2022 +0100 Prepare for 1.1.1q-dev Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes commit 8aaca20 Author: Matt Caswell <matt@openssl.org> Date: Tue Jun 21 14:39:39 2022 +0100 Prepare for 1.1.1p release Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes commit a3fc812 Author: Matt Caswell <matt@openssl.org> Date: Tue Jun 21 14:07:32 2022 +0100 Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes commit 51e0652 Author: Matt Caswell <matt@openssl.org> Date: Mon Jun 20 14:14:20 2022 +0100 Update CHANGES and NEWS for new release Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes commit 9639817 Author: Daniel Fiala <daniel@openssl.org> Date: Sun May 29 20:11:24 2022 +0200 Fix file operations in c_rehash. CVE-2022-2068 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> commit 20af01d Author: Fraser Tweedale <ftweedal@redhat.com> Date: Wed Jun 15 10:50:57 2022 +1000 Fix documentation of BIO_FLAGS_BASE64_NO_NL Commit 8bfb750 updated `BIO_f_base64(3)` to improve the documentation of the `BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text states that when this flag is used, all newlines in the input are ignored. This is incorrect, as the following program proves: ```c unsigned char *in_buf = "IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n"; int main(int argc, char **argv) { BIO *b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) return 1; BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL); int in_len = strlen(in_buf); BIO *in = BIO_new_mem_buf(in_buf, in_len); if (in == NULL) return 2; in = BIO_push(b64, in); unsigned char *out_buf = calloc(in_len, sizeof(unsigned char)); if (out_buf == NULL) return 3; size_t out_len; int r = BIO_read_ex(in, out_buf, in_len, &out_len); printf("rv = %d\n", r); printf("decoded = %s\n", out_buf); return 0; } ``` Update the text of `BIO_f_base64(3)` to clarify that when the flag is set, the data must be all on one line (with or without a trailing newline character). Signed-off-by: Fraser Tweedale <ftweedal@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18568) (cherry picked from commit 0edcbac) commit 8438d3a Author: Tomas Mraz <tomas@openssl.org> Date: Thu Jun 9 16:20:05 2022 +0200 Add an extra reduction step to RSAZ mod_exp implementations Inspired by BoringSSL fix by David Benjamin. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18511) commit 0ed27fb Author: Tomas Mraz <tomas@openssl.org> Date: Thu Jun 9 12:34:55 2022 +0200 Always end BN_mod_exp_mont_consttime with normal Montgomery reduction. This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime would sometimes return m, the modulus, when it should have returned zero. Thanks to Guido Vranken for reporting it. It is only a partial fix because the same bug also exists in the "rsaz" codepath. The bug only affects zero outputs (with non-zero inputs), so we believe it has no security impact on our cryptographic functions. The fx is to delete lowercase bn_from_montgomery altogether, and have the mont5 path use the same BN_from_montgomery ending as the non-mont5 path. This only impacts the final step of the whole exponentiation and has no measurable perf impact. See the original BoringSSL commit https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315 for further analysis. Original-author: David Benjamin <davidben@google.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18511) commit 8f07881 Author: Matt Caswell <matt@openssl.org> Date: Thu Jun 9 16:57:30 2022 +0100 Fix a crash in X509v3_asid_subset() If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise subsets then this will result in a crash. Of note is that rdi will usually be NULL. Reported by Theo Buehler (@botovq) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from openssl#18514) (cherry picked from commit 01fc9b6) commit ab7d056 Author: Tomas Mraz <tomas@openssl.org> Date: Thu Jun 2 18:12:05 2022 +0200 Update further expiring certificates that affect tests Namely the smime certificates used in test_cms will expire soon and affect tests. Fixes openssl#15179 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18481) commit 3bd9765 Author: Tomas Mraz <tomas@openssl.org> Date: Tue Mar 29 13:31:34 2022 +0200 Fix strict client chain check with TLS-1.3 When TLS-1.3 is used and the server does not send any CA names the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null argument. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#17986) (cherry picked from commit 89dd854) commit b7ce611 Author: Tomas Mraz <tomas@openssl.org> Date: Wed Jun 1 13:06:46 2022 +0200 ct_test.c: Update the epoch time Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from openssl#18446) commit 73db5d8 Author: Tomas Mraz <tomas@openssl.org> Date: Wed Jun 1 12:47:44 2022 +0200 Update expired SCT certificates Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from openssl#18446) commit 8754fa5 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sat May 21 07:50:46 2022 +0200 Fix a memory leak in crl_set_issuers This can be reproduced with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out ERROR_INJECT=1653520461 #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#24 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#25 0x402626 in main fuzz/test-corpus.c:226 openssl#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) ================================================================= ==29625==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 openssl#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 openssl#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 openssl#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 openssl#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 openssl#29 0x402bbb in testfile fuzz/test-corpus.c:182 openssl#30 0x402626 in main fuzz/test-corpus.c:226 openssl#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18391) (cherry picked from commit e9007e0) commit 4a28f84 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sun May 22 20:12:56 2022 +0200 Fix a crash in ssl_security_cert_chain Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 openssl#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#14 0x40371b in testfile fuzz/test-corpus.c:182 openssl#15 0x402856 in main fuzz/test-corpus.c:226 openssl#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 openssl#13 0x40371b in testfile fuzz/test-corpus.c:182 openssl#14 0x402856 in main fuzz/test-corpus.c:226 openssl#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) openssl#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18376) (cherry picked from commit dc0ef29) commit 59b8eca Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Sat May 21 15:41:46 2022 +0200 Fix a memory leak in X509_issuer_and_serial_hash This is reproducible with my error injection patch: $ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d ERROR_INJECT=1653267699 #0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114 #2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139 #4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44 #5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #6 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #7 0x55c12d267c7f in main fuzz/test-corpus.c:226 #8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 #9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d) ================================================================= ==1058475==ERROR: LeakSanitizer: detected memory leaks Direct leak of 268 byte(s) in 1 object(s) allocated from: #0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163 #1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97 #2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43 #3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41 #4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44 #5 0x55c12d268239 in testfile fuzz/test-corpus.c:182 #6 0x55c12d267c7f in main fuzz/test-corpus.c:226 #7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18370) commit e4b84b7 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Fri May 20 16:54:41 2022 +0200 Fix undefined behaviour in EC_GROUP_new_from_ecparameters This happens for instance with fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a and causes the OPENSSL_malloc below to choke on the zero length allocation request. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18363) commit 8e1ece2 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Fri May 20 16:15:44 2022 +0200 Fix a memory leak in ec_key_simple_oct2priv This is reproducible with my error injection patch: $ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc 140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: 140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: 140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: 140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: 140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR 140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO 140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: ================================================================= ==19676==ERROR: LeakSanitizer: detected memory leaks Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 #11 0x40370b in testfile fuzz/test-corpus.c:182 #12 0x402846 in main fuzz/test-corpus.c:226 openssl#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18361) commit 8e60f41 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Fri May 20 08:02:47 2022 +0200 Fix a crash in asn1_item_embed_new This happens usually if an template object is created and there is an out of memory error before the ASN1_OP_NEW_POST method is called, but asn1_item_embed_free calls now the ASN1_OP_FREE_POST which may crash because the object is not properly initialized. Apparently that is only an issue with the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which ought to be tolerant to incomplete initialized objects. The error can be reproduced with the reproducible error injection patch: $ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 openssl#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 openssl#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 openssl#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 openssl#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 openssl#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 openssl#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#21 0x40893b in testfile fuzz/test-corpus.c:182 openssl#22 0x406b86 in main fuzz/test-corpus.c:226 openssl#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer:DEADLYSIGNAL ================================================================= ==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) ==1194==The signal is caused by a READ memory access. ==1194==Hint: address points to the zero page. #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 openssl#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 openssl#14 0x40893b in testfile fuzz/test-corpus.c:182 openssl#15 0x406b86 in main fuzz/test-corpus.c:226 openssl#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb ==1194==ABORTING Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18360) (cherry picked from commit 557825a) commit 17519e2 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Thu May 19 15:50:28 2022 +0200 Backport a missing bug-fix from master This is a backport of the following commit from master: commit 61b0fea Author: Matt Caswell <matt@openssl.org> Date: Thu Nov 19 13:58:21 2020 +0000 Don't Overflow when printing Thawte Strong Extranet Version When printing human readable info on the Thawte Strong Extranet extension the version number could overflow if the version number == LONG_MAX. This is undefined behaviour. Issue found by OSSFuzz. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from openssl#13452) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18347) commit 03ba56f Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Thu May 19 10:59:25 2022 +0200 Backport some fuzzing data files from master This is a backport of the following commit from master: commit 415e6ac Author: Tavis Ormandy <taviso@gmail.com> Date: Tue Sep 21 15:48:27 2021 -0700 increase x509 code coverage metrics Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#16651) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18347) commit e04ba88 Author: Daniel Fiala <daniel@openssl.org> Date: Tue May 10 08:46:37 2022 +0000 s_serve: Report an error if init-connection fails without an attempt to read. Fixes: openssl#18047. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18283) commit 6ef91d8 Author: basavesh <basavesh.shivakumar@gmail.com> Date: Tue Apr 5 17:49:09 2022 +0200 Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret. Consider a weaker leakage model(CL) where only cacheline base address is leaked, i.e address/32 for 32-byte cacheline(CL32). Previous code used to perform two loads 1. rotated_mac[rotate_offset ^ 32] and 2. rotated_mac[rotate_offset++] which would leak 2q + 1, 2q for 0 <= rotate_offset < 32 and 2q, 2q + 1 for 32 <= rotate_offset < 64 The proposed fix performs load operations which will always leak 2q, 2q + 1 and selects the appropriate value in constant-time. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18050) commit c7d6c08 Author: Tomas Mraz <tomas@openssl.org> Date: Fri Apr 29 17:02:19 2022 +0200 Add test for empty supported-groups extension Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18213) commit bd16488 Author: Tomas Mraz <tomas@openssl.org> Date: Fri Apr 29 16:36:36 2022 +0200 Do not send an empty supported groups extension This allows handshake to proceed if the maximum TLS version enabled is <1.3 Fixes openssl#13583 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#18213) commit ac2d4cb Author: Allan Jude <allan@klarasystems.com> Date: Fri Nov 19 19:06:52 2021 +0000 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#17085) commit ec1b4bf Author: Hugo Landau <hlandau@openssl.org> Date: Wed Apr 27 10:11:08 2022 +0100 (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions Backport of openssl#18038 to 1.1. Fixes openssl#18035. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from openssl#18190) commit 988c7b2 Author: Matt Caswell <matt@openssl.org> Date: Tue May 3 14:41:23 2022 +0100 Prepare for 1.1.1p-dev Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 6, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 6, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 12, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 12, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 13, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 13, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 13, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
jquepi
pushed a commit
to jquepi/openssl.1-.55555
that referenced
this pull request
Jul 14, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR #18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl/openssl#18697)
sftcd
pushed a commit
to sftcd/openssl
that referenced
this pull request
Sep 24, 2022
BN_one() uses the expand function which calls malloc which may fail. All other places that reference BN_one() check the return value. The issue is triggered by a memory allocation failure. Detected by PR openssl#18355 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18697)
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Oct 11, 2022
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/…
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Nov 2, 2022
commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Oct 11 11:17:39 2022 -0600
Squashed commit of the following:
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
…
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Feb 7, 2023
commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Nov 2 12:49:30 2022 -0600
Squashed commit of the following:
commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Oct 11 11:17:39 2022 -0600
Squashed commit of the following:
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn…
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
May 30, 2023
commit 65be16881b71f4d66c77664775c93340a7b89c6d
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Feb 7 09:13:22 2023 -0700
Squashed commit of the following:
commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Nov 2 12:49:30 2022 -0600
Squashed commit of the following:
commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Oct 11 11:17:39 2022 -0600
Squashed commit of the following:
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
…
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Aug 1, 2023
commit 84ef302bbb2c1bb9a3c10abfd31984e2a8731e7f
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue May 30 08:30:00 2023 -0600
Merged OpenSSL 1.1.1u with ituglib_release
commit 65be16881b71f4d66c77664775c93340a7b89c6d
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Feb 7 09:13:22 2023 -0700
Squashed commit of the following:
commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Nov 2 12:49:30 2022 -0600
Squashed commit of the following:
commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Oct 11 11:17:39 2022 -0600
Squashed commit of the following:
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by B…
rsbeckerca
added a commit
to ituglib/openssl
that referenced
this pull request
Sep 11, 2023
Squashed commit of the following:
commit ec67064bdce4af6b490ea542a028046aaaaf014e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Aug 1 23:36:20 2023 +0100
Merged OpenSSL 1.1.1v with ituglib_release
commit 84ef302bbb2c1bb9a3c10abfd31984e2a8731e7f
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue May 30 08:30:00 2023 -0600
Merged OpenSSL 1.1.1u with ituglib_release
commit 65be16881b71f4d66c77664775c93340a7b89c6d
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Feb 7 09:13:22 2023 -0700
Squashed commit of the following:
commit 44ea69d6aadbbf9b951335e5ed296eed019e9ffe
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Nov 2 12:49:30 2022 -0600
Squashed commit of the following:
commit 1b3fb89163127047b0f99412b8a31522215b3bea
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Tue Oct 11 11:17:39 2022 -0600
Squashed commit of the following:
commit 6fd6179191702eb0562ccbfb22a37405c669b90e
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 17:50:13 2022 -0400
Missed include on NonStop for memcmp in test/v3ext.c
commit d97281f16602e50f040756029b555645315253df
Author: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue Jul 5 10:37:54 2022 -0400
Squashed commit of the following:
commit 29708a562a1887a91de0fa6ca668c71871accde9
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 11:08:33 2022 +0200
Prepare for 1.1.1q release
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 95a17c0ead00885452d13309eaffd04c1737d05d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:33:00 2022 +0200
Update copyright year
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 78ba51a3b8b505d8d03abca8fa95e4fb1464d94e
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jul 5 10:25:00 2022 +0200
Update CHANGES and NEWS for upcoming release 1.1.1q
Reviewed-by: Paul Dale <pauli@openssl.org>
Release: yes
commit 9131afdca30b6d1650af9ea6179569a80ab8cb06
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:02:37 2022 +1000
AES OCB test vectors
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 919925673d6c9cfed3c1085497f5dfbbed5fc431
Author: Alex Chernyakhovsky <achernya@google.com>
Date: Thu Jun 16 12:00:22 2022 +1000
Fix AES OCB encrypt/decrypt for x86 AES-NI
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
that performs operations on 6 16-byte blocks concurrently (the
"grandloop") and then proceeds to handle the "short" tail (which can
be anywhere from 0 to 5 blocks) that remain.
As part of initialization, the assembly initializes $len to the true
length, less 96 bytes and converts it to a pointer so that the $inp
can be compared to it. Each iteration of "grandloop" checks to see if
there's a full 96-byte chunk to process, and if so, continues. Once
this has been exhausted, it falls through to "short", which handles
the remaining zero to five blocks.
Unfortunately, the jump at the end of "grandloop" had a fencepost
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
equal). This should be `jbe`, as $inp is pointing to the *end* of the
chunk currently being handled. If $inp == $len, that means that
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
then there's 5 or fewer 16-byte blocks left to be handled, and the
fall-through is intended.
The net effect of `jb` instead of `jbe` is that the last 16-byte block
of the last 96-byte chunk was completely omitted. The contents of
`out` in this position were never written to. Additionally, since
those bytes were never processed, the authentication tag generated is
also incorrect.
The same fencepost error, and identical logic, exists in both
aesni_ocb_encrypt and aesni_ocb_decrypt.
This addresses CVE-2022-2097.
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
Co-authored-by: David Benjamin <davidben@google.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
commit 6495cab1c876ad80ce983d848ccaa1dc286a63e1
Author: slontis <shane.lontis@oracle.com>
Date: Fri Jul 1 13:47:11 2022 +1000
Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
commit 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4
Author: xkernel <xkernel.wang@foxmail.com>
Date: Mon Jun 20 17:46:39 2022 +0800
v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
commit a1d80edcf830739131e0567dc03b1e80b7988b1e
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jun 10 15:58:58 2022 +0100
Fix range_should_be_prefix() to actually return the correct result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
commit 4c1cf6d39bb8e85658ac8c743dcff8ede730f76a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri Jun 17 10:25:24 2022 +0200
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
(cherry picked from commit b76efe61ea9710a8f69e1cb8caf1aeb2ba6f1ebe)
(cherry picked from commit 665ab12ed3f0d78e7cb6a55cdd2b83a2fe150232)
commit 882573246695088d65956355ca6c954642dcac31
Author: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri Jun 17 15:01:11 2022 +0200
SSL_get_current_cipher() and SSL_get_pending_cipher() return 'const SSL_CIPHER *'
Fix the documentation.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18599)
(cherry picked from commit d842b6eff0940b6ce337536cb718a8d561290f50)
commit 6c8879c8bf6030666c851623f93fff03c1266715
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed Jun 22 17:05:55 2022 +0200
Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
commit 7f77ecd2facbd9df62ed727fbd1f522376d44bd3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:48 2022 +0100
Prepare for 1.1.1q-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 9639817dac8bbbaa64d09efad7464ccc405527c7
Author: Daniel Fiala <daniel@openssl.org>
Date: Sun May 29 20:11:24 2022 +0200
Fix file operations in c_rehash.
CVE-2022-2068
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
commit 20af01d46ca4086f6b1339b67c15c81d8b4a040d
Author: Fraser Tweedale <ftweedal@redhat.com>
Date: Wed Jun 15 10:50:57 2022 +1000
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
```c
unsigned char *in_buf =
"IlRoZSBxdWljayBicm93biBmb3gganVt\ncHMgb3ZlciBhIGxhenkgZG9nLiI=\n";
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
(cherry picked from commit 0edcbacca99ab2b716da395f204610fc2775ea83)
commit 8438d3a7b7309cbea521d3628fddeda7bd6d6e20
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 16:20:05 2022 +0200
Add an extra reduction step to RSAZ mod_exp implementations
Inspired by BoringSSL fix by David Benjamin.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 0ed27fb7a8d85685cb671bf0a1e41bcdfc2624dc
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 9 12:34:55 2022 +0200
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
See the original BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/13c9d5c69d04485a7a8840c12185c832026c8315
for further analysis.
Original-author: David Benjamin <davidben@google.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18511)
commit 8f078819556da83c15751678c39558a59bc746fc
Author: Matt Caswell <matt@openssl.org>
Date: Thu Jun 9 16:57:30 2022 +0100
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
commit ab7d05617a444cfcf4f930f81caa4cf66495ab9b
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jun 2 18:12:05 2022 +0200
Update further expiring certificates that affect tests
Namely the smime certificates used in test_cms
will expire soon and affect tests.
Fixes #15179
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18481)
commit 3bd976551e549c030bdbd150c7aa8a1980cb00fe
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Mar 29 13:31:34 2022 +0200
Fix strict client chain check with TLS-1.3
When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null
argument.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)
(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)
commit b7ce611887cfac633aacc052b2e71a7f195418b8
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 13:06:46 2022 +0200
ct_test.c: Update the epoch time
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 73db5d82489b3ec09ccc772dfcee14fef0e8e908
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jun 1 12:47:44 2022 +0200
Update expired SCT certificates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18446)
commit 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 07:50:46 2022 +0200
Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18391)
(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8)
commit 4a28f8451fbc1848fd2d1b99203a7c75876123f6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun May 22 20:12:56 2022 +0200
Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
commit 59b8eca400d9ea7b77dc98fe08a91bbfe35d025a
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat May 21 15:41:46 2022 +0200
Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
commit e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:54:41 2022 +0200
Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
commit 8e1ece20cdb4a584be5311370256c4e813c09826
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 16:15:44 2022 +0200
Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
commit 8e60f41d064786f95440e4c56660ffe9777783d7
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri May 20 08:02:47 2022 +0200
Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
commit 17519e2595b5ed8211a7763ff6eb2d6cf47c13cb
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 15:50:28 2022 +0200
Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit 03ba56f1525c93eb3dfe72f85cdc698b97918e59
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu May 19 10:59:25 2022 +0200
Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
commit e04ba889594d84a8805f3d0caeadf0527470e508
Author: Daniel Fiala <daniel@openssl.org>
Date: Tue May 10 08:46:37 2022 +0000
s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
commit 6ef91d8153e04a2302bff11b29caf7e888b62fe8
Author: basavesh <basavesh.shivakumar@gmail.com>
Date: Tue Apr 5 17:49:09 2022 +0200
Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
commit c7d6c08290b67cbeef2b4f636f04788ea405520a
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 17:02:19 2022 +0200
Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit bd164884f258d99ca876f6cdcdf9bd0dcceee6ad
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Apr 29 16:36:36 2022 +0200
Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
commit ac2d4cb656b3a796db3dc6f8873e91e67907372d
Author: Allan Jude <allan@klarasystems.com>
Date: Fri Nov 19 19:06:52 2021 +0000
1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
commit ec1b4bf26c1b2440546f323873c578374f60b2de
Author: Hugo Landau <hlandau@openssl.org>
Date: Wed Apr 27 10:11:08 2022 +0100
(1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
commit 988c7b2d9361dd0ade5ef7ef068fb4ed770ce2a2
Author: Matt Caswell <matt@openssl.org>
Date: Tue May 3 14:41:23 2022 +0100
Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
commit 5ea6414f0bf861e8fece53b5bf35c849bad64774
Author: Randall S. Becker <rsbecker@nexbridge.com>
Date: Wed Jun 22 06:26:40 2022 -0600
Squashed commit of the following:
commit 8aaca20cf9996257d1ce2e6f4d3059b3698dde3d
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:39:39 2022 +0100
Prepare for 1.1.1p release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a3fc812c0c78e2f5db8b9d45bddaff62dfc958ae
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jun 21 14:07:32 2022 +0100
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 51e06520734063d6f52b2e596e1089d36d3781e7
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jun 20 14:14:20 2022 +0100
…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Checklist