14561 Commits

Author	SHA1	Message	Date
JiashengJiang	768bd0a1b2	crypto/x509/v3_lib.c: Free tmpext if X509V3_EXT_add() fails to avoid memory leak ... Add OPENSSL_free to free tmpext if X509V3_EXT_add() fails to avoid memory leak. Fixes: 878dc8dd95 ("Join the x509 and x509v3 directories") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27566) (cherry picked from commit 5f661e4e96)	2025-05-19 16:19:10 +02:00
JiashengJiang	8f32d906f0	crypto/provider_conf.c: Fix possible memory leak ... Assign the return value of ossl_provider_info_add_to_store to added instead of setting it directly to 1, in order to avoid a memory leak caused by entry not being freed if ossl_provider_info_add_to_store() fails. Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27472) (cherry picked from commit 9884f1dc11)	2025-05-07 11:51:48 +02:00
Tomas Mraz	9034b24d8f	BIO_dump_indent_cb(): Check for negative return from BIO_snprintf() ... In practice this cannot happen but Coverity complains. Fixes Coverity 1646683 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27493) (cherry picked from commit 56c739816f)	2025-04-28 17:29:45 +02:00
Bernd Edlinger	97f4b5ff21	Fix also BIO_printf formatting for INF and NAN ... Avoid infinite loooooooops in %e and %g formatting for +/-INF and make the invalid value at least visible by using '?' as signvalue. Fixes #26973 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27491) (cherry picked from commit b56dd5bfec)	2025-04-28 17:28:27 +02:00
A. Wilcox	6b1646e472	Fix P-384 curve on lower-than-P9 PPC64 targets ... The change adding an asm implementation of p384_felem_reduce incorrectly uses the accelerated version on both targets that support the intrinsics *and* targets that don't, instead of falling back to the generics on older targets. This results in crashes when trying to use P-384 on < Power9. Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com> Closes: #27350 Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC") Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27429) (cherry picked from commit 29864f2b0f)	2025-04-25 20:05:08 +02:00
Richard Levitte	f606798efa	Fix BIO_printf formatting for negative numbers formatted with %e ... Some parts of the formatting code assumed that the input number is positive. This is fixed by working on its absolute value. test/bioprinttest.c is amended to test the output of negative numbers as well. Fixes #26973 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27478) (cherry picked from commit fb555eb7a1)	2025-04-24 16:02:18 +02:00
slontis	598f6c55a4	Fix EVP_PKEY_CTX_dup() so that it copies the keymanager. ... A call to EVP_PKEY_CTX_new() creates a keymgmt pointer internally, but EVP_PKEY_CTX_dup() does not copy this field. Calling EVP_PKEY_derive_set_peer_ex() after EVP_PKEY_CTX_dup() resulted in a segfault because it tried to access this pointer. EVP_PKEY_CTX_dup() has been updated to copy the keymanager (and upref it). Reported by Eamon ODea (Oracle). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27304) (cherry picked from commit 3c22da7346)	2025-04-15 15:49:35 +01:00
Bernd Edlinger	fe8f9c9deb	Fix test failures on big endian ARMv9 target ... This fixes a couple of big-endian issues in the assembler code of chacha, SM3 and SM4. Fixes #27197 Tested-by: @zeldin Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27252) (cherry picked from commit 1a81d509a0)	2025-04-14 15:50:16 +01:00
JiashengJiang	78882cc965	crypto/ui/ui_lib.c: Add OPENSSL_free to avoid memory leaks ... Add OPENSSL_free() if general_allocate_boolean() or general_allocate_string fails to avoid memory leaks. Fixes: a63d5eaab2 ("Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like.") Signed-off-by: JiashengJiang <jiasheng@purdue.edu> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27218) (cherry picked from commit 8f06efe234)	2025-04-14 15:22:51 +01:00
slontis	3fb15ea0dd	Fix cpp comment in windows build ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27188) (cherry picked from commit b8860598d2)	2025-04-01 11:53:00 +02:00
qu3ri	c70e8ccb78	Moved crypto/bn/README.pod to internal manpages ... The new place is doc/internal/man3/bn_mul_words.pod. Also removed outdated information. Implementing the fix from https://github.com/quictls/quictls/pull/214 Fixes #26399 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26597) (cherry picked from commit 78b1fdf4a1)	2025-03-26 15:51:26 +01:00
Andrey Tsygunka	f87cd1f566	Fix return value of the i2d_ASN1_bio_stream() call ... If the flags argument does not contain the SMIME_STREAM bit, the i2d_ASN1_bio_stream() function always returns 1, ignoring the result of the ASN1_item_i2d_bio() call. Fix the return value to the result of the ASN1_item_i2d_bio() call for this case. CLA: trivial Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27106) (cherry picked from commit 3edb1f09c6)	2025-03-26 15:28:04 +01:00
Andrey Tsygunka	d5d5ab9359	Fix NULL pointer dereference in `asn1_ex_i2c()`, crypto/asn1/tasn_enc.c ... Adds handling of V_ASN1_UNDEF to avoid NULL dereference in case ASN1 structure contains an element of type ASN1_TYPE without initializing its value (i.e. default constructed) CLA: trivial Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27100) (cherry picked from commit 8e08f9c5a0)	2025-03-25 19:54:26 +01:00
Viktor Dukhovni	76a6f0d99a	Avoid erroneous legacy code path when provided ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27075) (cherry picked from commit 27b88364e4)	2025-03-20 11:34:03 +01:00
Danny Tsen	14ac0f0e4e	Fix Minerva timing side-channel signal for P-384 curve on PPC ... 1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6() for Montgomery multiplication. 2. ecp_nistp384-ppc64.pl: - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with minumum perl wrapper. - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce. - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly. 3. ecp_nistp384.c: - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce. Signed-off-by: Danny Tsen <dtsen@us.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26709) (cherry picked from commit 85cabd9495)	2025-03-14 17:22:41 +01:00
Tomas Mraz	f2a2808f16	Keep the provided peer EVP_PKEY in the EVP_PKEY_CTX too ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26976) (cherry picked from commit 2656922feb)	2025-03-14 09:51:31 +01:00
Jakub Zelenka	4995dd8d85	Fix libctx passing for CMS PWRI use ... Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26937) (cherry picked from commit 5045712d3d)	2025-03-03 09:27:14 +01:00
slontis	9537245a5b	Encoder : Fix floating pointer when OSSL_ENCODER_to_data() is called ... twice. Fixes #26862 This only happens when using the FIPS provider, since it needs to export the key. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26891) (cherry picked from commit c2f4d7aae1)	2025-02-28 13:57:39 +01:00
Alexandr Nedvedicky	b4be505af3	Fix read out of buffer bounds when dealing with BIO_ADDR ... This issue was discoevered while I was testing SSL_new_from_listener() using a newly created unit test. It has turned out the QUIC stack at few places contain pattern as follows: foo(QUIC_WHATEVER *q, BIO_ADDR *a) { q->a = *a; } The problem is that derefencning a that way is risky. If the address `a` comes from BIO_lookup_ex() it may actually be shorter than sizeof(BIO_ADDR). Using BIO_ADDR_copy() is the right thing to do here. Fixes #26241 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26252) (cherry picked from commit 395a83a617)	2025-02-25 15:56:43 +01:00
Niels Dossche	78247a46ba	Fix potential memory leak in policy_section() ... If sk_POLICYQUALINFO_push() fails, qual is not freed. Fix it by adding POLICYQUALINFO_free() to the error path. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26499) (cherry picked from commit ececabd9ad)	2025-02-25 15:52:45 +01:00
Niels Dossche	4e475f1287	Fix potential leak in error path in cert_response() ... get1_cert_status() returns an object that must be freed, but the error path does not do that. Fix it by adding a call to X509_free() in the error path. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26513) (cherry picked from commit 56160f173d)	2025-02-25 15:49:13 +01:00
Bernd Edlinger	b716f1b228	Make CRYPTO_atomic_load/store use the same preprocessor guards ... as the other CRYPTO_atomic_X functions. All CRYPTO_atomic functions should use the same logic here, just in case... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26815) (cherry picked from commit 3240427a85)	2025-02-21 14:39:43 +01:00
Neil Horman	189c31e6e2	Fix memory leak in ecdsa_keygen_knownanswer_test ... We allocate an EC_POINT with EC_POINT_new here, but in failing a subsequent check, we don't free it, correct that. Fixes #26779 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26799) (cherry picked from commit 20a2f3beba)	2025-02-19 09:39:41 -05:00
Sebastian Andrzej Siewior	1a4f50aec0	SPARC assembly: Don't file aes-cbc on T4 with small sizes. ... The "openssl speed -testmode -seconds 1 -bytes 1 aes-128-cbc" test revealed that the assembly code is crashing if length is less than 16. The code shifts the provided length by 4 and than subtracts one until the length hits zero. If it was already zero then it underflows the counter and continues until it segfaults on reading or writing. Replace the check against 0 with less than 15. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25637) (cherry picked from commit c71c65b922)	2025-02-14 11:43:16 +01:00
Xi Ruoyao	0aca055997	LoongArch: Fix output file name detection for Perl scripts ... We were using the first (or second) argument containing a '.' as the output name file, but it may be incorrect as -march=la64v1.0 may be in the command line. If the builder specifies -march=la64v1.0 in the CFLAGS, the script will write to a file named "-march=la64v1.0" and cause a build error with cryptic message: ld: crypto/pem/loader_attic-dso-pvkfmt.o: in function `i2b_PVK': .../openssl-3.4.1/crypto/pem/pvkfmt.c:1070:(.text+0x11a8): undefined reference to `OPENSSL_cleanse' Adapt the approach of ARM and RISC-V (they have similar flags like -march=v8.1-a or -misa-spec=2.2) to fix the issue. Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26717) (cherry picked from commit f48c14e94e)	2025-02-14 11:36:57 +01:00
openssl-machine	45e2b27630	Copyright year updates ... Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-02-11 14:36:52 +00:00
Stas Cymbalov	703b5ee4d2	Fix data race in asn1_str2tag() on tntmp which was accidentally made static ... Variables tntmp and tnst are declared in the same declaration and thus share storage class specifiers (static). This is unfortunate as tntmp is used during iteration through tnst array and shouldn't be static. In particular this leads to two problems that may arise when multiple threads are executing asn1_str2tag() concurrently: 1. asn1_str2tag() might return value that doesn't correspond to tagstr parameter. This can happen if other thread modifies tntmp to point to a different tnst element right after a successful name check in the if statement. 2. asn1_str2tag() might perform an out-of-bounds read of tnst array. This can happen when multiple threads all first execute tntmp = tnst; line and then start executing the loop. If that case those threads can end up incrementing tntmp past the end of tnst array. CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26504) (cherry picked from commit 7262c0bcc4)	2025-01-23 12:14:32 +01:00
Michael Baentsch	73c85a7342	Improve ASN1_TIME_print documentation and output ... This adds missing GMT indication when printing the local time as it is converted to the UTC timezone before printing. Also fixing the fractional seconds printing on EBCDIC platforms. Fixes #26313 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26344) (cherry picked from commit c81ff97866)	2025-01-22 11:31:24 +01:00
Tomas Mraz	4b1cb94a73	Fix timing side-channel in ECDSA signature computation ... There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. Attacks on ECDSA nonce are also known as Minerva attack. Fixes CVE-2024-13176 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26429) (cherry picked from commit 63c40a66c5) (cherry picked from commit 392dcb3364)	2025-01-20 09:40:46 +01:00
otherddn1978	842128239d	If you call X509_add_cert with cert == NULL and the X509_ADD_FLAG_UP_REF ... flag, it will сrash to X509_up_ref. Passing NULL here is not valid, return 0 if cert == NULL. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> (Merged from https://github.com/openssl/openssl/pull/26267) (cherry picked from commit 3c7db9e0fd)	2025-01-20 08:44:41 +01:00
Nikolay Nikolaev	8230e89369	Workaround for RSA on AArch64 Big Endian ... 1064616012 introduced and optimized RSA NEON implementation for AArch64 architecture, namely Cortex-A72 and Neoverse N1. This implementation is broken in Big Endian mode, which is not widely used, therefore not properly verified. Here we disable this optimized implementation when Big Endian platform is used. Fixes: #22687 CLA: trivial Signed-off-by: Nikolay Nikolaev <nicknickolaev@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26257) (cherry picked from commit b26894ec69)	2025-01-15 17:53:07 +01:00
Peter Bierma	73e1e60cbf	Remove non-existing error code. ... CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26389) (cherry picked from commit 0b1d3ebb70)	2025-01-15 16:23:28 +01:00
Peter Bierma	47a81bd15f	Synchronize openssl.txt with comperr.h ... CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26389) (cherry picked from commit 5b81f942d5)	2025-01-15 16:23:27 +01:00
Wang Xin	8e2121b11d	LoongArch: we should access global symbol by la.global instead of ... la.pcrel openssl will not be built successfully with binutils-2.43.50.20241230 which checks if global symbols are accessed by PC-relative in shared library. CLA: trivial Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26336) (cherry picked from commit dd7a79fc6f)	2025-01-14 12:03:32 +01:00
Michael Baentsch	f1407dbc01	Update error codes in "crypto/err/openssl.txt" ... Fixes #26316 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26330) (cherry picked from commit 3cfcf820bd)	2025-01-09 15:44:48 +01:00
Richard Levitte	26150c1716	Fix the use of OPENSSL_HTTP_PROXY / OPENSSL_HTTPS_PROXY ... Fixes #26337 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26340) (cherry picked from commit 6a2472fb3e)	2025-01-09 12:04:19 +01:00
Frederik Wedel-Heinen	193b94f6e4	Return NULL from ossl_lib_ctx_get_concrete() when it is uninitialized ... When default_context_inited is set to false we return NULL instead of the global default context. Fixes #25442 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26319) (cherry picked from commit dfce0d7418)	2025-01-08 11:20:03 +01:00
Niels Dossche	b71938ea4c	Fix potential memory leak in PKCS12_add_key_ex() ... p8 is allocated using EVP_PKEY2PKCS8(), but when PKCS8_add_keyusage() fails this memory is not freed. Fix this by adding a call to PKCS8_PRIV_KEY_INFO_free(). Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25818) (cherry picked from commit f822a48668)	2025-01-06 21:33:23 +01:00
Job Snijders	be15a4c5ce	Clean up ASN1_STRING comment and improve example in docs ... Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26195) (cherry picked from commit 2e36bb07b5)	2025-01-06 20:39:45 +01:00
Jakub Zelenka	f3381f59ac	Fix CMS encryption with key agreement when originator set ... OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014) (cherry picked from commit 894e69e747)	2025-01-06 11:45:53 +01:00
Adrien Zinger	b68ea3d6d6	Fix GCC compilation -Waggressive-loop-optimizations ... GCC 13.1.0 were reporting a compilation warning with -O2/3 and -Waggressive-loop-optimizations. GCC is raising an undefined behavior in the while loop. Replace the while loop with a memset call at the top of the function. Fixes #21088 CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23898) (cherry picked from commit c45ca0656f)	2025-01-03 16:00:48 +01:00
Niels Dossche	c6e463dac9	Fix potential memory leak in BIO_get_accept_socket() ... When BIO_parse_hostserv() fails it may still have allocated memory, yet this memory is not freed. Fix it by jumping to the err label. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25817) (cherry picked from commit 32476957ea)	2025-01-02 14:07:38 +01:00
Dmitry Belyavskiy	862ef67cac	Take into account no_store when pushing algorithm ... When we put algorithm to the store, we have a fallback to the OSSL_LIB_CTX level store when store is NULL. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26197) (cherry picked from commit b3bb214720)	2024-12-20 18:24:23 +01:00
Andrey Tsygunka	171e3dc05f	ossl_i2c_ASN1_BIT_STRING(): Fix a possible heap buffer overflow ... When data contains only zero values a buffer overflow happens. CLA: trivial Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26190) (cherry picked from commit bf2dea0e2c)	2024-12-20 09:49:45 +01:00
otherddn1978	5dfad81de9	Check whether ctx->pctx != NULL ... If it is NULL, ctx->pctx->pmeth dereference will cause a crash. Found by Linux Verification Center (linuxtesting.org) with SVACE. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26176) (cherry picked from commit 82e7a1130a)	2024-12-17 14:54:36 +01:00
Shakti Shah	f985edf45d	dh_cms_set_peerkey(): Fix the incorrect condition ... Only absent parameters allowed in RFC 3370. Fixes #25824 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26058) (cherry picked from commit 02e72ccffa)	2024-12-11 18:13:45 +01:00
Neil Horman	4e581b0318	Fix potential use-after-free in REF_PRINT_COUNT ... We use REF_PRINT_COUNT to dump out the value of various reference counters in our code However, we commonly use this macro after an increment or decrement. On increment its fine, but on decrement its not, because the macro dereferences the object holding the counter value, which may be freed by another thread, as we've given up our ref count to it prior to using the macro. The rule is that we can't reference memory for an object once we've released our reference, so lets fix this by altering REF_PRINT_COUNT to accept the value returned by CRYPTO_[UP|DOWN]_REF instead. The eliminates the need to dereference the memory the object points to an allows us to use the call after we release our reference count Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25664) (cherry picked from commit dc10ffc283)	2024-12-10 14:59:14 +01:00
Tomas Mraz	db570c75b9	Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE ... We would dereference p7->d.sign pointer which can be NULL. Reported by Han Zheng. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26078) (cherry picked from commit f2348f1f84)	2024-12-02 09:45:29 +01:00
slontis	55131b6fcc	Fix EVP_PKEY_print_private() so that it works with non default providers. ... At some point in time it was decided that the EC keymanagers ec_export() function would only allow the selection to be both the public + private parts. If just the private element is selected it returns an error. Many openssl commandline apps use EVP_PKEY_print_private() which passes EVP_PKEY_PRIVATE_KEY to the encoder. This selection propagates to encoder_construct_pkey(). For external providers (such as the fips provider this will call the keymanagers export() with the selection set to just the private part. So we either need to 1) change the selection in EVP_PKEY_print_private() or 2) modify the selection used in the export used in encoder_construct_pkey 3) Change the ec_export to allow this. I have chosen 2) but I am not sure if this is the correct thing to do or whether it should conditionally do this when the output_type == 'text'. Issue was reported by Ilia Okomin (Oracle). Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26004) (cherry picked from commit 79c98fc6cc)	2024-11-29 17:12:11 +01:00
Kai Pastor	e763902e77	Mark OPENSSL_armcap_P .hidden in arm asm ... Fixes #25601 Fixes #22414 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22181) (cherry picked from commit e131868678)	2024-11-22 11:23:20 +01:00
Tomas Mraz	58695c7fa2	sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start() ... In case of memory allocation failure this could happen. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25994) (cherry picked from commit 93bfe97c5b)	2024-11-21 11:14:36 +01:00
Vladimirs Ambrosovs	3a3a5a7413	Bugfixes for params to legacy control translations for EC parameters ... param->ctrl translation: Fix fix_ecdh_cofactor() In POST_PARAMS_TO_CTRL state the fix_ecdh_cofactor() function should return value in ctx->p1 param->ctrl translation: fix evp_pkey_ctx_setget_params_to_ctrl return Since some of the ctrl operations may return 0 as valid value (e.g. ecdh_cofactor value 0 is valid setting), before colling POST_PARAMS_TO_CTRL, we need to check return value for 0 as well otherwise the evp_pkey_ctx_setget_params_to_ctrl function fails without a chance to fix the return value param->ctrl translation: Set ecdh_cofactor default action_type GET Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22587) (cherry picked from commit 2aaef03339)	2024-11-07 10:40:15 +01:00
oleg.hoefling	a573e6dea2	Adjust naming authority formatting when printing out admission extension ... Indent namingAuthority section with two spaces to match the parent node. Signed-off-by: oleg.hoefling <oleg.hoefling@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25814) (cherry picked from commit 85a52f7292)	2024-11-07 10:30:57 +01:00
Niels Dossche	92bbcb8902	Fix memory leak on failure in copy_issuer() ... When sk_GENERAL_NAME_reserve() fails, ialt is not freed. Add the freeing operation in the common error path. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25876) (cherry picked from commit fa856b0ce0)	2024-11-07 10:20:27 +01:00
Jakub Zelenka	fb5a57de82	Fix smime-type for AuthEnvelopedData ... Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25523) (cherry picked from commit 4c8c37e572)	2024-11-05 18:55:53 +01:00
Tomas Mraz	674bbf6ed2	Fix missing sendmmsg/recvmmsg on AIX ... This at least fixes the build failures on AIX Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25704) (cherry picked from commit c5795689c9)	2024-10-23 15:20:05 +02:00
Dr. David von Oheimb	fa7193fdf1	TRACE: automatically respect disabled categories ... by fixing OSSL_trace_begin() to return NULL when given category is not enabled Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25652) (cherry picked from commit 72d3e9bac4)	2024-10-23 15:17:08 +02:00
Ingo Franzki	e73308d4ab	s390x: Don't probe crypto cards for ME/CRT offloading during initialization ... Probing for crypto cards during initialization by issuing an ioctl to the zcrypt device driver can cause a lot of traffic and overhead, because it runs for each and every application that uses OpenSSL, regardless if that application will later perform ME or CRT operations or not. Fix this by performing no probing during initialization, but detect the crypto card availability only at the first ME/CRT operation that is subject to be offloaded. If the ioctl returns ENODEV, then no suitable crypto card is available in the system, and we disable further offloading attempts by setting flag OPENSSL_s390xcex_nodev to 1. Setting the global flag OPENSSL_s390xcex_nodev in case of ENODEV is intentionally not made in a thread save manner, because the only thing that could happen is that another thread, that misses the flag update, also issues an ioctl and gets ENODEV as well. The file descriptor is not closed in such error cases, because this could cause raise conditions where we would close a foreign file if the same file descriptor got reused by another thread. The file descriptor is finally closed during termination by the atexit handler. In case the ioctl returns ENOTTY then this indicates that the file descriptor was closed (e.g. by a sandbox), but in the meantime the same file descriptor has been reused for another file. Do not use the file descriptor anymore, and also do not close it during termination. Fixes: 79040cf29e Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25576) (cherry picked from commit f928304a9d)	2024-10-23 15:07:58 +02:00
Viktor Dukhovni	bc7e04d7c8	Harden BN_GF2m_poly2arr against misuse. ... The BN_GF2m_poly2arr() function converts characteristic-2 field (GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask, to a compact array with just the exponents of the non-zero terms. These polynomials are then used in BN_GF2m_mod_arr() to perform modular reduction. A precondition of calling BN_GF2m_mod_arr() is that the polynomial must have a non-zero constant term (i.e. the array has `0` as its final element). Internally, callers of BN_GF2m_poly2arr() did not verify that precondition, and binary EC curve parameters with an invalid polynomial could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr(). The precondition is always true for polynomials that arise from the standard form of EC parameters for characteristic-two fields (X9.62). See the "Finite Field Identification" section of: https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html The OpenSSL GF(2^m) code supports only the trinomial and pentanomial basis X9.62 forms. This commit updates BN_GF2m_poly2arr() to return `0` (failure) when the constant term is zero (i.e. the input bitmask BIGNUM is not odd). Additionally, the return value is made unambiguous when there is not enough space to also pad the array with a final `-1` sentinel value. The return value is now always the number of elements (including the final `-1`) that would be filled when the output array is sufficiently large. Previously the same count was returned both when the array has just enough room for the final `-1` and when it had only enough space for non-sentinel values. Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhausition attacks via excessively large inputs. The above issues do not arise in processing X.509 certificates. These generally have EC keys from "named curves", and RFC5840 (Section 2.1.1) disallows explicit EC parameters. The TLS code in OpenSSL enforces this constraint only after the certificate is decoded, but, even if explicit parameters are specified, they are in X9.62 form, which cannot represent problem values as noted above. Initially reported as oss-fuzz issue 71623. A closely related issue was earlier reported in <https://github.com/openssl/openssl/issues/19826>. Severity: Low, CVE-2024-9143 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25639) (cherry picked from commit 8e008cb8b2)	2024-10-16 09:22:18 +02:00
Dr. David von Oheimb	4b3ff44bef	replace various calls to sprintf() by BiO_snprintf() to avoid compiler warnings, e.g., on MacOS ... Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25534) (cherry picked from commit 2c536c8b15)	2024-10-12 15:48:21 +02:00
Niels Dossche	3f560b2aa9	Fix potential double free through SRP_user_pwd_set1_ids() ... If SRP_user_pwd_set1_ids() fails during one of the duplications, or id is NULL, then the old pointer values are still stored but they are now dangling. Later when SRP_user_pwd_free() is called these are freed again, leading to a double free. Although there are no such uses in OpenSSL as far as I found, it's still a public API. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25655) (cherry picked from commit 792b2c8da2)	2024-10-11 14:23:16 +02:00
Taylor R Campbell	24a0aa4591	Avoid undefined behaviour with the <ctype.h> functions. ... fix https://github.com/openssl/openssl/issues/25112 As defined in the C standard: In all cases the argument is an int, the value of which shall be representable as an unsigned char or shall equal the value of the macro EOF. If the argument has any other value, the behavior is undefined. This is because they're designed to work with the int values returned by getc or fgetc; they need extra work to handle a char value. If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed inputs to the ctype.h functions are: {-1, 0, 1, 2, 3, ..., 255}. However, on platforms where char is signed, such as x86 with the usual ABI, code like char *p = ...; ... isspace(*p) ... may pass in values in the range: {-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}. This has two problems: 1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden. 2. The non-EOF byte 0xff is conflated with the value EOF = -1, so even though the input is not forbidden, it may give the wrong answer. Casting char inputs to unsigned char first works around this, by mapping the (non-EOF character) range {-128, -127, ..., -1} to {128, 129, ..., 255}, leaving no collisions with EOF. So the above fragment needs to be: char *p = ...; ... isspace((unsigned char)*p) ... This patch inserts unsigned char casts where necessary. Most of the cases I changed, I compile-tested using -Wchar-subscripts -Werror on NetBSD, which defines the ctype.h functions as macros so that they trigger the warning when the argument has type char. The exceptions are under #ifdef __VMS or #ifdef _WIN32. I left alone calls where the input is int where the cast would obviously be wrong; and I left alone calls where the input is already unsigned char so the cast is unnecessary. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25113) (cherry picked from commit 99548cd16e)	2024-10-10 20:48:28 +02:00
Dmitry Belyavskiy	73649d009d	Increase limit for CRL download ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25608) (cherry picked from commit cdbe47bf3c)	2024-10-08 16:01:30 +02:00
Niels Dossche	e1a2db0668	Fix potential memory leak in save_statusInfo() ... If sk_ASN1_UTF8STRING_push() fails then the duplicated string will leak memory. Add a ASN1_UTF8STRING_free() to fix this. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25604) (cherry picked from commit 0a2a8d970f)	2024-10-07 17:58:47 +02:00
Niels Dossche	138b494d3e	Fix potential memory leak in PKCS7_signatureVerify() ... Fixes #25594 The code jumps to an error block when EVP_VerifyUpdate fails. This error block does not free abuf. In the success path the abuf memory is freed. Move the free operation to the error block. CLA: trivial Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25596) (cherry picked from commit d8b7a6eae9)	2024-10-07 17:56:17 +02:00
Klaus Holst Jacobsen	f5ded7f405	Added check for __QNX__ define when using in_pktinfo.ipi_spec_dst ... CLA: trivial Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24361) (cherry picked from commit 445017152b)	2024-10-07 17:40:03 +02:00
Зишан Мирза	1b0014bb6c	Remove double engine reference in ossl_ec_key_dup() ... Fixes #25260 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25453) (cherry picked from commit ffc5a29608)	2024-09-26 10:27:11 +02:00
Shawn C	1659c9b712	Fix NULL ptr dereference on EC_POINT *point ... Use non-usual params of pkcs11 module will trigger a null ptr deref bug. Fix it for #25493 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25496) (cherry picked from commit 8ac42a5f41)	2024-09-26 10:05:13 +02:00
David von Oheimb	03c173fc23	OSSL_HTTP_adapt_proxy(): fix handling of escaped IPv6 host addresses and of whitespace in no_proxy ... Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25010) (cherry picked from commit fe004a09ac)	2024-09-23 22:17:08 +02:00
David von Oheimb	18fc82e7c4	OSSL_HTTP_open(): fix completion with default port for IPv6 host addresses ... Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25010) (cherry picked from commit 1c90d36ab1)	2024-09-23 22:17:07 +02:00
Paul E. Murphy	9edef91ea1	Fix big-endian Power10 chacha20 implementation ... Some of the BE specific permutes were incorrect. Fix them. This passes all tests on a P10/ppc64 debian unstable host. Fixes #25451 CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25483) (cherry picked from commit daead12df0)	2024-09-19 11:14:04 +02:00
Gerd Hoffmann	5cd025cf72	fix small footprint builds on arm ... Building with '-D OPENSSL_SMALL_FOOTPRINT' for aarch64 fails due to 'gcm_ghash_4bit' being undeclared. Fix that by not setting the function pointer when building with OPENSSL_SMALL_FOOTPRINT, matching openssl behavior on x86. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25419) (cherry picked from commit 2a53df6947)	2024-09-12 09:11:08 +10:00
Tomas Mraz	11e0405388	Fix no-thread-pool build on Windows ... thread/arch/thread_win.c must be included into libcrypto as rcu depends on ossl_crypto_mutex implementation on Windows. Fixes #25337 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/25378) (cherry picked from commit f0fd24d5f3)	2024-09-10 16:37:36 +02:00
Matt Caswell	86bb4340c6	Complain about a missing digest when doing deterministic ECDSA ... We need a digest for the none when doing deterministic ECDSA. Give a better error message if one hasn't been supplied. See openssl/openssl#25012 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25057) (cherry picked from commit 8cc0a97d60)	2024-09-09 09:52:44 +02:00
erbsland-dev	cd0fb16bfc	Fix Edge Cases in Password Callback Handling ... Fixes #8441: Modify the password callback handling to reserve one byte in the buffer for a null terminator, ensuring compatibility with legacy behavior that puts a terminating null byte at the end. Additionally, validate the length returned by the callback to ensure it does not exceed the given buffer size. If the returned length is too large, the process now stops gracefully with an appropriate error, enhancing robustness by preventing crashes from out-of-bounds access. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25330) (cherry picked from commit 5387b71acb)	2024-09-09 09:02:58 +02:00
Zhihao Yuan	cde95169bb	Recycle the TLS key that holds thread_event_handler ... Fixes #25278 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25300) (cherry picked from commit 36840ab577)	2024-09-05 17:20:26 +02:00
Georgi Valkov	02d4c0c760	threads_win: fix improper cast to long * instead of LONG * ... InterlockedExchangeAdd expects arguments of type LONG *, LONG but the int arguments were improperly cast to long *, long Note: - LONG is always 32 bit - long is 32 bit on Win32 VC x86/x64 and MingW-W64 - long is 64 bit on cygwin64 Signed-off-by: Georgi Valkov <gvalkov@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25360) (cherry picked from commit b0ed90cc30)	2024-09-05 17:12:09 +02:00
Daniel Gustafsson	cb04533531	Fix memleak in rsa_cms_sign error path ... If the call to X509_ALGOR_set0 fails then the allocated ASN1_STRING variable passed as parameter leaks. Fix by explicitly freeing like how all other codepaths with X509_ALGOR_set0 do. Fixes #22680 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24868) (cherry picked from commit 5efc57caf2)	2024-09-05 17:05:24 +02:00
Tomas Mraz	5fca53d7ba	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2024-09-03 14:50:21 +02:00
Viktor Dukhovni	05f360d9e8	Avoid type errors in EAI-related name check logic. ... The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Fixes CVE-2024-6119 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (cherry picked from commit 0890cd13d4)	2024-09-03 12:03:19 +02:00
Bernd Edlinger	cfbe6c0fce	Fix error handling in OBJ_add_object ... This fixes the possible memory leak in OBJ_add_object when a pre-existing object is replaced by a new one, with identical NID, OID, and/or short/long name. We do not try to delete any orphans, but only mark them as type == -1, because the previously returned pointers from OBJ_nid2obj/OBJ_nid2sn/OBJ_nid2ln may be cached by applications and can thus not be cleaned up before the application terminates. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22534) (cherry picked from commit e91384d5b0)	2024-08-21 15:54:03 +02:00
Tomas Mraz	22c75933cc	Explicitly include e_os.h for close() ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25229) (cherry picked from commit 0c0c6954bf)	2024-08-19 12:28:03 +02:00
shridhar kalavagunta	283960be9d	RAND_write_file(): Avoid potential file descriptor leak ... If fdopen() call fails we need to close the fd. Also return early as this is most likely some fatal error. Fixes #25064 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25081) (cherry picked from commit d604834439)	2024-08-19 11:13:15 +02:00
Bernd Edlinger	4cf3cbe52c	Fix unpredictible refcount handling of d2i functions ... The passed in reference of a ref-counted object is free'd by d2i functions in the error handling. However if it is not the last reference, the in/out reference variable is not set to null here. This makes it impossible for the caller to handle the error correctly, because there are numerous cases where the passed in reference is free'd and set to null, while in other cases, where the passed in reference is not free'd, the reference is left untouched. Therefore the passed in reference must be set to NULL even when it was not the last reference. Fixes #23713 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22809) (cherry picked from commit d550d2aae5)	2024-08-16 10:09:06 +02:00
Tomas Mraz	3fa1b82a10	do_print_ex(): Avoid possible integer overflow ... Fixes Coverity 1604657 Fixes openssl/project#780 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25084) (cherry picked from commit e3e15e77f1)	2024-08-07 19:39:45 +02:00
Tomas Mraz	51ab19ea48	evp_get_digest/cipherbyname_ex(): Try to fetch if not found ... If the name is not found in namemap, we need to try to fetch the algorithm and query the namemap again. Fixes #19338 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24940) (cherry picked from commit 454ca902c7)	2024-07-31 11:26:16 +02:00
Tomas Mraz	a3bfc4fd5b	i2d_name_canon(): Check overflow in len accumulation ... Fixes Coverity 1604638 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24930) (cherry picked from commit b2deefb9d2) (cherry picked from commit dd744cd19b)	2024-07-21 12:30:34 -04:00
Tomas Mraz	ff5c70d3ff	Allow short reads in asn1_d2i_read_bio() ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/22486) (cherry picked from commit 202ef97edc)	2024-07-18 19:06:27 +02:00
Neil Horman	7209a6b5f4	Fix coverity-1604666 ... Coverity recently flaged an error in which the return value for EVP_MD_get_size wasn't checked for negative values prior to use, which can cause underflow later in the function. Just add the check and error out if get_size returns an error. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24896) (cherry picked from commit 22e08c7cdc)	2024-07-17 16:31:32 +02:00
erbsland-dev	5c06b04a60	Fix line continuation check in config parser ... Fixes #8038: Previously, line continuation logic did not account for the 'again' flag, which could cause incorrect removal of a backslash character in the middle of a line. This fix ensures that line continuation is correctly handled only when 'again' is false, thus improving the reliability of the configuration parser. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24890) (cherry picked from commit f54e4bc51b)	2024-07-16 21:33:19 +02:00
Neil Horman	6ba2f4d3d5	Set down_load factor on hash table when culling items in doall ... oss-fuzz noted this issue: https://oss-fuzz.com/testcase-detail/5363002606419968 Which reports a heap buffer overflow during ossl_method_cache_flush_some Its occuring because we delete items from the hash table while inside its doall iterator The iterator in lhash.c does a reverse traversal of all buckets in the hash table, and at some point a removal during an iteration leads to the hash table shrinking, by calling contract. When that happens, the bucket index becomes no longer valid, and if the index we are on is large, it exceeds the length of the list, leading to an out of band reference, and the heap buffer overflow report. Fix it by preventing contractions from happening during the iteration, but setting the down_load factor to 0, and restoring it to its initial value after the iteration is done Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24867) (cherry picked from commit 01753c09bb)	2024-07-16 07:33:17 -04:00
sashan	8120fb0434	EVP_DigestUpdate(): Check if ctx->update is set ... The issue has been discovered by libFuzzer running on provider target. There are currently three distinct reports which are addressed by code change here. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1 the issue has been introduced with openssl 3.0. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24753) (cherry picked from commit ad33d62396)	2024-07-11 21:49:23 +02:00
Neil Horman	7f3fd995b7	read lock store on ossl_method_store_do_all ... Theres a data race between ossl_method_store_insert and ossl_method_store_do_all, as the latter doesn't take the property lock before iterating. However, we can't lock in do_all, as the call stack in several cases later attempts to take the write lock. The choices to fix it are I think: 1) add an argument to indicate to ossl_method_store_do_all weather to take the read or write lock when doing iterations, and add an is_locked api to the ossl_property_[read|write] lock family so that subsequent callers can determine if they need to take a lock or not 2) Clone the algs sparse array in ossl_method_store_do_all and use the clone to iterate with no lock held, ensuring that updates to the parent copy of the sparse array are left untoucheTheres a data race between ossl_method_store_insert and ossl_method_store_do_all, as the latter doesn't take the property lock before iterating. I think method (2), while being a bit more expensive, is probably the far less invasive way to go here Fixes #24672 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24782) (cherry picked from commit d8def79838)	2024-07-09 11:28:26 +02:00
Radek Krejci	32e52d425b	Avoid NULL pointer dereference ... Function readbuffer_gets() misses some of the initial checks of its arguments. Not checking them can lead to a later NULL pointer dereferences. The checks are now unified with the checks in readbuffer_read() function. CLA: trivial Fixes #23915 Signed-off-by: Radek Krejci <radek.krejci@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23918) (cherry picked from commit c215d75f94)	2024-07-08 21:56:12 +02:00
Bernd Edlinger	f68bd6f672	Fix possible double-free in pkcs7 add_attribute function ... The problem is the ownership of the input parameter value is transfered to the X509_ATTRIBUTE object attr, as soon as X509_ATTRIBUTE_create succeeds, but when an error happens after that point there is no way to get the ownership back to the caller, which is necessary to fullfill the API contract. Fixed that by moving the call to X509_ATTRIBUTE_create to the end of the function, and make sure that no errors are possible after that point. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22721) (cherry picked from commit 82a13a1f50)	2024-07-08 12:26:17 +02:00
cchinchole	e0d4526c42	Unlock only when lock was successful ... Addressing issue (#24517): Updated the example in CRYPTO_THREAD_run_once.pod to reflect that an unlock call should not be made if a write_lock failed. Updated BIO_lookup_ex in bio_addr.c and ossl_engine_table_select in eng_table.c to not call unlock if the lock failed. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/24779) (cherry picked from commit 3f4da93678)	2024-07-03 16:11:44 -04:00
cchinchole	cfb0b41bf8	Fixes for potential deadlock ... Fixes (#24517): (3/3) Addresses the potential deadlock if an error occurs from up_ref in functions ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, and ENGINE_get_prev in file crypto/engine/eng_list.c CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24780) (cherry picked from commit e6174ca4d4)	2024-07-03 16:05:52 +02:00
Tomas Mraz	70827b3d78	OPENSSL_hexstr2buf_ex(): Handle zero-length input correctly ... In case of zero-length input the code wrote one byte before the start of the output buffer. The length of the output was also reported incorrectly in this case. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24770) (cherry picked from commit 3f7b355733)	2024-07-02 20:14:25 +02:00
JohnnySavages	77d716d3be	Check EC_GROUP_get0_order result before dereference ... CLA: trivial Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24755) (cherry picked from commit 16311dbf53)	2024-07-01 10:04:19 +02:00
sgzmd	9b9f98fcf2	Free appname if it was set after initializing crypto. ... Fixes #24729 CLA: trivial Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24730) (cherry picked from commit fbd6609bb2)	2024-06-27 19:50:49 +02:00