- Apr 09, 2025
-
-
Dimitar Stoychev authored
-
- Sep 23, 2024
-
-
Ondřej Kuzník authored
Verify signatures as well while we're at it.
-
- Sep 17, 2024
-
-
-
Dimitar Stoychev authored
OpenSSL 3.0.15 release tag
-
Dimitar Stoychev authored
-
Dimitar Stoychev authored
-
- Sep 03, 2024
-
-
Tomas Mraz authored
Reviewed-by:Neil Horman <nhorman@openssl.org> Release: yes
-
Tomas Mraz authored
Reviewed-by: -
Tomas Mraz authored
Reviewed-by: -
Tomas Mraz authored
Reviewed-by:
-
Viktor Dukhovni authored
Reviewed-by:
Tomas Mraz <tomas@openssl.org> (cherry picked from commit cf384d35)
-
Viktor Dukhovni authored
The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Fixes CVE-2024-6119 Reviewed-by:
Richard Levitte <levitte@openssl.org> Reviewed-by:
-
- Aug 30, 2024
-
-
Pauli authored
The fips_provider_version_* functions return true if the FIPS provider isn't loaded. This is somewhat counterintuitive and the fix in #25327 neglected this nuance resulting in not running the SM2 tests when the FIPS provider wasn't being loaded. Reviewed-by:
Viktor Dukhovni <viktor@openssl.org> Reviewed-by:
Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by:
-
- Aug 29, 2024
-
-
Tomas Mraz authored
Fixes #25326 Reviewed-by:
-
Viktor Dukhovni authored
As reported by Alicja Kario, we ignored excess bytes after the signature payload in TLS CertificateVerify Messages. These should not be present. Fixes: #25298 Reviewed-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
-
Jamie Cui authored
Added sm2 testcases to endecode_test.c. Reviewed-by:
-
- Aug 27, 2024
-
-
Alexandr Nedvedicky authored
(https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71220 ) OpenSSL 3.2 and later are not affected, because they use a `safemath` to do integer arithmetics. This change is specific to 3.1 and 3.0. It changes just fixes ssl_session_calculate_timeout(). It avoids overflow by testing operands before executint the operation. It is implemented as follows: add(a, b) { overflow = MAX_INT - a; if (b > overflow) result = b - overflow else result = a + b } Reviewed-by:
Paul Dale <ppzgs1@gmail.com> Reviewed-by:
-
- Aug 23, 2024
-
-
slontis authored
Fixes cross testing with OpenSSL 3.4 with removed SHA1 from the self tests. Reviewed-by:
-
- Aug 21, 2024
-
-
FdaSilvaYY authored
noticed by @sftcd Reviewed-by:
-
FdaSilvaYY authored
Reviewed-by:
-
Jiasheng Jiang authored
Add OSSL_PROVIDER_unload() when OSSL_PROVIDER_add_builtin() fails to avoid memory leak. Fixes: 5442611d ("Add a test for OSSL_LIB_CTX_new_child()") Signed-off-by:
Jiasheng Jiang <jiashengjiangcool@outlook.com> Reviewed-by:
Shane Lontis <shane.lontis@oracle.com> Reviewed-by:
-
Jiasheng Jiang authored
Add OSSL_PROVIDER_unload() when test_provider() fails to avoid memory leak. Fixes: f995e5bd ("TEST: Add provider_fallback_test, to test aspects of fallback providers") Signed-off-by:
-
- Aug 19, 2024
-
-
Tomas Mraz authored
e_os.h was moved to the internal subdirectory only in 3.1 Reviewed-by:
Tim Hudson <tjh@openssl.org> Reviewed-by:
-
Tomas Mraz authored
Reviewed-by:
-
Pauli authored
Reviewed-by:
Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/25221) (cherry picked from commit 34877dbc)
-
shridhar kalavagunta authored
If fdopen() call fails we need to close the fd. Also return early as this is most likely some fatal error. Fixes #25064 Reviewed-by:
-
- Aug 16, 2024
-
-
Bernd Edlinger authored
The passed in reference of a ref-counted object is free'd by d2i functions in the error handling. However if it is not the last reference, the in/out reference variable is not set to null here. This makes it impossible for the caller to handle the error correctly, because there are numerous cases where the passed in reference is free'd and set to null, while in other cases, where the passed in reference is not free'd, the reference is left untouched. Therefore the passed in reference must be set to NULL even when it was not the last reference. Fixes #23713 Reviewed-by:
Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by:
-
Bernd Edlinger authored
This is related to #22780, simply add test cases for the different failure modes of PEM_ASN1_read_bio. Depending on whether the PEM or the DER format is valid or not, the passed in CRL may be deleted ot not, therefore a statement like this: reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); must be avoided, because it can create memory leaks. Reviewed-by:
-
- Aug 15, 2024
-
-
Andreas Treichel authored
CLA: trivial Reviewed-by:
Todd Short <todd.short@me.com> Reviewed-by:
-
- Aug 14, 2024
-
-
Shih-Yi Chen authored
CLA: trivial Reviewed-by:
-
slontis authored
PR #25147 removes the POST being allowed to be skipped. This causes issue when testing 3.0 with the 3.4 provider. Reviewed-by:
-
- Aug 10, 2024
-
-
Pauli authored
Tests that are changed by #25020 mandate updates to older test suite data to pass because the FIPS provider's behaviour changes in 3.4. Reviewed-by:
-
- Aug 09, 2024
-
-
Neil Horman authored
Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by:
-
- Aug 07, 2024
-
-
JulieDzeze1 authored
CLA: trivial Reviewed-by:
Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by:
-
Bernd Edlinger authored
Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #14 0x564ed19d5f25 in req_main apps/req.c:806 #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #16 0x564ed1985165 in main apps/openssl.c:183 #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #15 0x564ed19d5f25 in req_main apps/req.c:806 #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #17 0x564ed1985165 in main apps/openssl.c:183 #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #17 0x564ed19d5f25 in req_main apps/req.c:806 #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #19 0x564ed1985165 in main apps/openssl.c:183 #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: -
Tomas Mraz authored
Fixes Coverity 1604657 Fixes openssl/project#780 Reviewed-by:
-
Dimitri Papadopoulos authored
Reviewed-by:
Kurt Roeckx <kurt@roeckx.be> Reviewed-by:
-
Andrew Dinh authored
Reviewed-by:
-
Andrew Dinh authored
Reviewed-by:
-
Andrew Dinh authored
Reviewed-by:
-
