This repository has been archived by the owner on Jan 8, 2025. It is now read-only.
Updated OQS #15
Merged
Updated OQS #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
christianpaquin
commented
Feb 5, 2018
christianpaquin
commented
- Pulled latest version in OQS subtree
- Refactored calls to OQS functions to check for OQS_SUCCESS return code
5bfbc5d Merge pull request open-quantum-safe#225 from christianpaquin/cp-winconfig-refactor d409a5c Moved winconfig to oqs include dir, so it can be used by downstream projects. 4f6d9d5 Merge pull request open-quantum-safe#224 from christianpaquin/cp-add-32-bit-VS-projects 2a1e1ed Tweaked picnic-related build steps on windows. 10881f4 Removed picnic lib dependency from 32-bit projects, and specified platform in picnic build instructions. 5af6cb3 Fixed include of winconfig in sig related files. ed5909d make prettyprint d994cd1 added #ifdef to test KEX availibility eb46360 Added 32-bit projects to Visual Studio, and moved scheme defines to winconfig.h file. c087d2e Merge pull request open-quantum-safe#223 from christianpaquin/cp-add-minimal-projects-to-VS 8f5c701 Fixed typo in appveyor test script. 3158180 Added minimal kex and sig projects to visual studio and appveyor, and updated DLL exports with new OQS functions. b2fdec1 Merge pull request open-quantum-safe#222 from open-quantum-safe/vsoftco_const_correctness_OQS_print bb70d7f added const to uint8_t *str pointer in OQS_print 3916eb9 Merge pull request open-quantum-safe#221 from open-quantum-safe/vsoftco_refactor_ifdef_WINDOWS 16143ad commit fa4ab20 commit 95ff83b commit 9c549d7 commit 4cc8536 made OQS_STATUS an enum, more type-safe compared to #define d6f2ed0 changed int main() to int main(void) f4a37ea commit ab51852 refactored if defined WINDOWS to if defined _WIN32 c2e7d63 Merge pull request open-quantum-safe#217 from christianpaquin/cp-update-picnic f893a96 Added OQS print functions to DLL exports. cebaa10 Added defines to enable all supported KEX schemes. 590f4a4 Added closing tag for oqs.h filter item, fixing the filter file. 35688bf Merge branch 'master' into cp-update-picnic 298c983 Changed SIDH ref in Travis scripts to reflect new names. (open-quantum-safe#216) 20348ca Vsoftco refactor oqs success (open-quantum-safe#219) 07c4635 Added OQS sig functions to DLL exports and fixed DLL projects to include picnic. 076b753 Prettyprint. f9d8d95 Added picnic cmake's msbuild to gitignore. 38d4c6a Merge remote-tracking branch 'upstream/master' into cp-update-picnic db66396 Added Picnic sig to Visual Studio. 5aa9e62 Removed unused sike header. (open-quantum-safe#215) 65a8db3 Issue 187 and 207 (open-quantum-safe#214) fe29d8d Merge remote-tracking branch 'upstream/master' into cp-update-picnic a59979a Merge remote-tracking branch 'origin/cp-add-sike-visualstudio' into cp-update-picnic 3fe6afa (Re)Added SIDHv3/SIKE to Visual Studio. 4eee16d Removed the mention about recursive cloning in the readme. a132e49 Merge remote-tracking branch 'origin/master' into cp-update-picnic ee401c8 Added previously ignored config file, and added exception to gitignore. 0b285e0 Updated the picnic library, and removed it as a patched submodule and instead committed the code direclty. git-subtree-dir: vendor/liboqs git-subtree-split: 5bfbc5d84524c6e58959d76cc2055104958011f9
…1_0_2-stable Pulled latest OQS into vendor subtree.
|
@dstebila ; ready for merge. I updated OQS into OpenSSL. |
dstebila
approved these changes
Feb 6, 2018
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Jun 7, 2022
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
open-quantum-safe#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
open-quantum-safe#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
open-quantum-safe#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
open-quantum-safe#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
open-quantum-safe#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
open-quantum-safe#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
open-quantum-safe#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
open-quantum-safe#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
open-quantum-safe#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
open-quantum-safe#21 0x40893b in testfile fuzz/test-corpus.c:182
open-quantum-safe#22 0x406b86 in main fuzz/test-corpus.c:226
open-quantum-safe#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
open-quantum-safe#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
open-quantum-safe#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
open-quantum-safe#14 0x40893b in testfile fuzz/test-corpus.c:182
open-quantum-safe#15 0x406b86 in main fuzz/test-corpus.c:226
open-quantum-safe#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18360)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Jun 7, 2022
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
open-quantum-safe#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
open-quantum-safe#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
open-quantum-safe#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
open-quantum-safe#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
open-quantum-safe#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
open-quantum-safe#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
open-quantum-safe#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
open-quantum-safe#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
open-quantum-safe#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
open-quantum-safe#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
open-quantum-safe#14 0x40371b in testfile fuzz/test-corpus.c:182
open-quantum-safe#15 0x402856 in main fuzz/test-corpus.c:226
open-quantum-safe#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
open-quantum-safe#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
open-quantum-safe#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
open-quantum-safe#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
open-quantum-safe#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
open-quantum-safe#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
open-quantum-safe#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
open-quantum-safe#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
open-quantum-safe#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
open-quantum-safe#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
open-quantum-safe#13 0x40371b in testfile fuzz/test-corpus.c:182
open-quantum-safe#14 0x402856 in main fuzz/test-corpus.c:226
open-quantum-safe#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18376)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Jun 7, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
open-quantum-safe#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
open-quantum-safe#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
open-quantum-safe#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
open-quantum-safe#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
open-quantum-safe#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
open-quantum-safe#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
open-quantum-safe#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
open-quantum-safe#24 0x402bbb in testfile fuzz/test-corpus.c:182
open-quantum-safe#25 0x402626 in main fuzz/test-corpus.c:226
open-quantum-safe#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
open-quantum-safe#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
open-quantum-safe#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
open-quantum-safe#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
open-quantum-safe#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
open-quantum-safe#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
open-quantum-safe#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
open-quantum-safe#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
open-quantum-safe#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
open-quantum-safe#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
open-quantum-safe#29 0x402bbb in testfile fuzz/test-corpus.c:182
open-quantum-safe#30 0x402626 in main fuzz/test-corpus.c:226
open-quantum-safe#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18391)
baentsch
pushed a commit
that referenced
this pull request
Jun 22, 2022
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18360)
(cherry picked from commit 557825a)
baentsch
pushed a commit
that referenced
this pull request
Jun 22, 2022
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18376)
(cherry picked from commit dc0ef29)
baentsch
pushed a commit
that referenced
this pull request
Jun 22, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#29 0x402bbb in testfile fuzz/test-corpus.c:182
#30 0x402626 in main fuzz/test-corpus.c:226
#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18391)
(cherry picked from commit e9007e0)
baentsch
pushed a commit
that referenced
this pull request
Jul 5, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from openssl#18632)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Sep 9, 2022
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
open-quantum-safe#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
open-quantum-safe#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
open-quantum-safe#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
open-quantum-safe#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
open-quantum-safe#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
open-quantum-safe#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#26 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#27 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
open-quantum-safe#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
open-quantum-safe#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#22 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#23 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
open-quantum-safe#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
open-quantum-safe#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
open-quantum-safe#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#23 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#24 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from openssl#18633)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Sep 9, 2022
Leak sanitizer reports following leak for ssl-test-new subtest
4-tlsv1_2-both-compress:
==335733==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
open-quantum-safe#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
open-quantum-safe#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
open-quantum-safe#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
open-quantum-safe#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
open-quantum-safe#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
open-quantum-safe#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
open-quantum-safe#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
open-quantum-safe#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
open-quantum-safe#12 0x100e85b in do_handshake_internal test/helpers/handshake.c:1544
open-quantum-safe#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
open-quantum-safe#14 0x101d1a7 in test_handshake test/ssl_test.c:543
open-quantum-safe#15 0x1027875 in run_tests test/testutil/driver.c:370
open-quantum-safe#16 0x1008393 in main test/testutil/main.c:30
open-quantum-safe#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
open-quantum-safe#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
open-quantum-safe#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
Direct leak of 17728 byte(s) in 1 object(s) allocated from:
#0 0x3ff9fbba251 in malloc (/usr/lib64/libasan.so.8+0xba251)
#1 0x3ff9f71744f in tls_do_uncompress ssl/record/methods/tls_common.c:868
#2 0x3ff9f7175bd in tls_default_post_process_record ssl/record/methods/tls_common.c:896
#3 0x3ff9f715ee7 in tls_get_more_records ssl/record/methods/tls_common.c:773
open-quantum-safe#4 0x3ff9f712209 in tls_read_record ssl/record/methods/tls_common.c:958
open-quantum-safe#5 0x3ff9f6ef73f in ssl3_read_bytes ssl/record/rec_layer_s3.c:1235
open-quantum-safe#6 0x3ff9f776165 in tls_get_message_header ssl/statem/statem_lib.c:1198
open-quantum-safe#7 0x3ff9f74709b in read_state_machine ssl/statem/statem.c:624
open-quantum-safe#8 0x3ff9f74709b in state_machine ssl/statem/statem.c:478
open-quantum-safe#9 0x3ff9f662e61 in SSL_do_handshake ssl/ssl_lib.c:4430
open-quantum-safe#10 0x100c55d in do_handshake_step test/helpers/handshake.c:775
open-quantum-safe#11 0x100c55d in do_connect_step test/helpers/handshake.c:1134
open-quantum-safe#12 0x1010b09 in do_handshake_internal test/helpers/handshake.c:1550
open-quantum-safe#13 0x1011715 in do_handshake test/helpers/handshake.c:1738
open-quantum-safe#14 0x101d1a7 in test_handshake test/ssl_test.c:543
open-quantum-safe#15 0x1027875 in run_tests test/testutil/driver.c:370
open-quantum-safe#16 0x1008393 in main test/testutil/main.c:30
open-quantum-safe#17 0x3ff9cc2b871 in __libc_start_call_main (/usr/lib64/libc.so.6+0x2b871)
open-quantum-safe#18 0x3ff9cc2b94f in __libc_start_main_alias_2 (/usr/lib64/libc.so.6+0x2b94f)
open-quantum-safe#19 0x100864f (/code/openssl/test/ssl_test+0x100864f)
SUMMARY: AddressSanitizer: 35456 byte(s) leaked in 2 allocation(s).
Fix this by freeing the SSL3_RECORD structure inside the OSSL_RECORD_LAYER.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#19030)
baentsch
pushed a commit
that referenced
this pull request
Oct 12, 2022
This was found by my Reproducible Error Injection patch (openssl#18356) Due to the exact location of the injected memory error the sha256 digest is missing, and this causes much later the memory leak (and a failed assertion) in tls13_generate_secret. But the reproduction is a bit challenging, as it requires AESNI and RDRAND capability. OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #15 0x55fb9117e939 in main fuzz/test-corpus.c:194 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 #12 0x55fb9117e939 in main fuzz/test-corpus.c:194 #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) ================================================================= ==1320996==ERROR: LeakSanitizer: detected memory leaks Direct leak of 80 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 Indirect leak of 1080 byte(s) in 1 object(s) allocated from: #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 #6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 #7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 #8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 #9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 #10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 #11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 #12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 #13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 #14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 #15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 #16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 #17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#18725)
baentsch
added a commit
that referenced
this pull request
Nov 21, 2022
* Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Run make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.1l release
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.1m-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix the array size of dtlsseq in tls1_enc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16385)
(cherry picked from commit 562d4cd3c35b32f2bc6ac0770b80ce394f8d76a4)
* Avoid using undefined value in generate_stateless_cookie_callback
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16381)
* Fix some strict gcc-12 warnings
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16375)
* apps/ciphers: Fix wrong return value when using -convert parameter
Command 'openssl ciphers -convert <name>' always returns failure,
this patch set the correct return value.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16383)
(cherry picked from commit 8b4e9c5265ffd3457ad37133502a9d8a4e8daccd)
* Check for null-pointer dereference in dh_cms_set_peerkey
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16382)
* ts: fix memleaks caused by TS_VERIFY_CTX_set_imprint
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16347)
(cherry picked from commit 62bae84d4587ec9a56d0ce830e36e4a5b2fa8a33)
* Darwin platform allows to build on releases before Yosemite/ios 8.
issue #16407 #16408
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16409)
* cms: fix memleaks in cms_env.c
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16403)
* Fix instances of pointer addition with the NULL pointer
ubsan found undefined pointer addtions in
crypto/bio/bss_mem.c (mem_ctrl),
crypto/pem/pem_lib.c (PEM_read_bio_ex),
test/testutil/format_output.c (test_fail_string_common,
test_fail_memory_common).
Mostly a straight back-port-of: a07dc81
Additionally enable the ubsan run-checker, to prevent regressions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16423)
* Fix enable-asan with C++ buildtest
the following config:
./config no-shared enable-asan enable-buildtest-c++ enable-external-tests
fails to build with unresolved asan symbols when linking
test/ossl_shim/ossl_shim
Fixed by passing all sanitizer-flags to cxxflags.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16434)
* Fix the "Out of memory" EVP KDF scrypt test
This test did not really execute, since usually
the OPENSSL_malloc(0) will fail and prevent the
execution of the KDF.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16446)
* Ensure that _GNU_SOURCE is defined for bss_dgram.c
This fixes the following error with gcc10 under strict ANSI conditions:
.../crypto/bio/bss_dgram.c:373:20: error: 'const struct in6_addr' has no member named 's6_addr32'
CLA: trivial
Fixes #16449
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16451)
(cherry picked from commit e8e1f6d1a9e599d575431f559200018b8f822e0f)
* Fix no-tls1_3 tests
This recently added test needs DH2048 to work without tls1_3.
Fixes: #16335
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16453)
* Add tests for i2d_TYPE_fp and d2i_TYPE_fp
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
@@ Note: This commit limits to ECPKParameters as a type.
(cherry picked from commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
* Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
This commit fixes the public headers to reflect these changes.
Fixes #12443
(cherry picked from commit cca8a4cedaafe63b0b5729b72133661ece24ff08)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
* [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
This is a follow-up to https://github.com/openssl/openssl/pull/12312
(cherry picked from commit 7aa3dfc42104588f65301d20324388ac2c9a6b11)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12457)
* Use applink to fix windows tests
(cherry picked from commit <https://github.com/bernd-edlinger/openssl/commit/96a463cede0070aa5c86629d683a214657a9ba9e>)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12457)
* Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
Fixes #16428
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
* ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16441)
* Openssl fails to compile on Debian with kfreebsd kernels
(kfreebsd-amd64, kfreebsd-i386). The error reported by the compiler
is:
../crypto/uid.c: In function 'OPENSSL_issetugid':
../crypto/uid.c:50:22: error: 'AT_SECURE' undeclared (first use in this function)
50 | return getauxval(AT_SECURE) != 0;
| ^~~~~~~~~
This commit changes the code to use the freebsd code in this case.
This fixes the compilation.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16477)
(cherry picked from commit 3a1fa0116a92235ba200228e4bb60d6a3a7f4113)
* doc: document the rsa_oaep_md: pkeyopt
This was missing but essential for using non-SHA1 digests with OAEP.
Fixes #15998
Manual backport of #16410
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16488)
* Prioritise DANE TLSA issuer certs over peer certs
When building the certificate chain, prioritise any Cert(0) Full(0)
certificates from TLSA records over certificates received from the peer.
This is important when the server sends a cross cert, but TLSA records include
the underlying root CA cert. We want to construct a chain with the issuer from
the TLSA record, which can then match the TLSA records (while the associated
cross cert may not).
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
* Test for DANE cross cert fix
Reviewed-by: Tomáš Mráz <tomas@openssl.org>
* test/ec_internal_test: link with libapps.a too
Whenever the source from $target{apps_init_src} is added to the source
of a test program, it needs to be linked with libapps.a as well. Some
init sources depend on that.
Without this, builds break on VMS because of the unresolved symbol
'app_malloc'.
On platforms that do not need anything from libapps.a, adding it is a
no-op.
This is for OpenSSL 1.1.1 only. OpenSSL 3.0 and beyond have a
different solution.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16512)
* VMS: Compensate for compiler type incompatibility
The compiler says that 'unsigned long long' isn't the same as
'unsigned __int64'. Sure, and considering that crypto/rand/rand_vms.c
is specific VMS only code, it's easy to just change the type to the
exact same as what's specified in the system headers.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15613)
* DOCS: Update the page for 'openssl passwd' to not duplicate some info
The options -1 and -apr1 were mentioned in DESCRIPTION, not mentioning
any other options or even mentioning that there are more algorithms.
The simple fix is to remove that sentence and let the OPTIONS section
speak for itself.
Fixes #16529
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16531)
(cherry picked from commit 116799ff6a8fc803ec4685fc432c7329d0511e23)
* VMS: Fix misspelt type
'__int64', not 'int64_t'
Ref: commit 2e5cdbc18a1a26bfc817070a52689886fa0669c2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16557)
* Fix nc_email to check ASN1 strings with NULL byte in the middle
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16524)
(cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376)
* MacOS prior to 10.12 does not support random API correctly
Fixes #16517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16587)
* Clarify what SSL_get_session() does on the server side in TLSv1.3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit 9e51f877930dbd4216438a5da3c9612bf4d0a918)
* Correct the documentation for SSL_set_num_tickets()
The behaviour for what happens in a resumption connection was not quite
described correctly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit 4603b782e6dbed493d2f38db111abc05df66fb99)
* ssl: Correct filename in README
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16671)
* Add sm2 encryption test case from GM/T 0003.5-2012
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16511)
(cherry picked from commit 8ba65c35ea3af347c3b2adc8e665066b541a1c35)
* doc/man3/SSL_set_fd.pod: add note about Windows compiler warning
According to an old stackoverflow thread [1], citing an even older comment by
Andy Polyakov (1875e6db29, Pull up Win64 support from 0.9.8., 2005-07-05),
a cast of 'SOCKET' (UINT_PTR) to 'int' does not create a problem, because although
the documentation [2] claims that the upper limit is INVALID_SOCKET-1 (2^64 - 2),
in practice the socket() implementation on Windows returns an index into the kernel
handle table, the size of which is limited to 2^24 [3].
Add this note to the manual page to avoid unnecessary roundtrips to StackOverflow.
[1] https://stackoverflow.com/questions/1953639/is-it-safe-to-cast-socket-to-int-under-win64
[2] https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2
[3] https://docs.microsoft.com/en-us/windows/win32/sysinfo/kernel-objects
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16699)
(cherry picked from commit f8dd5869bca047a23599ac925aace70efcf487ad)
* Fix a NPD bug in engines/e_dasync.c
The dasync_aes_128_cbc_hmac_sha1 cipher depends on
EVP_aes_128_cbc_hmac_sha1() returning a NON-NULL value.
We should simply not advertise this cipher otherwise.
Fixes: #7950
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16722)
* Fix a memory leak in the afalg engine
Fixes: #16743
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16744)
(cherry picked from commit 6f6a5e0c7c41b6b3639e51f435cd98bb3ae061bc)
* Fix some possible memory leaks in EVP_CipherInit_ex
An EVP_CONTEXT with zero cipher but non-zero engine,
and/or cipher_data is possible if an error happens
in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling
will just clear the cipher in that case.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16756)
* Fix double-free in e_dasync.c
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16751)
* Bindhost/bindport should be freed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16775)
(cherry picked from commit 0ce0c455862ed29bd7f2acdbddbe8d0b1783c1c9)
* New extensions can be sent in a certificate request
Normally we expect a client to send new extensions in the ClientHello,
which may be echoed back by the server in subsequent messages. However the
server can also send a new extension in the certificate request message to
be echoed back in a certificate message
Fixes #16632
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit cbb862fbaaa1ec5a3e33836bc92a6dbea97ceba0)
* Extend custom extension testing
Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit 0db3a9904fa00569905be130854a31dab7b8f49d)
* Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries
It's a small change to the 'nm' call, to have it look at dynamic symbols
rather than the normal ones.
Fixes #16810
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16822)
(cherry picked from commit a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c)
* Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping the version info makes the
test work again.
Fixes #16810 (followup)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
(cherry picked from commit 73970cb91fdf8e7b4b434d479b875a47a0aa0dbc)
* test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16806)
(cherry picked from commit 34563be5368fb8e6ade7d06d8376522ba83cd6ac)
* Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
* Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
commit related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
* Fix some documentation errors related to return values
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16794)
(cherry picked from commit f1d077f1108b1bc2334350a4d53a46e29e082910)
* Fix BIO_get_md_ctx return value check
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16792)
* Fix the s_server psk_server_cb for use in DTLS
Commit 0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes #16707
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
(cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)
* Fix no-cmac
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16894)
(cherry picked from commit ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604)
* Fix a gcc 11.2.0 warning
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning
when compiling test/packettest.c, which causes --strict-warnings builds
to fail. A simple fix avoids the warning.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16887)
(cherry picked from commit 37467b2752f75ce80437120f704452982b7c1998)
* speed: range check the argument given to -multi for 1.1.1
Fixes #16899 for 1.1.1 branch.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16922)
* check the return value of BN_new() and BN_dup()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16948)
(cherry picked from commit d99004fe5de934120765d342586f08d22131b8ed)
* Fix a memory leak in tls_parse_stoc_key_share
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16957)
* Fix a memory leak in ssl_create_cipher_list
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16955)
* Fix: invoking x509_name_cannon improperly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16974)
(cherry picked from commit 09235289c377ff998964bb6b074bb2a3ad768fd2)
* Reset the rwstate before calling ASYNC_start_job()
If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
reset the rwstate back to SSL_NOTHING. In fact we can do this
unconditionally since if we're about to call ASYNC_start_job() then either
we are about to start the async job for the first time (in which case the
rwstate should already by SSL_NOTHING), or we are restarting it after a
pause (in which case reseting it to SSL_NOTHING is the correct action).
Fixes #16809
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17013)
(cherry picked from commit 07f620e3acf0dd76a3a03ada9911c544aa483aa7)
* free the Post-Handshake Auth digest when there is an error saving the digest
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16924)
* evp: fix EVP_PKEY_get0_EC_KEY when EC_KEY is SM2
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) will change pkey->type to EVP_PKEY_SM2
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17015)
* Avoid loading of a dynamic engine twice
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.
Fixes #17023
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
(cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)
* ERR: Add a missing common reason string
There was no string present for ERR_R_PASSED_INVALID_ARGUMENT
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17069)
* Add a test case for duplicate engine loading
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17083)
* DOC: Add a few previously documented functions
d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.
This simply adds them back.
Fixes #17091
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17093)
* Fix detection of ARMv7 and ARM64 CPU features on FreeBSD
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)
(cherry picked from commit c1dabe26e3e96cdce0ffc929e9677840ad089ba5)
* Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs
The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)
(cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00)
* doc: fix macro name
OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT.
Fixes #17121
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17125)
(cherry picked from commit 01fde90eec721b64bc0e1c01cd94a9fd431adcc6)
* BIO_push.pod: fix confusing text and add details on corner cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)
(cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069)
* Fix speed, use OPENSSL_free instead of free
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17132)
* TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)
* No EtM for GOST ciphers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17158)
* Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17135)
* BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17135)
* Fix documentation for tlsext_ticket_key
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
(cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33)
* OBJ_nid2obj.pod: Replace remaining 'B<' by 'I<' were appropriate
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17221)
* Fix a deadlock in OBJ_NAME_add
This happened after an out of memory error:
CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17236)
* CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.
We also replace windows-latest with windows-2019 so
there aren't two identical builds done once windows-latest
is switched to mean windows-2022.
Fixes #17177
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17211)
* Fix faulty detail in BN_rand() manual
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
* Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.
Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45
correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
Fortunately the bn_mul_comba4/8 code paths are not affected.
Also the mips64 target does in fact not handle the carry propagation
correctly.
Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001
correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
* Add some CHANGES entries for 1.1.1m
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17269)
* Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17271)
* Update NEWS for 1.1.1m
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17273)
* Prepare for 1.1.1m release
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.1n-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix the null pointer dereference
Fixed #17296
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17302)
* Fix Configure variable spill
* Evaluating code-refs in Configure can sometimes set the default
variable `$_`
* Prevent spillage influencing the target property by using named
variable in loop
CLA: trivial
Fixes gh-17321
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17322)
(cherry picked from commit a595e3286ae9f033c56452967b3add2145f9085f)
* document additional stack push error code
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17351)
* Ensure s_client sends SNI data when used with -proxy
The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.
Fixes #17232
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17249)
* Add support for BSD-riscv64 target
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(cherry picked from commit fb72a093f88f7332069659994b67f6b19aceb865)
(Merged from https://github.com/openssl/openssl/pull/17341)
* OBJ_obj2txt(): fix off-by-one documentation of the result
This backports the doc improvements of #17188.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit e36d10925396b6519e1abd338e1ef62cd5b1c9e6)
* Update troublesome copyright years of auto-generated files to 2022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17401)
* apps/passwd.c: free before error exiting
use goto instead of returning directly while error handling
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)
(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)
* close_console: Always unlock as the lock is always held
Fixes #17364
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17395)
* Fix password_callback to handle short passwords
Fixes #17426
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17439)
* Remove unsafe call to OPENSSL_cpuid_setup
This function is inherently thread-unsafe,
and moreover it is unnecessary here, because
OPENSSL_init_crypto always calls it in a thread-safe way.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17468)
* Fix a leak in EVP_DigestInit_ex()
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
* Add a test for a custom digest created via EVP_MD_meth_new()
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
* lhash: Avoid 32 bit right shift of a 32 bit value
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
(cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80)
* Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Fix builds with DJGPP
CLA: trivial
To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.
Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.
In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:
- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)
(cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)
* Don't link test/ec_internal_test with libapps.a
It's not at all necessary, and on some platforms, it's disruptive
(leads to unresolved symbols because of object files that get included
in the link that depend on libssl).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17637)
* Correct return type for BIO_ptr_ctrl
Fixes #17549
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)
(cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459)
* scrypt: increase memory usage beyond limit
This brings these tests in line with 3.0 and master and makes them
fail correctly.
Fixes #17612
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17619)
* Prevent crash with engine using different openssl runtime
This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.
Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.
Fixes #15898
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
* Check for presence of 3.x openssl runtime
if the newly loaded engine contains the symbol
EVP_PKEY_get_base_id, we know it is linked to 3.x openssl.
Abort loading this engine, as it will definitely crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
* crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
(cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef)
* Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
Fixes #12491.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
(cherry picked from commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5)
* Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648. Backport from master to 1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17787)
* VMS: move copy_argc to its own module and make it an aux source
copy_argv was never initialization code.
Make it self-cleaning too.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17746)
* [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.
(manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743
(manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
(manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* Document bug in openssl cms -binary
Documents a bug in openssl cms -binary for 1.1 whereby it cannot process
input using LF line endings correctly. Binary input processing was
reworked substantially for 3.0 and backporting these changes doesn't
appear reasonable.
Fixes #17797.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17810)
* Avoid potential memory leak
Resolves #17827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
(cherry picked from commit 175355923046921a689b500f7a72455f7095708f)
* Set protocol in init_client()
If TCP is being used, protocol = 0 is passed to init_client(), then
protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17838)
(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878)
* Fix issue where OBJ_nid2obj doesn't always raise an error
This was previously fixed in 3.0 but not 1.1.
Fixes #13008.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17808)
* DOC: TLS compression is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17854)
(cherry picked from commit 2cb52118ddd1d82d7b6028372238eaa2467bbd48)
* Fix OPENSSL_ENGINES in Configurations/descrip.mms.tmpl
Make its value an absolute path.
This was already fixed in all other build file templates, but for some
reason, not here.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17865)
* Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
(cherry picked from commit abdb2278d2b65ae87bee3121be83322e4219b396)
* Fix possible infinite loop in BN_mod_sqrt()
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add documentation of BN_mod_sqrt()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add a negative testcase for BN_mod_sqrt
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Prepare for 1.1.1n release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Prepare for 1.1.1o-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Check password length only when verify is enabled.
Fixes #16231.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17899)
* eng_dyn: Avoid spurious errors when checking for 3.x engine
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17902)
* print SSL session, fix build warnings on OpenBSD.
time_t is a 64 bits type on this platform.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17917)
(cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d)
* Fix coverity 1498607: uninitialised value
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17897)
(cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63)
* Fix Coverity 1498611 & 1498608: uninitialised read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17893)
(cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267)
* Fix Coverity 1201763 uninitialised pointer read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17890)
(cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9)
* Fix integer overflow in evp_EncryptDecryptUpdate
Fixes #17871.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17872)
* Fix Coverity 1498612: integer overflow
The assert added cannot ever fail because (current & 0xFFFF) != 0 from the
while loop and the trailing zero bit count therefore cannot be as large as 32.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17892)
(cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e)
* s390x: Hide internal cpuid symbol and function
The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
exported by the version script of OpenSSL. However, if someone uses the
static library without the version script, these symbols all of a sudden
become global symbols and their usage in assembler code does not correctly
reflect that for PIC. Since these symbols should never be used outside of
OpenSSL, hide them inside the binary.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17946)
(cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1)
* ticket_lifetime_hint may exceed 1 week in TLSv1.3
For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
Fixes #17948
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17952)
(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
* Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3
libctx was left in cherry-pick from master/3.0 cherry-pick
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17970)
* tls_process_server_hello: Disallow repeated HRR
Repeated HRR must be rejected.
Fixes #17934
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)
* Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit db44b55aaa42141921217183667800425227b658)
* Fix usage of SSLfatal
A cherry-pick from the master branch incorrectly introduced a usage of
3 argument SSLfatal. In 1.1.1 the function code is also required.
Fixes #17999
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18000)
* Fix failure to check result of bn_rshift_fixed_top
Fixes #18010.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18034)
(cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe)
* err: fix crash in ERR_load_strings() when configured with no-err
This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` is configured.
The only operative function remaining is `ERR_get_next_error_library()`.
That is the reason why the `err_string_lock` and hence the
`do_err_strings_init()` function can't be removed entirely.
Fixes #17971
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* err: fix indentation of preprocessor directive
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* err: get rid of err_free_strings_int()
Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is exported from libcrypto. Instead, we keep a dummy
implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* Fix -no-tls1_2 in tests
This is specific for OpenSSL_1_1_1-stable branch
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18080)
* Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION
This causes the DTLS server to enter an error state:
./openssl s_server -dtls
./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt
[...]
Q
./openssl s_client -dtls -sess_in s1.txt
CONNECTED(00000003)
^C
./openssl s_client -dtls
CONNECTED(00000003)
140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40
At this point the dtls server needs to be restarted,
because verify_cookie_callback always fails, because
the previous cookie is checked against the current one.
The reason for this is not fully understood.
In wireshark we see the following each time:
c->s Client Hello (without cookie)
s->c Hello Verify Request (with new cookie)
s->c Alert (Level: Fatal, Description: Handshake Failure)
c->s Client Hello (echoes new cookie)
The client gives up when the Alert arrives.
The Alert is triggered because the server calls
verify_cookie_callback with the previous cookie,
although it just sent the current cookie in the
Hello Verify Request.
However this does only happen because no Alert message
is sent when the client re-connects the session with
the missing -maxfraglen option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18094)
* Fix an assertion in the DTLS server code
This fixes an internal error alert from the server and
an unexpected connection failure in the release version,
but a failed assertion and a server crash in the
debug version.
Reproduce this issue with a DTLS server/client like that:
./openssl s_server -dtls -mtu 1500
./openssl s_client -dtls -maxfraglen 512
In the debug version a crash happens in the Server now:
./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written
Aborted (core dumped)
While in the release version the handshake exceeds the
negotiated max fragment size, and fails because of this:
$ ./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ERROR
4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826:
shutting down SSL
CONNECTION CLOSED
From the client's point of view the connection fails
with an Internal Error Alert:
$ ./openssl s_client -dtls -maxfraglen 512
Connecting to ::1
CONNECTED(00000003)
40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80
and now the connection attempt fails unexpectedly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18093)
(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)
* x509: use actual issuer name if a CA is used
Fixes openssl#16080.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18129)
* Revert "[github-ci][ci.yml] Disable pyca external tests"
This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* [github-ci] Sync pyca workflow with master
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* add wycheproof submodule
This is used with the pyca/cryptography test suite
(cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* c_rehash: Do not use shell to invoke openssl
Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add additional keys to release key fingerprints
Added keys for Paul Dale and Tomáš Mráz.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18156)
* Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Prepare for 1.1.1o release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
* 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
* Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
* Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
* Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
* s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
* Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
* Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
* Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
* Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_Pri…
baentsch
added a commit
that referenced
this pull request
Feb 8, 2023
* VMS: Fix misspelt type
'__int64', not 'int64_t'
Ref: commit 2e5cdbc18a1a26bfc817070a52689886fa0669c2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16557)
* Fix nc_email to check ASN1 strings with NULL byte in the middle
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16524)
(cherry picked from commit 485d0790ac1a29a0d4e7391d804810d485890376)
* MacOS prior to 10.12 does not support random API correctly
Fixes #16517
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16587)
* Clarify what SSL_get_session() does on the server side in TLSv1.3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit 9e51f877930dbd4216438a5da3c9612bf4d0a918)
* Correct the documentation for SSL_set_num_tickets()
The behaviour for what happens in a resumption connection was not quite
described correctly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
(cherry picked from commit 4603b782e6dbed493d2f38db111abc05df66fb99)
* ssl: Correct filename in README
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16671)
* Add sm2 encryption test case from GM/T 0003.5-2012
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16511)
(cherry picked from commit 8ba65c35ea3af347c3b2adc8e665066b541a1c35)
* doc/man3/SSL_set_fd.pod: add note about Windows compiler warning
According to an old stackoverflow thread [1], citing an even older comment by
Andy Polyakov (1875e6db29, Pull up Win64 support from 0.9.8., 2005-07-05),
a cast of 'SOCKET' (UINT_PTR) to 'int' does not create a problem, because although
the documentation [2] claims that the upper limit is INVALID_SOCKET-1 (2^64 - 2),
in practice the socket() implementation on Windows returns an index into the kernel
handle table, the size of which is limited to 2^24 [3].
Add this note to the manual page to avoid unnecessary roundtrips to StackOverflow.
[1] https://stackoverflow.com/questions/1953639/is-it-safe-to-cast-socket-to-int-under-win64
[2] https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2
[3] https://docs.microsoft.com/en-us/windows/win32/sysinfo/kernel-objects
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16699)
(cherry picked from commit f8dd5869bca047a23599ac925aace70efcf487ad)
* Fix a NPD bug in engines/e_dasync.c
The dasync_aes_128_cbc_hmac_sha1 cipher depends on
EVP_aes_128_cbc_hmac_sha1() returning a NON-NULL value.
We should simply not advertise this cipher otherwise.
Fixes: #7950
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16722)
* Fix a memory leak in the afalg engine
Fixes: #16743
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16744)
(cherry picked from commit 6f6a5e0c7c41b6b3639e51f435cd98bb3ae061bc)
* Fix some possible memory leaks in EVP_CipherInit_ex
An EVP_CONTEXT with zero cipher but non-zero engine,
and/or cipher_data is possible if an error happens
in EVP_CTRL_INIT or in EVP_CTRL_COPY, the error handling
will just clear the cipher in that case.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16756)
* Fix double-free in e_dasync.c
When the cipher is copied, the inner_cihper_data
need to be copied as well, using the EVP_CTRL_COPY method.
The EVP_CIPH_CUSTOM_COPY bit needs to be set as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16751)
* Bindhost/bindport should be freed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16775)
(cherry picked from commit 0ce0c455862ed29bd7f2acdbddbe8d0b1783c1c9)
* New extensions can be sent in a certificate request
Normally we expect a client to send new extensions in the ClientHello,
which may be echoed back by the server in subsequent messages. However the
server can also send a new extension in the certificate request message to
be echoed back in a certificate message
Fixes #16632
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit cbb862fbaaa1ec5a3e33836bc92a6dbea97ceba0)
* Extend custom extension testing
Test the scenario where we add a custom extension to a cetificate
request and expect a response in the client's certificate message.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16634)
(cherry picked from commit 0db3a9904fa00569905be130854a31dab7b8f49d)
* Fix test/recipes/01-test_symbol_presence.t to allow for stripped libraries
It's a small change to the 'nm' call, to have it look at dynamic symbols
rather than the normal ones.
Fixes #16810
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16822)
(cherry picked from commit a85b4de6a6cbe03c46219d4b1c3b2828ca3fd51c)
* Fix test/recipes/01-test_symbol_presence.t to disregard version info
The output of 'nm -DPg' contains version info attached to the symbols,
which makes the test fail. Simply dropping the version info makes the
test work again.
Fixes #16810 (followup)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16840)
(cherry picked from commit 73970cb91fdf8e7b4b434d479b875a47a0aa0dbc)
* test/ssl_old_test.c: Fix potential leak
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16806)
(cherry picked from commit 34563be5368fb8e6ade7d06d8376522ba83cd6ac)
* Ensure pkey_set_type handles ENGINE references correctly
pkey_set_type should not consume the ENGINE references that may be
passed to it.
Fixes #16757
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
* Add tests for ENGINE problems
Add some tests which would have caught the issues fixed in the previous
commit related to engine handling.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16860)
* Fix some documentation errors related to return values
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16794)
(cherry picked from commit f1d077f1108b1bc2334350a4d53a46e29e082910)
* Fix BIO_get_md_ctx return value check
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16792)
* Fix the s_server psk_server_cb for use in DTLS
Commit 0007ff257c added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.
Fixes #16707
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)
(cherry picked from commit 8b09a9c76d873f62c2507fa9628a9c96c1d66d5c)
* Fix no-cmac
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16894)
(cherry picked from commit ef2fb64f9dfde1965cb0b8a5f8765c4f467c1604)
* Fix a gcc 11.2.0 warning
gcc 11.2.0 is the default on Ubuntu 21.10. It emits a (spurious) warning
when compiling test/packettest.c, which causes --strict-warnings builds
to fail. A simple fix avoids the warning.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16887)
(cherry picked from commit 37467b2752f75ce80437120f704452982b7c1998)
* speed: range check the argument given to -multi for 1.1.1
Fixes #16899 for 1.1.1 branch.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16922)
* check the return value of BN_new() and BN_dup()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16948)
(cherry picked from commit d99004fe5de934120765d342586f08d22131b8ed)
* Fix a memory leak in tls_parse_stoc_key_share
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16957)
* Fix a memory leak in ssl_create_cipher_list
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16955)
* Fix: invoking x509_name_cannon improperly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16974)
(cherry picked from commit 09235289c377ff998964bb6b074bb2a3ad768fd2)
* Reset the rwstate before calling ASYNC_start_job()
If an async job pauses while processing a TLS connection then the
rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
reset the rwstate back to SSL_NOTHING. In fact we can do this
unconditionally since if we're about to call ASYNC_start_job() then either
we are about to start the async job for the first time (in which case the
rwstate should already by SSL_NOTHING), or we are restarting it after a
pause (in which case reseting it to SSL_NOTHING is the correct action).
Fixes #16809
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17013)
(cherry picked from commit 07f620e3acf0dd76a3a03ada9911c544aa483aa7)
* free the Post-Handshake Auth digest when there is an error saving the digest
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16924)
* evp: fix EVP_PKEY_get0_EC_KEY when EC_KEY is SM2
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2) will change pkey->type to EVP_PKEY_SM2
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17015)
* Avoid loading of a dynamic engine twice
Use the address of the bind function as a DYNAMIC_ID,
since the true name of the engine is not known
before the bind function returns,
but invoking the bind function before the engine
is unloaded results in memory corruption.
Fixes #17023
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17073)
(cherry picked from commit e2571e02d2b0cd83ed1c79d384fe941f27e603c0)
* ERR: Add a missing common reason string
There was no string present for ERR_R_PASSED_INVALID_ARGUMENT
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17069)
* Add a test case for duplicate engine loading
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17083)
* DOC: Add a few previously documented functions
d2i_X509_bio(), d2i_X509_fp(), i2d_X509_bio(), and i2d_X509_fp()
were documented in OpenSSL 1.0.2. In a grand unification of the
documentation of (almost) all d2i and i2d functions, these were
dropped, most likely by mistake.
This simply adds them back.
Fixes #17091
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17093)
* Fix detection of ARMv7 and ARM64 CPU features on FreeBSD
OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25
Switch to using AT_HWCAP, and setting it to 16 if it is not defined.
OpenSSL calls elf_auxv_info() with AT_CANARY which returns ENOENT
resulting in all ARM acceleration features being disabled.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17082)
(cherry picked from commit c1dabe26e3e96cdce0ffc929e9677840ad089ba5)
* Clarify and correct the EVP_CTRL_AEAD_SET_TAG docs
The restriction about setting a tag length prior to setting the IV only
applies to OCB mode. We clarify when in the process EVP_CTRL_AEAD_SET_TAG
can be called.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17111)
(cherry picked from commit 3607b8ad8ee1980a079e985333a196e0c79f8f00)
* doc: fix macro name
OSSL_STORE_INFO_X509 doesn't exist. It should be OSSL_STORE_INFO_CERT.
Fixes #17121
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17125)
(cherry picked from commit 01fde90eec721b64bc0e1c01cd94a9fd431adcc6)
* BIO_push.pod: fix confusing text and add details on corner cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17086)
(cherry picked from commit 7a37fd09a8f3607ed8acf55e03479861595be069)
* Fix speed, use OPENSSL_free instead of free
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17132)
* TEST: Enable and fix test_bn2padded() in test/bntest.c
This looks like old code, written when the padded variety of BN_bn2bin()
was developped, and disabled by default... and forgotten.
A few simple changes to update it to the current API is all that was
needed to enable it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17133)
(cherry picked from commit 23750f677ef61b6bea4e81f23f335ad08fc49b51)
* No EtM for GOST ciphers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17158)
* Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17135)
* BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17135)
* Fix documentation for tlsext_ticket_key
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
(cherry picked from commit b0be101326f369f0dd547556d2f3eb3ef5ed0e33)
* OBJ_nid2obj.pod: Replace remaining 'B<' by 'I<' were appropriate
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17221)
* Fix a deadlock in OBJ_NAME_add
This happened after an out of memory error:
CRYPTO_THREAD_write_lock may hang in OBJ_NAME_add.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17236)
* CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.
We also replace windows-latest with windows-2019 so
there aren't two identical builds done once windows-latest
is switched to mean windows-2022.
Fixes #17177
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17211)
* Fix faulty detail in BN_rand() manual
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
* Fix a carry overflow bug in bn_sqr_comba4/8 for mips 32-bit targets
bn_sqr_comba8 does for instance compute a wrong result for the value:
a=0x4aaac919 62056c84 fba7334e 1a6be678 022181ba fd3aa878 899b2346 ee210f45
The correct result is:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3d 97ed17d4 7950b465 3cb32899
but the actual result was:
r=0x15c72e32 605a3061 d11b1012 3c187483 6df96999 bd0c22ba d3e7d437 4724a82f
912c5e61 6a187efe 8f7c47fc f6945fe5 75be8e3c 97ed17d4 7950b465 3cb32899
so the forth word of the result was 0x75be8e3c but should have been
0x75be8e3d instead.
Likewise bn_sqr_comba4 has an identical bug for the same value as well:
a=0x022181ba fd3aa878 899b2346 ee210f45
correct result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3d 97ed17d4 7950b465 3cb32899
wrong result:
r=0x00048a69 9fe82f8b 62bd2ed1 88781335 75be8e3c 97ed17d4 7950b465 3cb32899
Fortunately the bn_mul_comba4/8 code paths are not affected.
Also the mips64 target does in fact not handle the carry propagation
correctly.
Example:
a=0x4aaac91900000000 62056c8400000000 fba7334e00000000 1a6be67800000000
022181ba00000000 fd3aa87800000000 899b234635dad283 ee210f4500000001
correct result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f9 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
wrong result:
r=0x15c72e32272c4471 392debf018c679c8 b85496496bf8254c d0204f36611e2be1
0cdb3db8f3c081d8 c94ba0e1bacc5061 191b83d47ff929f6 5be0aebfc13ae68d
3eea7a7fdf2f5758 42f7ec656cab3cb5 6a28095be34756f2 64f24687bf37de06
2822309cd1d292f8 6fa698c972372f09 771e97d3a868cda0 dc421e8a00000001
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17258)
(cherry picked from commit 336923c0c8d705cb8af5216b29a205662db0d590)
* Add some CHANGES entries for 1.1.1m
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17269)
* Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17271)
* Update NEWS for 1.1.1m
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17273)
* Prepare for 1.1.1m release
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare for 1.1.1n-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix the null pointer dereference
Fixed #17296
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17302)
* Fix Configure variable spill
* Evaluating code-refs in Configure can sometimes set the default
variable `$_`
* Prevent spillage influencing the target property by using named
variable in loop
CLA: trivial
Fixes gh-17321
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17322)
(cherry picked from commit a595e3286ae9f033c56452967b3add2145f9085f)
* document additional stack push error code
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17351)
* Ensure s_client sends SNI data when used with -proxy
The use of -proxy prevented s_client from correctly sending the target
hostname as SNI data.
Fixes #17232
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17249)
* Add support for BSD-riscv64 target
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(cherry picked from commit c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15)
(cherry picked from commit fb72a093f88f7332069659994b67f6b19aceb865)
(Merged from https://github.com/openssl/openssl/pull/17341)
* OBJ_obj2txt(): fix off-by-one documentation of the result
This backports the doc improvements of #17188.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(cherry picked from commit e36d10925396b6519e1abd338e1ef62cd5b1c9e6)
* Update troublesome copyright years of auto-generated files to 2022
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17401)
* apps/passwd.c: free before error exiting
use goto instead of returning directly while error handling
Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)
(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)
* close_console: Always unlock as the lock is always held
Fixes #17364
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17395)
* Fix password_callback to handle short passwords
Fixes #17426
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17439)
* Remove unsafe call to OPENSSL_cpuid_setup
This function is inherently thread-unsafe,
and moreover it is unnecessary here, because
OPENSSL_init_crypto always calls it in a thread-safe way.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17468)
* Fix a leak in EVP_DigestInit_ex()
If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.
Fixes #17149
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
* Add a test for a custom digest created via EVP_MD_meth_new()
We check that the init and cleanup functions for the custom method are
called as expected.
Based on an original reproducer by Dmitry Belyavsky from issue #17149.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17472)
* lhash: Avoid 32 bit right shift of a 32 bit value
Fixes #17583
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17589)
(cherry picked from commit 2ce0a3d19005271e7e3c351b562d9da93e2d4c80)
* Ensure X509_STORE_CTX_purpose_inherit handles a 0 default purpose
The function X509_STORE_CTX_purpose_inherit() can be called with a 0
default purpose. If the main purpose was set to X509_PURPOSE_ANY this
would case the function to incorrectly return an error response.
Fixes #17367
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Add a test for X509_STORE_CTX_set_purpose()
This function was previously incorrectly failing if it is called with
X509_PURPOSE_ANY. Add a test to catch this.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17604)
* Fix builds with DJGPP
CLA: trivial
To get the master branch compiled with DJGPP some minor
adjustments are required. They will have no impact on any other ports.
The DJGPP port uses the Watt-32 library to provide the required network
functionality and some of its headers need to be included.
Neither DJGPP nor the Watt-32 library provide in_addr_t thus it must be
provided as it is done for OPENSSL_SYS_WINDOWS in crypto/bio/b_addr.c.
In the DJGPP section of include/internal/sockets.h the following Watt-32
headers must be added:
- arpa/inet.h: to provide declaration of inet_ntoa required in crypto/bio/b_addr.c
- netinet/tcp.h: to provide defintion of TCP_NODELAY required in crypto/bio/b_sock2.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17623)
(cherry picked from commit b9b211fcb6b9068ef1d8729a4971fbe693fd2cde)
* Don't link test/ec_internal_test with libapps.a
It's not at all necessary, and on some platforms, it's disruptive
(leads to unresolved symbols because of object files that get included
in the link that depend on libssl).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17637)
* Correct return type for BIO_ptr_ctrl
Fixes #17549
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)
(cherry picked from commit 984cc9a0284ee4800862aa305f9f178827baf459)
* scrypt: increase memory usage beyond limit
This brings these tests in line with 3.0 and master and makes them
fail correctly.
Fixes #17612
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17619)
* Prevent crash with engine using different openssl runtime
This problem happens usually because an application
links libcrypto and/or libssl statically which
installs an atexit handler, but later an engine using
a shared instance of libcrypto is installed.
The problem is in simple words that both instances
of libcrypto have an atexit handler installed,
but both are unable to coordinate with each other,
which causes a crash, typically a use-after-free
in the engine's destroy function.
Work around that by preventing the engine's
libcrypto to install the atexit handler.
This may result in a small memory leak, but that
memory is still reachable.
Fixes #15898
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
* Check for presence of 3.x openssl runtime
if the newly loaded engine contains the symbol
EVP_PKEY_get_base_id, we know it is linked to 3.x openssl.
Abort loading this engine, as it will definitely crash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17541)
* crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
(cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef)
* Improve documentation of BIO_FLAGS_BASE64_NO_NL flag.
Fixes #12491.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17744)
(cherry picked from commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5)
* Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648. Backport from master to 1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17787)
* VMS: move copy_argc to its own module and make it an aux source
copy_argv was never initialization code.
Make it self-cleaning too.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17746)
* [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.
(manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* [ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3
Fixes #17743
(manually cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* [ssl] Add tests for Perfect Forward Secrecy criteria on SECLEVEL >= 3
(manually cherry picked from commit d71151ae704847f4ac3f4a5f394ea64f1d229815)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17791)
* Document bug in openssl cms -binary
Documents a bug in openssl cms -binary for 1.1 whereby it cannot process
input using LF line endings correctly. Binary input processing was
reworked substantially for 3.0 and backporting these changes doesn't
appear reasonable.
Fixes #17797.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17810)
* Avoid potential memory leak
Resolves #17827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
(cherry picked from commit 175355923046921a689b500f7a72455f7095708f)
* Set protocol in init_client()
If TCP is being used, protocol = 0 is passed to init_client(), then
protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17838)
(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878)
* Fix issue where OBJ_nid2obj doesn't always raise an error
This was previously fixed in 3.0 but not 1.1.
Fixes #13008.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17808)
* DOC: TLS compression is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17854)
(cherry picked from commit 2cb52118ddd1d82d7b6028372238eaa2467bbd48)
* Fix OPENSSL_ENGINES in Configurations/descrip.mms.tmpl
Make its value an absolute path.
This was already fixed in all other build file templates, but for some
reason, not here.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17865)
* Make ossltest engine use in test/recipes/20-test_dgst.t platform agnostic
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17861)
(cherry picked from commit abdb2278d2b65ae87bee3121be83322e4219b396)
* Fix possible infinite loop in BN_mod_sqrt()
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add documentation of BN_mod_sqrt()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add a negative testcase for BN_mod_sqrt
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Update CHANGES/NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Prepare for 1.1.1n release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Prepare for 1.1.1o-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Check password length only when verify is enabled.
Fixes #16231.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17899)
* eng_dyn: Avoid spurious errors when checking for 3.x engine
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17902)
* print SSL session, fix build warnings on OpenBSD.
time_t is a 64 bits type on this platform.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17917)
(cherry picked from commit 9362638b080e328ccab43f89048bed27bcf2f11d)
* Fix coverity 1498607: uninitialised value
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17897)
(cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63)
* Fix Coverity 1498611 & 1498608: uninitialised read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17893)
(cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267)
* Fix Coverity 1201763 uninitialised pointer read
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17890)
(cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9)
* Fix integer overflow in evp_EncryptDecryptUpdate
Fixes #17871.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17872)
* Fix Coverity 1498612: integer overflow
The assert added cannot ever fail because (current & 0xFFFF) != 0 from the
while loop and the trailing zero bit count therefore cannot be as large as 32.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17892)
(cherry picked from commit 81487b65b9eb8148471e729b8c1959521d62c69e)
* s390x: Hide internal cpuid symbol and function
The symbol OPENSSL_s390xcap_P and the OPENSSL_cpuid_setup function are not
exported by the version script of OpenSSL. However, if someone uses the
static library without the version script, these symbols all of a sudden
become global symbols and their usage in assembler code does not correctly
reflect that for PIC. Since these symbols should never be used outside of
OpenSSL, hide them inside the binary.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17946)
(cherry picked from commit 37816ef5757e458be9648481e56bf698ee3bfbb1)
* ticket_lifetime_hint may exceed 1 week in TLSv1.3
For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
Fixes #17948
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17952)
(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
* Fix: ticket_lifetime_hint may exceed 1 week in TLSv1.3
libctx was left in cherry-pick from master/3.0 cherry-pick
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17970)
* tls_process_server_hello: Disallow repeated HRR
Repeated HRR must be rejected.
Fixes #17934
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)
* Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit db44b55aaa42141921217183667800425227b658)
* Fix usage of SSLfatal
A cherry-pick from the master branch incorrectly introduced a usage of
3 argument SSLfatal. In 1.1.1 the function code is also required.
Fixes #17999
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18000)
* Fix failure to check result of bn_rshift_fixed_top
Fixes #18010.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18034)
(cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe)
* err: fix crash in ERR_load_strings() when configured with no-err
This commit removes the entire initialization and cleanup of the
error string hash table (`int_error_hash`) if `no-err` is configured.
The only operative function remaining is `ERR_get_next_error_library()`.
That is the reason why the `err_string_lock` and hence the
`do_err_strings_init()` function can't be removed entirely.
Fixes #17971
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* err: fix indentation of preprocessor directive
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* err: get rid of err_free_strings_int()
Even though the function is not part of the public api, it is not
entirely removed, in order to minimize the chance of breakage,
because it is exported from libcrypto. Instead, we keep a dummy
implementation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17975)
* Fix -no-tls1_2 in tests
This is specific for OpenSSL_1_1_1-stable branch
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18080)
* Fix a DTLS server hangup due to TLS13_AD_MISSING_EXTENSION
This causes the DTLS server to enter an error state:
./openssl s_server -dtls
./openssl s_client -dtls -maxfraglen 512 -sess_out s1.txt
[...]
Q
./openssl s_client -dtls -sess_in s1.txt
CONNECTED(00000003)
^C
./openssl s_client -dtls
CONNECTED(00000003)
140335537067840:error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_d1.c:614:SSL alert number 40
At this point the dtls server needs to be restarted,
because verify_cookie_callback always fails, because
the previous cookie is checked against the current one.
The reason for this is not fully understood.
In wireshark we see the following each time:
c->s Client Hello (without cookie)
s->c Hello Verify Request (with new cookie)
s->c Alert (Level: Fatal, Description: Handshake Failure)
c->s Client Hello (echoes new cookie)
The client gives up when the Alert arrives.
The Alert is triggered because the server calls
verify_cookie_callback with the previous cookie,
although it just sent the current cookie in the
Hello Verify Request.
However this does only happen because no Alert message
is sent when the client re-connects the session with
the missing -maxfraglen option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18094)
* Fix an assertion in the DTLS server code
This fixes an internal error alert from the server and
an unexpected connection failure in the release version,
but a failed assertion and a server crash in the
debug version.
Reproduce this issue with a DTLS server/client like that:
./openssl s_server -dtls -mtu 1500
./openssl s_client -dtls -maxfraglen 512
In the debug version a crash happens in the Server now:
./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ssl/statem/statem_dtls.c:269: OpenSSL internal error: Assertion failed: len == written
Aborted (core dumped)
While in the release version the handshake exceeds the
negotiated max fragment size, and fails because of this:
$ ./openssl s_server -dtls -mtu 1500
Using default temp DH parameters
ACCEPT
ERROR
4057152ADA7F0000:error:0A0000C2:SSL routines:do_dtls1_write:exceeds max fragment size:ssl/record/rec_layer_d1.c:826:
shutting down SSL
CONNECTION CLOSED
From the client's point of view the connection fails
with an Internal Error Alert:
$ ./openssl s_client -dtls -maxfraglen 512
Connecting to ::1
CONNECTED(00000003)
40B76343377F0000:error:0A000438:SSL routines:dtls1_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_d1.c:613:SSL alert number 80
and now the connection attempt fails unexpectedly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18093)
(cherry picked from commit e915c3f5381cd38ebdc1824c3ba9896ea7160103)
* x509: use actual issuer name if a CA is used
Fixes openssl#16080.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18129)
* Revert "[github-ci][ci.yml] Disable pyca external tests"
This reverts commit 850ed18505631286abbd23d355d4b48f28ad89a9.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* [github-ci] Sync pyca workflow with master
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* add wycheproof submodule
This is used with the pyca/cryptography test suite
(cherry picked from commit a09fb26ba90e46c4f731b5a597051b4d4b9aea3e)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16340)
* c_rehash: Do not use shell to invoke openssl
Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
* Add additional keys to release key fingerprints
Added keys for Paul Dale and Tomáš Mráz.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18156)
* Update CHANGES and NEWS for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Prepare for 1.1.1o release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* Prepare for 1.1.1p-dev
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
* (1.1) Add SSL_(CTX_)?get0_(verify|chain)_cert_store functions
Backport of #18038 to 1.1.
Fixes #18035.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18190)
* 1_1_1-stable: Detect arm64-*-*bsd and enable assembly optimizations
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17085)
* Do not send an empty supported groups extension
This allows handshake to proceed if the maximum TLS version enabled is <1.3
Fixes #13583
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
* Add test for empty supported-groups extension
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18213)
* Fix leakage when the cacheline is 32-bytes in CBC_MAC_ROTATE_IN_PLACE
rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret.
Consider a weaker leakage model(CL) where only cacheline base address is leaked,
i.e address/32 for 32-byte cacheline(CL32).
Previous code used to perform two loads
1. rotated_mac[rotate_offset ^ 32] and
2. rotated_mac[rotate_offset++]
which would leak 2q + 1, 2q for 0 <= rotate_offset < 32
and 2q, 2q + 1 for 32 <= rotate_offset < 64
The proposed fix performs load operations which will always leak 2q, 2q + 1 and
selects the appropriate value in constant-time.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18050)
* s_serve: Report an error if init-connection fails without an attempt to read.
Fixes: openssl#18047.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18283)
* Backport some fuzzing data files from master
This is a backport of the following commit from master:
commit 415e6ac80405e13b20b083315747e431274fbd33
Author: Tavis Ormandy <taviso@gmail.com>
Date: Tue Sep 21 15:48:27 2021 -0700
increase x509 code coverage metrics
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16651)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
* Backport a missing bug-fix from master
This is a backport of the following commit from master:
commit 61b0fead5e6079ca826594df5b9ca00e65883cb0
Author: Matt Caswell <matt@openssl.org>
Date: Thu Nov 19 13:58:21 2020 +0000
Don't Overflow when printing Thawte Strong Extranet Version
When printing human readable info on the Thawte Strong Extranet extension
the version number could overflow if the version number == LONG_MAX. This
is undefined behaviour.
Issue found by OSSFuzz.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13452)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18347)
* Fix a crash in asn1_item_embed_new
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#21 0x40893b in testfile fuzz/test-corpus.c:182
#22 0x406b86 in main fuzz/test-corpus.c:226
#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
#14 0x40893b in testfile fuzz/test-corpus.c:182
#15 0x406b86 in main fuzz/test-corpus.c:226
#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18360)
(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483)
* Fix a memory leak in ec_key_simple_oct2priv
This is reproducible with my error injection patch:
$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc
140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282:
140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662:
140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464:
140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR
140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO
140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
=================================================================
==19676==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257
#4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655
#5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030
#6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463
#7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46
#8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84
#9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151
#10 0x402dba in FuzzerTestOneInput fuzz/server.c:592
#11 0x40370b in testfile fuzz/test-corpus.c:182
#12 0x402846 in main fuzz/test-corpus.c:226
#13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18361)
* Fix undefined behaviour in EC_GROUP_new_from_ecparameters
This happens for instance with
fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
and causes the OPENSSL_malloc below to choke on the
zero length allocation request.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18363)
* Fix a memory leak in X509_issuer_and_serial_hash
This is reproducible with my error injection patch:
$ ERROR_INJECT=1653267699 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/5f4034ae85d6587dcad4da3e812e80f3d312894d
ERROR_INJECT=1653267699
#0 0x7fd485a6ad4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55c12d268724 in my_malloc fuzz/test-corpus.c:114
#2 0x7fd484f51a75 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fd484ed778d in EVP_DigestInit_ex crypto/evp/digest.c:139
#4 0x7fd4850a9849 in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:44
#5 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#6 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#7 0x55c12d267c7f in main fuzz/test-corpus.c:226
#8 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
#9 0x55c12d267e5d in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/fuzz/x509-test+0x3e5d)
=================================================================
==1058475==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 268 byte(s) in 1 object(s) allocated from:
#0 0x7fd485a5dc3e in __interceptor_realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:163
#1 0x7fd484d2eb9b in BUF_MEM_grow crypto/buffer/buffer.c:97
#2 0x7fd4850b2913 in X509_NAME_oneline crypto/x509/x509_obj.c:43
#3 0x7fd4850a982f in X509_issuer_and_serial_hash crypto/x509/x509_cmp.c:41
#4 0x55c12d268951 in FuzzerTestOneInput fuzz/x509.c:44
#5 0x55c12d268239 in testfile fuzz/test-corpus.c:182
#6 0x55c12d267c7f in main fuzz/test-corpus.c:226
#7 0x7fd483a42082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 268 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18370)
* Fix a crash in ssl_security_cert_chain
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#14 0x40371b in testfile fuzz/test-corpus.c:182
#15 0x402856 in main fuzz/test-corpus.c:226
#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
#13 0x40371b in testfile fuzz/test-corpus.c:182
#14 0x402856 in main fuzz/test-corpus.c:226
#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18376)
(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044)
* Fix a memory leak in crl_set_issuers
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
#24 0x402bbb in testfile fuzz/test-corpus.c:182
#25 0x402626 in main fuzz/test-corpus.c:226
#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fd5…
ajbozarth
pushed a commit
to ajbozarth/openssl
that referenced
this pull request
May 17, 2023
When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:
```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
#0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c)
open-quantum-safe#1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
open-quantum-safe#2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
open-quantum-safe#3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
open-quantum-safe#4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
open-quantum-safe#5 0x113d797 in read_state_machine ssl/statem/statem.c:712
open-quantum-safe#6 0x113d797 in state_machine ssl/statem/statem.c:478
open-quantum-safe#7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
open-quantum-safe#8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
open-quantum-safe#9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
open-quantum-safe#10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
open-quantum-safe#11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
open-quantum-safe#12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
open-quantum-safe#13 0x102b81d in test_quic_write_read test/quicapitest.c:54
open-quantum-safe#14 0x12035a9 in run_tests test/testutil/driver.c:370
open-quantum-safe#15 0x1013203 in main test/testutil/main.c:30
open-quantum-safe#16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
open-quantum-safe#17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
open-quantum-safe#18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
#0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
This frame has 1 object(s):
[32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```
Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#20904)
fwh-dc
pushed a commit
to fwh-dc/oqs-openssl
that referenced
this pull request
Aug 22, 2023
…STRINGS)
A recursive OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) call
may happen if an out-of-memory error happens at the first callstack,
and the dead-lock happens at the second callstack, because ossl_err_get_state_int
calls OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS) although that
call is currently already executing.
At least on posix system this causes the process to freeze at this
point, and must be avoided whatever it takes.
The fix is using err_shelve_state around the critical region, which
makes ossl_err_get_state_int return early and not call the recursive
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS).
This can be reproduced with my error injection patch.
The test vector has been validated on the master branch:
$ ERROR_INJECT=1692279870 ../util/shlib_wrap.sh ./asn1parse-test ./corpora/asn1parse/027f6e82ba01d9db9a9167b83e56cc9f2c602550
ERROR_INJECT=1692279870
#0 0x7f280b42fef8 in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cpp:86
#1 0x5610a3f396b4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f280a2eb94c in CRYPTO_malloc crypto/mem.c:177
#3 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
open-quantum-safe#4 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
open-quantum-safe#5 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
open-quantum-safe#6 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
open-quantum-safe#7 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
open-quantum-safe#8 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
open-quantum-safe#9 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
open-quantum-safe#10 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
open-quantum-safe#11 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
open-quantum-safe#12 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
open-quantum-safe#13 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
open-quantum-safe#14 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
open-quantum-safe#15 0x5610a3f38783 in main fuzz/test-corpus.c:194
open-quantum-safe#16 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
open-quantum-safe#17 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
open-quantum-safe#18 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==27629==ERROR: AddressSanitizer: ABRT on unknown address 0x03e900006e23 (pc 0x7f2808cfbef8 bp 0x7f280b36afe0 sp 0x7ffd545b2460 T0)
#0 0x7f2808cfbef8 (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
#1 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
#2 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
#3 0x7f280a1c935e in ossl_err_get_state_int crypto/err/err.c:705
open-quantum-safe#4 0x7f280a1cf1f9 in ERR_new crypto/err/err_blocks.c:20
open-quantum-safe#5 0x7f280a2eb9ac in CRYPTO_malloc crypto/mem.c:205
open-quantum-safe#6 0x7f280a2dafdb in OPENSSL_LH_insert crypto/lhash/lhash.c:114
open-quantum-safe#7 0x7f280a1c87fe in err_load_strings crypto/err/err.c:264
open-quantum-safe#8 0x7f280a1c87fe in err_load_strings crypto/err/err.c:259
open-quantum-safe#9 0x7f280a1c87fe in ERR_load_strings_const crypto/err/err.c:301
open-quantum-safe#10 0x7f280a6f513b in ossl_err_load_PROV_strings providers/common/provider_err.c:233
open-quantum-safe#11 0x7f280a1cf015 in ossl_err_load_crypto_strings crypto/err/err_all.c:109
open-quantum-safe#12 0x7f280a2e9b8c in ossl_init_load_crypto_strings crypto/init.c:190
open-quantum-safe#13 0x7f280a2e9b8c in ossl_init_load_crypto_strings_ossl_ crypto/init.c:181
open-quantum-safe#14 0x7f2808cfbf67 (/lib/x86_64-linux-gnu/libc.so.6+0x99f67)
open-quantum-safe#15 0x7f280a32301e in CRYPTO_THREAD_run_once crypto/threads_pthread.c:154
open-quantum-safe#16 0x7f280a2ea1da in OPENSSL_init_crypto crypto/init.c:553
open-quantum-safe#17 0x5610a3f38e2f in FuzzerInitialize fuzz/asn1parse.c:29
open-quantum-safe#18 0x5610a3f38783 in main fuzz/test-corpus.c:194
open-quantum-safe#19 0x7f2808c8bd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
open-quantum-safe#20 0x7f2808c8be3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
open-quantum-safe#21 0x5610a3f38d34 in _start (/home/runner/work/openssl/openssl/fuzz/asn1parse-test+0x3d34)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: ABRT (/lib/x86_64-linux-gnu/libc.so.6+0x99ef8)
==27629==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from openssl#21683)
fwh-dc
pushed a commit
to fwh-dc/oqs-openssl
that referenced
this pull request
Jan 15, 2024
Sometimes the error handling returns an ASN1_STRING
object in *out although that was not passed in by the
caller, and sometimes the error handling deletes the
ASN1_STRING but forgets to clear the *out parameter.
Therefore the caller has no chance to know, if the leaked
object in *out shall be deleted or not.
This may cause a use-after-free error e.g. in asn1_str2type:
==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0
READ of size 8 at 0x603000073280 thread T0
#0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354
#1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204
#2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199
#3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20
open-quantum-safe#4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740
open-quantum-safe#5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137
open-quantum-safe#6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
open-quantum-safe#7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
open-quantum-safe#8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
open-quantum-safe#9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
open-quantum-safe#10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
open-quantum-safe#11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
open-quantum-safe#12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
open-quantum-safe#13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
open-quantum-safe#14 0x564ed19d5f25 in req_main apps/req.c:806
open-quantum-safe#15 0x564ed19b8de0 in do_cmd apps/openssl.c:564
open-quantum-safe#16 0x564ed1985165 in main apps/openssl.c:183
open-quantum-safe#17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
open-quantum-safe#18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd)
0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288)
freed by thread T0 here:
#0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311
#2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300
#3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191
open-quantum-safe#4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
open-quantum-safe#5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
open-quantum-safe#6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
open-quantum-safe#7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
open-quantum-safe#8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
open-quantum-safe#9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
open-quantum-safe#10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
open-quantum-safe#11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
open-quantum-safe#12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
open-quantum-safe#13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
open-quantum-safe#14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
open-quantum-safe#15 0x564ed19d5f25 in req_main apps/req.c:806
open-quantum-safe#16 0x564ed19b8de0 in do_cmd apps/openssl.c:564
open-quantum-safe#17 0x564ed1985165 in main apps/openssl.c:183
open-quantum-safe#18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221
#2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198
#3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236
open-quantum-safe#4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
open-quantum-safe#5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150
open-quantum-safe#6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38
open-quantum-safe#7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681
open-quantum-safe#8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137
open-quantum-safe#9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92
open-quantum-safe#10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577
open-quantum-safe#11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492
open-quantum-safe#12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327
open-quantum-safe#13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100
open-quantum-safe#14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45
open-quantum-safe#15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312
open-quantum-safe#16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360
open-quantum-safe#17 0x564ed19d5f25 in req_main apps/req.c:806
open-quantum-safe#18 0x564ed19b8de0 in do_cmd apps/openssl.c:564
open-quantum-safe#19 0x564ed1985165 in main apps/openssl.c:183
open-quantum-safe#20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#23138)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Feb 22, 2024
This happens usually if an template object is created
and there is an out of memory error before the ASN1_OP_NEW_POST
method is called, but asn1_item_embed_free calls now the
ASN1_OP_FREE_POST which may crash because the object is not
properly initialized. Apparently that is only an issue with
the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which
ought to be tolerant to incomplete initialized objects.
The error can be reproduced with the reproducible error injection patch:
$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4
#0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x408dc4 in my_malloc fuzz/test-corpus.c:114
#2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341
open-quantum-safe#4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318
open-quantum-safe#5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78
open-quantum-safe#6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240
open-quantum-safe#7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
open-quantum-safe#8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240
open-quantum-safe#9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137
open-quantum-safe#10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
open-quantum-safe#11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
open-quantum-safe#12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
open-quantum-safe#21 0x40893b in testfile fuzz/test-corpus.c:182
open-quantum-safe#22 0x406b86 in main fuzz/test-corpus.c:226
open-quantum-safe#23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0)
==1194==The signal is caused by a READ memory access.
==1194==Hint: address points to the zero page.
#0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258
#1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113
#2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150
#3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39
open-quantum-safe#4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325
open-quantum-safe#5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301
open-quantum-safe#14 0x40893b in testfile fuzz/test-corpus.c:182
open-quantum-safe#15 0x406b86 in main fuzz/test-corpus.c:226
open-quantum-safe#16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb
==1194==ABORTING
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18360)
(cherry picked from commit 557825a)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Feb 22, 2024
Prior to the crash there is an out of memory error
in X509_verify_cert which makes the chain NULL or
empty. The error is ignored by ssl_add_cert_chain,
and ssl_security_cert_chain crashes due to the
unchecked null pointer.
This is reproducible with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8
#0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x403ba4 in my_malloc fuzz/test-corpus.c:114
#2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180
open-quantum-safe#4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242
open-quantum-safe#5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99
open-quantum-safe#6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286
open-quantum-safe#7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959
open-quantum-safe#8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
open-quantum-safe#9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
open-quantum-safe#10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
open-quantum-safe#11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
open-quantum-safe#12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
open-quantum-safe#13 0x403202 in FuzzerTestOneInput fuzz/server.c:740
open-quantum-safe#14 0x40371b in testfile fuzz/test-corpus.c:182
open-quantum-safe#15 0x402856 in main fuzz/test-corpus.c:226
open-quantum-safe#16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0)
==8400==The signal is caused by a READ memory access.
==8400==Hint: address points to the zero page.
#0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386
#1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84
#2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921
#3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518
open-quantum-safe#4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542
open-quantum-safe#5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562
open-quantum-safe#6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963
open-quantum-safe#7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015
open-quantum-safe#8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812
open-quantum-safe#9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843
open-quantum-safe#10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443
open-quantum-safe#11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718
open-quantum-safe#12 0x403202 in FuzzerTestOneInput fuzz/server.c:740
open-quantum-safe#13 0x40371b in testfile fuzz/test-corpus.c:182
open-quantum-safe#14 0x402856 in main fuzz/test-corpus.c:226
open-quantum-safe#15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions
==8400==ABORTING
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from openssl#18376)
(cherry picked from commit dc0ef29)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Feb 22, 2024
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1
log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out
ERROR_INJECT=1653520461
#0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402fc4 in my_realloc fuzz/test-corpus.c:129
#2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198
#3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242
open-quantum-safe#4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168
open-quantum-safe#5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111
open-quantum-safe#6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246
open-quantum-safe#7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
open-quantum-safe#11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
open-quantum-safe#15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
open-quantum-safe#23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
open-quantum-safe#24 0x402bbb in testfile fuzz/test-corpus.c:182
open-quantum-safe#25 0x402626 in main fuzz/test-corpus.c:226
open-quantum-safe#26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706)
=================================================================
==29625==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209
#3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928
open-quantum-safe#4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577
open-quantum-safe#5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178
open-quantum-safe#7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142
open-quantum-safe#10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97
open-quantum-safe#11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246
open-quantum-safe#12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259
open-quantum-safe#16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611
open-quantum-safe#17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633
open-quantum-safe#20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494
open-quantum-safe#24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69
open-quantum-safe#28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43
open-quantum-safe#29 0x402bbb in testfile fuzz/test-corpus.c:182
open-quantum-safe#30 0x402626 in main fuzz/test-corpus.c:226
open-quantum-safe#31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#18391)
(cherry picked from commit e9007e0)
baentsch
pushed a commit
to baentsch/openssl
that referenced
this pull request
Feb 22, 2024
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
open-quantum-safe#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
open-quantum-safe#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
open-quantum-safe#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
open-quantum-safe#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
open-quantum-safe#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
open-quantum-safe#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#26 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#27 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
open-quantum-safe#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
open-quantum-safe#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
open-quantum-safe#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#22 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#23 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
open-quantum-safe#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
open-quantum-safe#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
open-quantum-safe#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
open-quantum-safe#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
open-quantum-safe#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
open-quantum-safe#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
open-quantum-safe#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
open-quantum-safe#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
open-quantum-safe#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
open-quantum-safe#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
open-quantum-safe#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
open-quantum-safe#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
open-quantum-safe#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
open-quantum-safe#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
open-quantum-safe#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
open-quantum-safe#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
open-quantum-safe#23 0x402afb in testfile fuzz/test-corpus.c:182
open-quantum-safe#24 0x402656 in main fuzz/test-corpus.c:226
open-quantum-safe#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from openssl#18633)
(cherry picked from commit be50862)
ajbozarth
pushed a commit
to ajbozarth/openssl
that referenced
this pull request
May 18, 2024
The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) open-quantum-safe#2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) open-quantum-safe#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) open-quantum-safe#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) open-quantum-safe#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) open-quantum-safe#4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) open-quantum-safe#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) open-quantum-safe#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) open-quantum-safe#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#24295)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.