GitHub CI / check_update (push) Has been cancelledDetails
GitHub CI / check_docs (push) Has been cancelledDetails
GitHub CI / check-ansi (push) Has been cancelledDetails
GitHub CI / basic_gcc (push) Has been cancelledDetails
GitHub CI / basic_clang (push) Has been cancelledDetails
GitHub CI / linux-arm64 (push) Has been cancelledDetails
GitHub CI / freebsd-x86_64 (push) Has been cancelledDetails
GitHub CI / minimal (push) Has been cancelledDetails
GitHub CI / no-deprecated (push) Has been cancelledDetails
GitHub CI / no-shared-ubuntu (push) Has been cancelledDetails
GitHub CI / no-shared-macos (macos-13) (push) Has been cancelledDetails
GitHub CI / no-shared-macos (macos-14) (push) Has been cancelledDetails
GitHub CI / non-caching (push) Has been cancelledDetails
GitHub CI / address_ub_sanitizer (push) Has been cancelledDetails
GitHub CI / memory_sanitizer (push) Has been cancelledDetails
GitHub CI / threads_sanitizer (push) Has been cancelledDetails
GitHub CI / enable_non-default_options (push) Has been cancelledDetails
GitHub CI / fips_and_ktls (push) Has been cancelledDetails
GitHub CI / no-legacy (push) Has been cancelledDetails
GitHub CI / legacy (push) Has been cancelledDetails
GitHub CI / buildtest (push) Has been cancelledDetails
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelledDetails
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Has been cancelledDetails
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Has been cancelledDetails
GitHub CI / external-tests (push) Has been cancelledDetails
GitHub CI / external-test-pyca (3.9, 1.51.0) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e linux-latomic -Wno-stringop-overflow tests:none]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu libs:libc6-dev-ppc64el-cross target:-O2 linux-ppc64le]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelledDetails
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelledDetails
Provider old versions compat / fips-provider-validation (map[dir:openssl-3.0.0 tgz:openssl-3.0.0.tar.gz url:https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz]) (push) Has been cancelledDetails
Provider compat / fips-provider-30 (push) Has been cancelledDetails
Provider compat / fips-provider-master (push) Has been cancelledDetails
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelledDetails
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Has been cancelledDetails
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelledDetails
Run-checker CI / run-checker (enable-ssl-trace) (push) Has been cancelledDetails
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-atexit) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cmp) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-cms) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ct) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-dtls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ec) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ec2m) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-legacy) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-rfc3779) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-sock) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-srp) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-srtp) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tests) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-threads) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ts) (push) Has been cancelledDetails
Run-checker CI / run-checker (no-ui) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelledDetails
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dgram) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dso) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-err) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-filenames) (push) Has been cancelledDetails
Run-checker merge / run-checker (no-unit-test) (push) Has been cancelledDetails
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelledDetails
Windows GitHub CI / shared (windows-2019, map[arch:win32 config:--strict-warnings no-fips]) (push) Has been cancelledDetails
Windows GitHub CI / shared (windows-2019, map[arch:win64 config:enable-fips]) (push) Has been cancelledDetails
Windows GitHub CI / shared (windows-2022, map[arch:win32 config:--strict-warnings no-fips]) (push) Has been cancelledDetails
Windows GitHub CI / shared (windows-2022, map[arch:win64 config:enable-fips]) (push) Has been cancelledDetails
Windows GitHub CI / plain (windows-2019) (push) Has been cancelledDetails
Windows GitHub CI / plain (windows-2022) (push) Has been cancelledDetails
Windows GitHub CI / minimal (windows-2019) (push) Has been cancelledDetails
Windows GitHub CI / minimal (windows-2022) (push) Has been cancelledDetails
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26976)
(cherry picked from commit 2656922feb)
twice.
Fixes#26862
This only happens when using the FIPS provider, since it needs to export
the key.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26891)
(cherry picked from commit c2f4d7aae1)
get1_cert_status() returns an object that must be freed,
but the error path does not do that.
Fix it by adding a call to X509_free() in the error path.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26513)
(cherry picked from commit 56160f173d)
as the other CRYPTO_atomic_X functions.
All CRYPTO_atomic functions should use the same logic here,
just in case...
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26815)
(cherry picked from commit 3240427a85)
We allocate an EC_POINT with EC_POINT_new here, but in failing a
subsequent check, we don't free it, correct that.
Fixes#26779
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26799)
(cherry picked from commit 20a2f3beba)
The "openssl speed -testmode -seconds 1 -bytes 1 aes-128-cbc" test
revealed that the assembly code is crashing if length is less than 16.
The code shifts the provided length by 4 and than subtracts one until
the length hits zero. If it was already zero then it underflows the
counter and continues until it segfaults on reading or writing.
Replace the check against 0 with less than 15.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25637)
(cherry picked from commit c71c65b922)
Variables tntmp and tnst are declared in the same declaration and thus
share storage class specifiers (static). This is unfortunate as tntmp is
used during iteration through tnst array and shouldn't be static.
In particular this leads to two problems that may arise when multiple
threads are executing asn1_str2tag() concurrently:
1. asn1_str2tag() might return value that doesn't correspond to tagstr
parameter. This can happen if other thread modifies tntmp to point to
a different tnst element right after a successful name check in the
if statement.
2. asn1_str2tag() might perform an out-of-bounds read of tnst array.
This can happen when multiple threads all first execute tntmp = tnst;
line and then start executing the loop. If that case those threads
can end up incrementing tntmp past the end of tnst array.
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26504)
(cherry picked from commit 7262c0bcc4)
This adds missing GMT indication when printing the local time as
it is converted to the UTC timezone before printing.
Also fixing the fractional seconds printing on EBCDIC platforms.
Fixes#26313
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26344)
(cherry picked from commit c81ff97866)
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
Attacks on ECDSA nonce are also known as Minerva attack.
Fixes CVE-2024-13176
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26429)
(cherry picked from commit 63c40a66c5)
flag, it will сrash to X509_up_ref. Passing NULL here is not valid,
return 0 if cert == NULL.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26267)
(cherry picked from commit 3c7db9e0fd)
1064616012 introduced and optimized RSA NEON implementation
for AArch64 architecture, namely Cortex-A72 and Neoverse N1.
This implementation is broken in Big Endian mode, which is not
widely used, therefore not properly verified.
Here we disable this optimized implementation when Big Endian
platform is used.
Fixes: #22687
CLA: trivial
Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26257)
(cherry picked from commit b26894ec69)
When we put algorithm to the store, we have a fallback to the
OSSL_LIB_CTX level store when store is NULL.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit b3bb214720)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26231)
When default_context_inited is set to false we return NULL instead of
the global default context.
Fixes#25442
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26319)
(cherry picked from commit dfce0d7418)
p8 is allocated using EVP_PKEY2PKCS8(), but when PKCS8_add_keyusage()
fails this memory is not freed. Fix this by adding a call to
PKCS8_PRIV_KEY_INFO_free().
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25818)
(cherry picked from commit f822a48668)
OpenSSL currently does not support encryption with originator flag so it
should fail nicely instead of segfaulting.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26014)
(cherry picked from commit 894e69e747)
GCC 13.1.0 were reporting a compilation warning with -O2/3 and
-Waggressive-loop-optimizations. GCC is raising an undefined behavior in the
while loop. Replace the while loop with a memset call at the top of the
function.
Fixes#21088
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23898)
(cherry picked from commit c45ca0656f)
When BIO_parse_hostserv() fails it may still have allocated memory, yet
this memory is not freed. Fix it by jumping to the err label.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25817)
(cherry picked from commit 32476957ea)
When data contains only zero values a buffer overflow happens.
CLA: trivial
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26190)
(cherry picked from commit bf2dea0e2c)
If it is NULL, ctx->pctx->pmeth dereference will cause a crash.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26176)
(cherry picked from commit 82e7a1130a)
Only absent parameters allowed in RFC 3370.
Fixes#25824
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26058)
(cherry picked from commit 02e72ccffa)
We would dereference p7->d.sign pointer which can be NULL.
Reported by Han Zheng.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26078)
(cherry picked from commit f2348f1f84)
At some point in time it was decided that the EC keymanagers ec_export()
function would only allow the selection to be both the public + private
parts. If just the private element is selected it returns an error.
Many openssl commandline apps use EVP_PKEY_print_private() which passes
EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to
encoder_construct_pkey(). For external providers (such as the fips
provider this will call the keymanagers export() with the selection set
to just the private part.
So we either need to
1) change the selection in EVP_PKEY_print_private() or
2) modify the selection used in the export used in
encoder_construct_pkey
3) Change the ec_export to allow this.
I have chosen 2) but I am not sure if this is the correct thing to do
or whether it should conditionally do this when the output_type ==
'text'.
Issue was reported by Ilia Okomin (Oracle).
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26004)
(cherry picked from commit 79c98fc6cc)
In case of memory allocation failure this
could happen.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25994)
(cherry picked from commit 93bfe97c5b)
That caused several memory leaks in case of error.
Also when the CMS object that is created by CMS_EncryptedData_encrypt
is not used in the normal way, but instead just deleted
by CMS_ContentInfo_free some memory was lost.
Fixes#21985
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22044)
param->ctrl translation: Fix fix_ecdh_cofactor()
In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should
return value in ctx->p1
param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl
return
Since some of the ctrl operations may return 0 as valid value
(e.g. ecdh_cofactor value 0 is valid setting), before colling
POST_PARAMS_TO_CTRL, we need to check return value for 0 as well
otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails
without a chance to fix the return value
param->ctrl translation: Set ecdh_cofactor default action_type GET
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22587)
(cherry picked from commit 2aaef03339)
Indent namingAuthority section with two spaces to match the parent
node.
Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25814)
(cherry picked from commit 85a52f7292)
When sk_GENERAL_NAME_reserve() fails, ialt is not freed.
Add the freeing operation in the common error path.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25876)
(cherry picked from commit fa856b0ce0)
by fixing OSSL_trace_begin() to return NULL when given category is not enabled
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25652)
(cherry picked from commit 72d3e9bac4)
The BN_GF2m_poly2arr() function converts characteristic-2 field
(GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask,
to a compact array with just the exponents of the non-zero terms.
These polynomials are then used in BN_GF2m_mod_arr() to perform modular
reduction. A precondition of calling BN_GF2m_mod_arr() is that the
polynomial must have a non-zero constant term (i.e. the array has `0` as
its final element).
Internally, callers of BN_GF2m_poly2arr() did not verify that
precondition, and binary EC curve parameters with an invalid polynomial
could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
The precondition is always true for polynomials that arise from the
standard form of EC parameters for characteristic-two fields (X9.62).
See the "Finite Field Identification" section of:
https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
basis X9.62 forms.
This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
Additionally, the return value is made unambiguous when there is not
enough space to also pad the array with a final `-1` sentinel value.
The return value is now always the number of elements (including the
final `-1`) that would be filled when the output array is sufficiently
large. Previously the same count was returned both when the array has
just enough room for the final `-1` and when it had only enough space
for non-sentinel values.
Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
CPU exhausition attacks via excessively large inputs.
The above issues do not arise in processing X.509 certificates. These
generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
disallows explicit EC parameters. The TLS code in OpenSSL enforces this
constraint only after the certificate is decoded, but, even if explicit
parameters are specified, they are in X9.62 form, which cannot represent
problem values as noted above.
Initially reported as oss-fuzz issue 71623.
A closely related issue was earlier reported in
<https://github.com/openssl/openssl/issues/19826>.
Severity: Low, CVE-2024-9143
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25639)
(cherry picked from commit 8e008cb8b2)
If SRP_user_pwd_set1_ids() fails during one of the duplications, or id
is NULL, then the old pointer values are still stored but they are now dangling.
Later when SRP_user_pwd_free() is called these are freed again,
leading to a double free.
Although there are no such uses in OpenSSL as far as I found,
it's still a public API.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25655)
(cherry picked from commit 792b2c8da2)
fix https://github.com/openssl/openssl/issues/25112
As defined in the C standard:
In all cases the argument is an int, the value of which shall
be representable as an unsigned char or shall equal the value
of the macro EOF. If the argument has any other value, the
behavior is undefined.
This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.
If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype.h functions are:
{-1, 0, 1, 2, 3, ..., 255}.
However, on platforms where char is signed, such as x86 with the
usual ABI, code like
char *p = ...;
... isspace(*p) ...
may pass in values in the range:
{-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.
This has two problems:
1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.
2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
even though the input is not forbidden, it may give the wrong
answer.
Casting char inputs to unsigned char first works around this, by
mapping the (non-EOF character) range {-128, -127, ..., -1} to {128,
129, ..., 255}, leaving no collisions with EOF. So the above
fragment needs to be:
char *p = ...;
... isspace((unsigned char)*p) ...
This patch inserts unsigned char casts where necessary. Most of the
cases I changed, I compile-tested using -Wchar-subscripts -Werror on
NetBSD, which defines the ctype.h functions as macros so that they
trigger the warning when the argument has type char. The exceptions
are under #ifdef __VMS or #ifdef _WIN32. I left alone calls where
the input is int where the cast would obviously be wrong; and I left
alone calls where the input is already unsigned char so the cast is
unnecessary.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25113)
(cherry picked from commit 99548cd16e)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
(cherry picked from commit cdbe47bf3c)
If sk_ASN1_UTF8STRING_push() fails then the duplicated string will leak
memory. Add a ASN1_UTF8STRING_free() to fix this.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25604)
(cherry picked from commit 0a2a8d970f)
Fixes#25594
The code jumps to an error block when EVP_VerifyUpdate fails.
This error block does not free abuf.
In the success path the abuf memory is freed.
Move the free operation to the error block.
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25596)
(cherry picked from commit d8b7a6eae9)
Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25496)
(cherry picked from commit 8ac42a5f41)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25533)
(cherry picked from commit b59b74fd07)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25533)
(cherry picked from commit a78da17491)
Some of the BE specific permutes were incorrect. Fix them.
This passes all tests on a P10/ppc64 debian unstable host.
Fixes#25451
CLA: trivial
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25483)
(cherry picked from commit daead12df0)
Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to
'gcm_ghash_4bit' being undeclared. Fix that by not setting the function
pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl
behavior on x86.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25419)
(cherry picked from commit 2a53df6947)
Fixes#8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end.
Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25330)
(cherry picked from commit 5387b71acb)
InterlockedExchangeAdd expects arguments of type LONG *, LONG
but the int arguments were improperly cast to long *, long
Note:
- LONG is always 32 bit
- long is 32 bit on Win32 VC x86/x64 and MingW-W64
- long is 64 bit on cygwin64
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25360)
(cherry picked from commit b0ed90cc30)
Tomas Mraz
Jakub Zelenka
slontis
Niels Dossche
Bernd Edlinger
Neil Horman
Sebastian Andrzej Siewior
openssl-machine
Stas Cymbalov
Michael Baentsch
otherddn1978
Nikolay Nikolaev
Dmitry Belyavskiy
Richard Levitte
Frederik Wedel-Heinen
Job Snijders
Adrien Zinger
Andrey Tsygunka
Shakti Shah
Kai Pastor
Vladimirs Ambrosovs
oleg.hoefling
Dr. David von Oheimb
Viktor Dukhovni
Niels Dossche
Taylor R Campbell
Зишан Мирза
Shawn C
Paul E. Murphy
Gerd Hoffmann
erbsland-dev
Zhihao Yuan
Georgi Valkov