The syntax check of the -addext fails because the
X509V3_CTX is used to lookup the referenced section,
but the wrong configuration file is used, where only
a default section with all passed in -addext lines is available.
Thus it was not possible to use the subjectAltName=dirName:section
as an -addext parameter. Probably other extensions as well.
This change affects only the syntax check, the real extension
was already created with correct parameters.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23669)
(cherry picked from commit 387418893e)
Printing content of an invalid test certificate causes application crash, because of NULL dereference:
user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info
MAC: sha256, Iteration 2048
MAC length: 32, salt length: 8
PKCS7 Encrypted data: Segmentation fault (core dumped)
Added test cases for pkcs12 bad certificates
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23632)
(cherry picked from commit a4cbffcd89)
Return value of function 'SSL_CTX_ctrl', that is called from
SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(),
is not checked, but it is usually checked for this function.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23647)
(cherry picked from commit 6f794b461c)
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
(cherry picked from commit ff78d94b13)
The ASN1_OBJECT otmp was leaked if X509_VERIFY_PARAM_add0_policy fails.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22922)
(cherry picked from commit d6688e45fa)
The OPENSSL_DIR_end was missing in case of error.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22920)
(cherry picked from commit 01709fcb8b)
sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.
The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).
If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.
The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
(cherry picked from commit 322517d817)
On some systems it is too small although the system allows longer
filenames.
Fixes#22886
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22889)
(cherry picked from commit de8e0851a1)
When a provider can't return parameters, make that a warning instead of an
error, and continue to list further providers.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
(cherry picked from commit 7ebaab7689)
When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)
(cherry picked from commit bed7a87810)
The `aarch64-linux-android33-clang` cross-compiler (v14.0.6)
complains twice about an unsupported '%n' format specifier,
preventing a successful `--strict-warnings` build:
error: '%n' specifier not supported on this platform [-Werror,-Wformat]
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
This is a false positive, because BIO_snprintf() implements its
own format parsing (which is implemented in the _dopr() function).
This commit fixes the problem by rewriting the code to dispense with
the dubious '%n' format specifier. As a side-effect, the code becomes
a little bit more comprehensible and self-explaining.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22511)
(cherry picked from commit ec0d22fe15)
This fixes broken cherry-pick from the master branch
where there is a quiet argument.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22434)
Call app_bail_out if RAND_bytes() fails.
Also changed the output parameter of RAND_bytes() to inp as
writing to encrypted output buffer does not make sense.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21706)
(cherry picked from commit 8d120aef95)
In some error cases the normal cleanup did not
happen, but instead an exit(1) which caused some
memory leaks, as reported in #22049.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22055)
(cherry picked from commit 8c040c086c)
when used in conjunction with -out and -modulus options.
Fixes#21403
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22026)
(cherry picked from commit d2873946df)
The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function.
This the valtype value of dkeyform should be changed to "f".
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21982)
(cherry picked from commit b9a189ce87)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
(cherry picked from commit 374945a9aa)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
(cherry picked from commit 49e097344b)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
(cherry picked from commit 81d037b8ad)
Apply normal sentence case to db update message
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21535)
(cherry picked from commit ccb2f3080d)
Running 'openssl speed eddsa' fails with
Doing 253 bits sign Ed25519 ops for 10s: EdDSA sign failure
000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestSign:
final error:crypto/evp/m_sigver.c:585:
-1 253 bits Ed25519 sign ops in 0.00s
Doing 253 bits verify Ed25519 ops for 10s: EdDSA verify failure
000003FF9306C7D0:error:030000BC:digital envelope routines:EVP_DigestVerify:
final error:crypto/evp/m_sigver.c:694:
-1 253 bits Ed25519 verify ops in 0.00s
This is because the EVP_DigestSign/Verify() calls in the EdDSA_sign/verify_loop()
fail because the context has already been finalized by the previous
EVP_DigestSign/Verify call during the EdDSA signature test done by speed_main().
This happens since commit 3fc2b7d6b8 where the
EVP_DigestSign/Verify() functions have been changed to set a flag that the
context has been finalized.
Fix this by re-initializing the context using EVP_DigestSign/Verify() in the
EdDSA_sign/verify_loop().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21491)
(cherry picked from commit 0c85bcbaea)
When running `openssl speed -evp md5` the result shows `md5` as algorithm
name. But when adding the option `-multi 2` it gives `evp` as algorithm
name.
Signed-off-by: Jörg Sommer <joerg@jo-so.de>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21216)
(cherry picked from commit 33c09341bb)
The pkeyutl app was truncating the input file for decryption leading to
incorrect results. This was probably ok historically when RSA was being
used for decryption which has short maximum sizes. This is not ok with SM2.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21272)
(cherry picked from commit 849450746f)
EVP_PKEY_get_default_digest_name() may return 1 with the returned digest
name "UNDEF". This case hasn't been documented, and the meaning has been
left undefined, until now.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20460)
(cherry picked from commit af99d55078)
This backports the functional essence of #20971.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21050)
(cherry picked from commit 1737fb8f45)
The root cause is that the file entries targeted for rehash are not actually sorted.
Sort was skipped because the compare function was null.
So a compare function has been implemented to allow file entries to be sorted.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21013)
(cherry picked from commit 31c94b5e11)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
(cherry picked from commit 2d6585986f)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)
(cherry picked from commit 14ca1b6f46)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
(cherry picked from commit 20d4dc8898)
Fixes#20031
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20034)
(cherry picked from commit 30b9a6ec89)
The logic for handling inconsistent use of -rspin etc., -port, -server,
and -use_mock_srv options proved faulty. This is fixed here, updating and
correcting also the documentation and diagnostics of the involved options.
In particular, the case that -rspin (or -rspout. reqin, -reqout) does not
provide enough message file names was not properly described and handled.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20295)
(cherry picked from commit 1f757df1f3)
This adds a -pedantic option to fipsinstall that adjusts the various
settings to ensure strict FIPS compliance rather than backwards
compatibility.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20752)
(cherry picked from commit bc2a4225a4)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)
(cherry picked from commit 154625e109)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20298)
(cherry picked from commit 25b18e629d)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
(cherry picked from commit b75d56dee0)
Bernd Edlinger
Viliam Lejčík
MrRurikov
Matt Caswell
Frederik Wedel-Heinen
Tomas Mraz
Richard Levitte
Alexey Fofanov
Matthias St. Pierre
Klavishnik
Mathieu Tortuyaux
wangcheng
Dr. David von Oheimb
Fatih Arslan Tugay
Ingo Franzki
atishkov
Jörg Sommer
Michael Baentsch
minyong.ha
Pauli
GauriSpears