Git log: commit e52cf0f2da2e7f609e299b1c1b28a6212af04c29
Merge: ff54c22e cd4af2a4
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri Apr 5 21:15:39 2024 +0200
Merge branch 'debian/unstable' into debian/experimental
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit ff54c22ebaea10cb0ac369fce139b64dc8f7418a
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Apr 4 22:00:15 2024 +0200
Prepare 3.2.1-3.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 472cf5fe72c4b86569166fc0472d034a442d4e65
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Apr 4 21:58:32 2024 +0200
d: Drop -DOPENSSL_TLS_SECURITY_LEVEL
The 2 is already default.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 51cad209a83e1e5419e7571eb65e635fc44b34ce
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Apr 4 19:16:16 2024 +0200
d: Correct news entry.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit af799517ce2a1a063afd0606994c6c194fcb6c5a
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon Mar 25 09:21:18 2024 +0100
d: Merge NMU bits from unstable (3.1.5-1.1).
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit cd4af2a4fab1ab3504d7c5c100df44733ecbc088
Author: Benjamin Drung <bdrung@debian.org>
Date: Thu Feb 29 12:55:38 2024 +0000
Import Debian changes 3.1.5-1.1
openssl (3.1.5-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition. Closes: #1064264
commit cebbc837e53a2a829ff9766044c309587c35bb43
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Feb 22 21:45:02 2024 +0100
Prepare 3.2.1-2.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit d8b52eceb1cbaa045a102a12664a6020d639e7a9
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Feb 22 21:35:48 2024 +0100
Update to latest openssl-3.2 branch.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 26109eddd699cce5c3aecb42ec1c5178cbde7d84
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Thu Feb 22 21:27:41 2024 +0100
d/rules: Drop brotli, enable zlib for cert compression.
Wait with brotli until upstream issue #23558 is resolved.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit ca990b4feea0246c8e68d4d01868ff4202a516cd
Author: Steve Langasek <vorlon@debian.org>
Date: Mon Feb 19 07:33:51 2024 +0000
Import Debian changes 3.2.1-1.1~exp1
openssl (3.2.1-1.1~exp1) experimental; urgency=medium
.
* Non-maintainer upload.
* Rename libraries for 64-bit time_t transition.
commit 47dd6322cdab11d130ce71746a91f9ecd48c0d94
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:23:08 2024 +0100
Prepare 3.2.1-1
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 5cf520d83ad369920672b6d39a25c3e28229f031
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:22:50 2024 +0100
Import 3.2.1
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 6c98d27ebb22ad94764ac0061cfa6d8acb0a638c
Merge: 3dc8c16e c555dff9
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:18:36 2024 +0100
Update upstream source from tag 'upstream/3.2.1'
Update to upstream version '3.2.1'
with Debian dir a28467bc31797e4438a1559bc293dafa18e604b9
commit c555dff93b92c4bfed452c0fc1af77c8d4fc188e
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:18:36 2024 +0100
New upstream version 3.2.1
commit 171f421b7c580e53fc5f05ccb3233c66d8837d4f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:11:31 2024 +0100
Prepare 3.1.5-1
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 91dbdbfe7b472cd599b7e3080f2fdad0abd0e055
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:10:06 2024 +0100
Import 3.1.5
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
commit 5ef4d68eb4c8a56a2a0e4b989ea244c19978f62e
Merge: a62e7a3c e1ca6ea3
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:00:24 2024 +0100
Update upstream source from tag 'upstream/3.1.5'
Update to upstream version '3.1.5'
with Debian dir 4477b9d9203daebf000ebfa262efdb9679db0b6f
commit e1ca6ea3b63055391a07c0459fa0dd50d8aa9e6c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat Feb 3 17:00:24 2024 +0100
New upstream version 3.1.5
commit 99e6624ebb8a5943ab9699ed4ab221e8b29a31dd
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:22:11 2024 +0000
Prepare for release of 3.1.5
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit bb57e3b312ec1fd4e34e5c7afab812ea701758ce
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:22:11 2024 +0000
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 31625a6b4f5175ae66e31a8e3f9a187c974c875f
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:20:46 2024 +0000
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit a7e992847de83aa36be0c399c89db3fb827b0be2
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:14:56 2024 +0000
Prepare for release of 3.2.1
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit f4a9ef629f83ecd63a554caab6c2658e74800faa
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:14:55 2024 +0000
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 1460485811800e5bd03bff4fa670defc7317279a
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 30 13:13:27 2024 +0000
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
commit 6782406c069c3146cf7b5026811e3935e84e3ab8
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jan 29 16:19:24 2024 +0000
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23423)
commit d2103cdf6184a1ecd2c5363203770ecaf9efef24
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jan 29 16:19:24 2024 +0000
Update CHANGES.md and NEWS.md for new release
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
(Merged from https://github.com/openssl/openssl/pull/23422)
commit 024731b2ff469bfac95244178c086706cf73586c
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jan 23 13:17:31 2024 +0100
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
(cherry picked from commit ea6268cfceaba24328d66bd14bfc97c4fac14a58)
commit a4ea3dfc4d8e3023d30be881e983c5ca1027979d
Author: Richard Levitte <levitte@openssl.org>
Date: Tue Jan 23 13:17:31 2024 +0100
Have OSSL_PARAM_allocate_from_text() fail on odd number of hex digits
The failure would be caught later on, so this went unnoticed, until someone
tried with just one hex digit, which was simply ignored.
Fixes #23373
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23374)
(cherry picked from commit ea6268cfceaba24328d66bd14bfc97c4fac14a58)
commit febb086d0fc1ea12181f4d833aa9b8fdf2133b3b
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jan 19 14:32:18 2024 +0000
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
commit d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jan 19 11:28:58 2024 +0000
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23362)
commit 3daedcfefdabe0fb9de3aee850ac2cca2d5fa945
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jan 19 14:32:18 2024 +0000
Add some tests for various PKCS12 files with NULL ContentInfo
PKCS7 ContentInfo fields held within a PKCS12 file can be NULL, even if the
type has been set to a valid value. CVE-2024-0727 is a result of OpenSSL
attempting to dereference the NULL pointer as a result of this.
We add test for various instances of this problem.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
(cherry picked from commit 8a85df7c60ba1372ee98acc5982e902d75f52130)
commit 775acfdbd0c6af9ac855f34969cdab0c0c90844a
Author: Matt Caswell <matt@openssl.org>
Date: Fri Jan 19 11:28:58 2024 +0000
Add NULL checks where ContentInfo data can be NULL
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
CVE-2024-0727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
(cherry picked from commit 041962b429ebe748c8b6b7922980dfb6decfef26)
commit 96014134630799ee5879ed94b6450e860ba4ebfe
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon Jan 22 16:02:59 2024 +0100
Fix a possible memory leak in req_main
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
(cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3)
commit 8c30857e8fe943227b636826fceeab411c8b4628
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon Jan 22 16:02:59 2024 +0100
Fix a possible memory leak in req_main
if the private key is output to stdout using the HARNESS_OSSL_PREFIX,
out is a stack of BIOs and must therefore free'd using BIO_free_all.
Steps to reproduce:
$ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null
[...]
Direct leak of 128 byte(s) in 1 object(s) allocated from:
#0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202
#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222
#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83
#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95
#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014
#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175
#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203
#8 0x555c5f528537 in req_main apps/req.c:683
#9 0x555c5f50e315 in do_cmd apps/openssl.c:426
#10 0x555c5f4c5575 in main apps/openssl.c:307
#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s).
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23365)
(cherry picked from commit ff78d94b131d7bb3b761509d3ce0dd864b1420e3)
commit d39776d84e4d06cc1e837dbf46cfcd378bf4152c
Author: Tomas Mraz <tomas@openssl.org>
Date: Mon Jan 8 14:13:49 2024 +0100
ci.yml: Replace actions-rs/toolchain@v1 with dtolnay/rust-toolchain
actions-rs/toolchain is unmaintained and generates warnings
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23232)
(cherry picked from commit cd5911a6b300453eefb4b6d9d797c9d1cdefb956)
commit abe3b17e57e8b0adba272ce0487978e8d6c0ba5f
Author: Tomas Mraz <tomas@openssl.org>
Date: Mon Jan 8 14:13:49 2024 +0100
ci.yml: Replace actions-rs/toolchain@v1 with dtolnay/rust-toolchain
actions-rs/toolchain is unmaintained and generates warnings
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23232)
(cherry picked from commit cd5911a6b300453eefb4b6d9d797c9d1cdefb956)
commit cf000858fab87ab6f247a72afc09f6f677943d7e
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 19 10:59:03 2024 +0100
tlsfuzzer.sh: Use python3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 15f479e25f9591a2749fabb436dcdfb9304c5c7b)
commit b8405af3bedb4943d1462947932649eab92e5deb
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jan 18 16:32:33 2024 +0100
tlsfuzzer.sh: Make it more informative on errors
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 825b7cb16e0624d81421441949e843e9876c81f9)
commit 0b6ea323d245234e4fc241e41d684ce81bb84bd3
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 5 11:22:28 2024 +0100
tlsfuzzer.sh: Run openssl version on the built app and not system one
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 150b3b18dfde317621a6bf26acfe0d06193e52fd)
commit 2c18e43f26823dcc987beb26c943f315405facae
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jan 3 12:36:10 2024 +0100
gost_engine.sh: Set OPENSSL_ENGINES_DIR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 017c7cf2bb5f5461071d9e992eb3206c34a69c2c)
commit c53abbb12ed84d845a77ea8de3407246c6a6fc33
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 19 10:59:03 2024 +0100
tlsfuzzer.sh: Use python3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 15f479e25f9591a2749fabb436dcdfb9304c5c7b)
commit 2cad2ae30e60e2c9cf4bfe8daeb60aef12ef2447
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jan 18 16:32:33 2024 +0100
tlsfuzzer.sh: Make it more informative on errors
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 825b7cb16e0624d81421441949e843e9876c81f9)
commit fcd4466c4e9f1b58cf69cd06e6e41c2841bb60b5
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 5 11:22:28 2024 +0100
tlsfuzzer.sh: Run openssl version on the built app and not system one
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 150b3b18dfde317621a6bf26acfe0d06193e52fd)
commit 9d46ae981cd0b279d8d3c06c01d0dff92f90420d
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Jan 3 12:36:10 2024 +0100
gost_engine.sh: Set OPENSSL_ENGINES_DIR
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23342)
(cherry picked from commit 017c7cf2bb5f5461071d9e992eb3206c34a69c2c)
commit 90b375739952693c582e149b12a533b88fd32e71
Author: shashankmca80 <38880505+shashankmca80@users.noreply.github.com>
Date: Sat Jan 13 18:16:25 2024 +0530
Uninitialized array variable
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
(cherry picked from commit a0826b184eed2dccc56cdf80e3e0bc061cc89ddc)
commit e554f9f24918a9f2050434b01c531c636408da4f
Author: shashankmca80 <38880505+shashankmca80@users.noreply.github.com>
Date: Sat Jan 13 18:16:25 2024 +0530
Uninitialized array variable
array"key" is uninitialized and it is being read directly in function SipHash_Init() as per the below statements making a way for the garbage values :
uint64_t k0 = U8TO64_LE(k);
uint64_t k1 = U8TO64_LE(k + 8);
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23298)
(cherry picked from commit a0826b184eed2dccc56cdf80e3e0bc061cc89ddc)
commit b7275c5e5c1c7b025bf2eb74fd1344b6abe48c06
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jan 15 08:55:48 2024 +0000
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23327)
commit 603505f1221713db8269450f90c1e843b3013612
Author: Paul Dreik <github@pauldreik.se>
Date: Thu Dec 7 16:59:57 2023 +0100
prevent integer overflow in ossl_asn1_time_from_tm
this could be triggered by the following code (assuming 64 bit time_t):
time_t t = 67768011791126057ULL;
ASN1_TIME* at = ASN1_TIME_set(NULL, t);
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
(cherry picked from commit 5b2d8bc28a8ff59689da98f31459819db09a9099)
commit c15a844156d9cc373b2f42c58034437a3c45f58c
Author: Paul Dreik <github@pauldreik.se>
Date: Thu Dec 7 20:31:50 2023 +0100
add test for provoking integer overflow in ossl_asn1_time_from_tm
this needs a sanitized 64 bit time_t build to be detected (or possibly
valgrind, trapv or similar)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
(cherry picked from commit 017fd465a4f01323465823a3dcf318553365dfdd)
commit 141365d1b4ab9d2ea4c76938f83b26429f0fb8ad
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 2 16:48:43 2024 +0000
Don't apply max_frag_len checking if no Max Fragment Length extension
Don't check the Max Fragment Length if the it hasn't been negotiated. We
were checking it anyway, and using the default value
(SSL3_RT_MAX_PLAIN_LENGTH). This works in most cases but KTLS can cause the
record length to actually exceed this in some cases.
Fixes #23169
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit c1decd62460072082833909a962892e5042b16bb)
commit 523d1233f1feda9d7561441b332600148a468d8a
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 2 16:37:29 2024 +0000
Fix a FreeBSD build failure when KTLS is enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit 2cac2feff2612c0a324675d8151fea3e2d03397c)
commit 4074e6308860077bdd3b85b084ad63d3007e20e3
Author: Matt Caswell <matt@openssl.org>
Date: Tue Jan 2 15:56:43 2024 +0000
Add a KTLS test where we write long app data records
Check that we can write and read back long app data records when using
KTLS.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23182)
(cherry picked from commit 563f4be8976ea776ec4fb90d084e2ce80c92f0d1)
commit 8c1f9de1d5517888e359d36c868fd315cb07fa6e
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Thu Dec 14 12:48:33 2023 +0100
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
(cherry picked from commit 66adaf2b31bb51e00ffad784f60bdf195e5dd736)
commit bc2fe90e1ef2b33b7222af6c35c68153b08743cf
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Thu Dec 14 12:48:33 2023 +0100
X509_dup.pod: add caveat that extra data is not copied and hints, e.g., to use X509_up_ref() instead
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23043)
(cherry picked from commit 66adaf2b31bb51e00ffad784f60bdf195e5dd736)
commit 284888cf2eddd6f52e6cea8aea8127e3c74e2a84
Author: Matt Caswell <matt@openssl.org>
Date: Mon Jan 15 08:55:48 2024 +0000
Document SSL_R_UNEXPECTED_EOF_WHILE_READING
Also document that it is ok to use this for control flow decisions.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23304)
(cherry picked from commit ead44e19fa3ff7d189876081880f1adb3dfdf30b)
commit 9847bc91b3e62983628074cf16be876b822621e5
Author: Kevin Jerebica <jerebicakevin@gmail.com>
Date: Tue Jan 16 16:30:26 2024 +0100
Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
(cherry picked from commit 3e938453be47751d50917e25b8f7334b482844b3)
commit df87678d6023c6892562167d0697bf2a61cae164
Author: Kevin Jerebica <jerebicakevin@gmail.com>
Date: Tue Jan 16 16:30:26 2024 +0100
Add a deprecation warning for a function in docs
The function in question is SSL_get_peer_certificate()
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23315)
(cherry picked from commit 3e938453be47751d50917e25b8f7334b482844b3)
commit 96dd7b23f5f1a54316ab9408be630f7cd61e262e
Author: Lin Runze <lrzlin@163.com>
Date: Sun Jan 14 20:21:49 2024 +0800
Fix performance regression of ChaCha20 on LoongArch64
The regression was introduced in PR #22817.
In that pull request, the input length check was moved forward,
but the related ori instruction was missing, and it will cause
input of any length down to the much slower scalar implementation.
Fixes #23300
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23301)
(cherry picked from commit 971028535e6531c89449e06b1f6862c18f04ff91)
commit 91e8a3fb5cb4481697d372b98a274f3c233a7594
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sat Jan 13 01:03:56 2024 +0100
hurd: Fix dgram_sendmmsg
GNU/Hurd does not have IP_PKTINFO yet, thus SUPPORT_LOCAL_ADDR is undef,
data->local_addr_enabled never set to 1, and thus the M_METHOD_RECVMSG
method would end up raising BIO_R_LOCAL_ADDR_NOT_AVAILABLE immediately.
Fixes #22872
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23293)
(cherry picked from commit 2f85736e9c66248528f132d46508f06a0bb8dd88)
commit 9ff970674b296f6b53f41e77d81beac7e8526cac
Author: lan1120 <lanming@huawei.com>
Date: Wed Dec 13 19:02:29 2023 +0800
Check whether the pubkey exists in ossl_ecx_key_dup
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)
(cherry picked from commit aac531e5daa2edec5d47e702a7f115cf77fe07f9)
commit 2827145227a4ee352056e02b5908f19c7ca30074
Author: lan1120 <lanming@huawei.com>
Date: Wed Dec 13 19:02:29 2023 +0800
Check whether the pubkey exists in ossl_ecx_key_dup
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)
(cherry picked from commit aac531e5daa2edec5d47e702a7f115cf77fe07f9)
commit fc82a8f086470e00e6119a820c617337ed7de0e9
Author: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Fri Jan 12 10:14:43 2024 +0100
Error in s_server when -rev option is used with dtls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)
(cherry picked from commit 575117efe1e0eb8073c2d26ae3dff8926be00591)
commit f8b96e116cb8b78ddbb295c8eedf1bab4227c885
Author: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Fri Jan 12 10:14:43 2024 +0100
Error in s_server when -rev option is used with dtls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23278)
(cherry picked from commit 575117efe1e0eb8073c2d26ae3dff8926be00591)
commit 3a665e45b8b08957d1ba9228bf0c9c31cff074e5
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Jan 9 18:08:22 2024 +0100
Add CHANGES.md and NEWS.md entries for CVE-2023-6237
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit 38b2508f638787842750aec9a75745e1d8786743)
commit a830f551557d3d66a84bbb18a5b889c640c36294
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Dec 22 16:25:56 2023 +0100
Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
commit 20cb674d81e8070439d50c41f340ed439435aa84
Author: Tomas Mraz <tomas@openssl.org>
Date: Tue Jan 9 18:08:22 2024 +0100
Add CHANGES.md and NEWS.md entries for CVE-2023-6237
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit 38b2508f638787842750aec9a75745e1d8786743)
commit 0b0f7abfb37350794a4b8960fafc292cd5d1b84d
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Dec 22 16:25:56 2023 +0100
Limit the execution time of RSA public key check
Fixes CVE-2023-6237
If a large and incorrect RSA public key is checked with
EVP_PKEY_public_check() the computation could take very long time
due to no limit being applied to the RSA public key size and
unnecessarily high number of Miller-Rabin algorithm rounds
used for non-primality check of the modulus.
Now the keys larger than 16384 bits (OPENSSL_RSA_MAX_MODULUS_BITS)
will fail the check with RSA_R_MODULUS_TOO_LARGE error reason.
Also the number of Miller-Rabin rounds was set to 5.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23243)
(cherry picked from commit e09fc1d746a4fd15bb5c3d7bbbab950aadd005db)
commit 60dc128b0f4ab0fec8198ce1724160d0750273b0
Author: Drokov Pavel <drokov@rutoken.ru>
Date: Fri Jan 12 02:10:17 2024 -0500
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
commit 9aee66b2f4ecc721950b647da4ebf773133dd7c9
Author: Drokov Pavel <drokov@rutoken.ru>
Date: Fri Jan 12 02:10:17 2024 -0500
Fix arithmetic expression overflow
If the value of a->length is large (>= 2^12), then an integer overflow will
occur for the signed type, which according to the C standard is UB.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23274)
(cherry picked from commit 486ab0fb003d05f89620662260486d31bd3faa8c)
commit f076c133a175881fecb636385a2f3e6f77b37c43
Author: Akshat Maheshwari <akshatmaheshwari1995@gmail.com>
Date: Thu Jan 11 22:51:59 2024 +0530
Fix grammar in documentation
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23266)
(cherry picked from commit 441b3b7ba15d5dc6e034b030bd8b88ce596f53ba)
commit 50e28cbd8a54c1ce2efae564fa8ca4dbafa1a92d
Author: Drokov Pavel <drokov@rutoken.ru>
Date: Thu Jan 11 18:51:15 2024 -0500
Check ASN1_OBJECT_new result
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23270)
(cherry picked from commit 6b92a966e0de3ad848fcf11fbcab7ee8cae24ba1)
commit 29463f17f2f7978e67b74e3f76bad1c126d34bed
Author: Richard Levitte <levitte@openssl.org>
Date: Thu Jan 4 12:42:05 2024 +0100
Add test/recipes/15-test_gensm2.t, to test SM2 key generation results
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit d4d9b57530b2ecdca6b4263b5841b42c820e5275)
commit 7c93d2eb8c29f0c82e79ad1a147507f4d58de816
Author: Richard Levitte <levitte@openssl.org>
Date: Fri Oct 27 09:01:19 2023 +0200
Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit 1d490694dfa790d8e47f8f2ea62ea1d9b1251179)
commit dbe66cd268774e3c3023c2375d3229d3a1c612f2
Author: Richard Levitte <levitte@openssl.org>
Date: Thu Jan 4 12:42:05 2024 +0100
Add test/recipes/15-test_gensm2.t, to test SM2 key generation results
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit d4d9b57530b2ecdca6b4263b5841b42c820e5275)
commit 5572a1beee54b4cb101fd2e447787a38203b8914
Author: Richard Levitte <levitte@openssl.org>
Date: Fri Oct 27 09:01:19 2023 +0200
Fix the encoding of SM2 keys
OpenSSL's encoding of SM2 keys used the SM2 OID for the algorithm OID
where an AlgorithmIdentifier is encoded (for encoding into the structures
PrivateKeyInfo and SubjectPublicKeyInfo).
Such keys should be encoded as ECC keys.
Fixes #22184
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22529)
(cherry picked from commit 1d490694dfa790d8e47f8f2ea62ea1d9b1251179)
commit d521c94e7b440f043bcdfdf7575c6bf8a362ded0
Author: Neil Horman <nhorman@openssl.org>
Date: Thu Dec 7 16:56:39 2023 -0500
Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min
Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value. As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.
Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
(cherry picked from commit 0981c20f8efa68bf9d68d7715280f83812c19a7e)
commit 3ddab87f2e69aeea82caef1b7cef64ac7066a931
Author: Neil Horman <nhorman@openssl.org>
Date: Thu Dec 7 16:56:39 2023 -0500
Fix NULL pointer deref when parsing the stable section
When parsing the stable section of a config such as this:
openssl_conf = openssl_init
[openssl_init]
stbl_section = mstbl
[mstbl]
id-tc26 = min
Can lead to a SIGSEGV, as the parsing code doesnt recognize min as a
proper section name without a trailing colon to associate it with a
value. As a result the stack of configuration values has an entry with
a null value in it, which leads to the SIGSEGV in do_tcreate when we
attempt to pass NULL to strtoul.
Fix it by skipping any entry in the config name/value list that has a
null value, prior to passing it to stroul
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22988)
(cherry picked from commit 0981c20f8efa68bf9d68d7715280f83812c19a7e)
commit 9d47024599d932baef013b7ceced9e842cbb786d
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Thu Jan 4 19:25:08 2024 +0100
Add tests for re-using cipher contexts
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.
This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 3cb1b51dddf4deaf5e3886b827f3245d81670bc7)
commit c944c06cc94e9a7a53f075543a0c0858919f96c5
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Fri Jan 5 14:16:53 2024 +0100
Fix partial block encryption in cfb and ofb for s390x (legacy)
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit f9ccd209c3d121668c51a992613c698f2a774cb3)
commit aa24651e5c535cd3cbab95a5cc93b18929972664
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Thu Jan 4 09:37:39 2024 +0100
Fix partial block encryption in cfb and ofb for s390x
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.
Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 576a3572bebf6115df1c03527114cbf74d06f861)
commit ac36def31f2c47133cb0427692796c6562551e99
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Thu Jan 4 19:25:08 2024 +0100
Add tests for re-using cipher contexts
Add test case for re-using a cipher context with the same key, iv and
cipher. It detects, if the hardware-specific cipher context is reset
correctly, like reported in issue #23175.
This test has encrypt and decrypt iterations for cfb128 and
ofb128. All iteations use the same key, iv and plaintext.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 3cb1b51dddf4deaf5e3886b827f3245d81670bc7)
commit ecbbca090da5f2219914b851c4995532ee576bfa
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Fri Jan 5 14:16:53 2024 +0100
Fix partial block encryption in cfb and ofb for s390x (legacy)
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb also in
s390x-legacy code. For more details see 4df92c1a14 ("Fix partial block
encryption in cfb and ofb for s390x").
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit f9ccd209c3d121668c51a992613c698f2a774cb3)
commit 8887efa223a014fe93ee19303abb87eb115b12c9
Author: Holger Dengler <dengler@linux.ibm.com>
Date: Thu Jan 4 09:37:39 2024 +0100
Fix partial block encryption in cfb and ofb for s390x
Use the number of processed bytes information (num) from the generic
cipher context for the partial block handling in cfb and ofb, instead
of keep this information in the s390x-specific part of the cipher
context. The information in the generic context is reset properly,
even if the context is re-initialized without resetting the key or iv.
Fixes: #23175
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23201)
(cherry picked from commit 576a3572bebf6115df1c03527114cbf74d06f861)
commit 0a12aba18f705c888d661d2e2da3848a392f70a5
Author: Neil Horman <nhorman@openssl.org>
Date: Mon Jan 8 14:29:52 2024 -0500
Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated). As such, document the fact that
re-initalization requires passing an IV parameter
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
(cherry picked from commit 7c1d533a512181b13de3bc0b7fa2fd8c481032d3)
commit 679cdfa96cee266dd813a4c21f127f179557d36f
Author: Neil Horman <nhorman@openssl.org>
Date: Mon Jan 8 14:29:52 2024 -0500
Update Docs for EVP_MAC
For GMAC/CMAC, its not possible to re-init the algorithm without
explicitly passing an OSSL_MAC_PARAM_IV to each init call, as it is
not possible to extract the IV value from the prior init call (be it
explicitly passed or auto generated). As such, document the fact that
re-initalization requires passing an IV parameter
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23235)
(cherry picked from commit 7c1d533a512181b13de3bc0b7fa2fd8c481032d3)
commit c564111bc99ee37112d7776d88957c123d253eeb
Author: Tomas Mraz <tomas@openssl.org>
Date: Wed Nov 29 09:17:39 2023 +0100
Disable build of HWAES on PPC Macs
Fixes #22818
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)
(cherry picked from commit 493ad484e9312b54d177d85e2f4aa0b636e708f0)
commit 6969bf4d7785827fef8b6698a0349c609609b28e
Author: sashan <anedvedicky@gmail.com>
Date: Mon Jan 8 22:53:42 2024 +0100
evp_fetch.c: Check meth_id instead of name_id
Fixes #23226
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)
(cherry picked from commit da840c3775f52fc9766c654b5ad6ee031ffc9fd9)
commit 40cdfac75437923f533ebad0e6b24a9524e52b45
Author: sashan <anedvedicky@gmail.com>
Date: Mon Jan 8 22:53:42 2024 +0100
evp_fetch.c: Check meth_id instead of name_id
Fixes #23226
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23238)
(cherry picked from commit da840c3775f52fc9766c654b5ad6ee031ffc9fd9)
commit 8d07eedf49f1c35cd3133ce64c3e0342863e6dbb
Author: James Muir <james@openssl.org>
Date: Tue Jan 9 22:38:43 2024 -0500
doc: "digest" must be explicitly set with deterministic ECDSA/DSA
Fixes #23205
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)
(cherry picked from commit ff7b32e1d7af590eab3163f0c6be7792876c36bc)
commit 0d3775cf11137c33dcbd30e89194d16019bf60e6
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Tue Jan 9 15:05:30 2024 +0100
Fix a similar memory leak in SXNET_add_id_INTEGER
Even in the good case there was memory leak here.
Add a simple test case to have at least some test coverage.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit 398011848468c7e8e481b295f7904afc30934217)
commit 5339f541238aab81e3dd43f2bc6c5cde716be349
Author: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon Jan 8 15:31:32 2024 +0100
Fix a possible memory leak in sxnet_v2i
When a subsequent call to SXNET_add_id_asc fails
e.g. because user is a string larger than 64 char
or the zone is a duplicate zone id,
or the zone is not an integer,
a memory leak may be the result.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23234)
(cherry picked from commit 0151e772195fc03cce0f12e5e266e51dc15243a0)
commit bee1e83a18d6820b4264cbefca9ff5576ff679c2
Author: Tomas Mraz <tomas@openssl.org>
Date: Thu Jan 4 10:32:32 2024 +0100
Add CHANGES.md and NEWS.md entries for CVE-2023-6129
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit 858c7bc210a406cc7f891ac2aed78692d2e02937)
commit f3fc5808fe9ff74042d639839610d03b8fdcc015
Author: Rohan McLure <rmclure@linux.ibm.com>
Date: Thu Jan 4 10:25:50 2024 +0100
poly1305-ppc.pl: Fix vector register clobbering
Fixes CVE-2023-6129
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs saves the the contents of vector registers in different order
than they are restored. Thus the contents of some of these vector registers
is corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23200)
(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f)
commit 01088602522015906654877ad2730ce805f3f925
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 5 11:01:34 2024 +0100
Avoid memory leak if SXNET_add_id_INTEGER() fails
Fixes Coverity 1560046
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23211)
(cherry picked from commit 7054fc1ca3945342777f588fba43b77f669509ad)
commit 5802de95768aabec92b1f09a1c5ae13763a8da86
Author: Tomas Mraz <tomas@openssl.org>
Date: Fri Jan 5 17:29:20 2024 +0100
Add missing sm4_ccm_dupctx() and sm4_gcm_dupctx()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23217)
commit 143a0915e34553912ee37331b189e78096861bfb
Author: Richard Levitte <levitte@openssl.org>
Date: Wed Dec 20 08:25:22 2023 +0100
VMS: Add the missing -p32 and -p64 variants for x86_64
The pointer size support is already in the code, and is present for
all other supported hardwares.
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit a43f253d586279b5d96fffcaf1b26c7a2b0dd938)
commit d2c20500032722d05f36a6664f4a813fe6320ef6
Author: Richard Levitte <levitte@openssl.org>
Date: Mon Dec 18 12:49:08 2023 +0100
Fix VMS installation - update vmsconfig.pm for consistency
An effort was made to update the VMS installation data to align with
configuration data. This touched the script templates in VMS/, but
didn't update the generation of vmsconfig.pm to match... and also
missed a spot.
This change adds the missing updates
Ref:
https://github.com/openssl/openssl/pull/16842
Fixes #22899
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23081)
(cherry picked from commit 4058e121cbc6818235b0dcb618e636ce3c4d1f2f)
commit 856d4c6ebc1aec2a714ce497af9c3e48c50e689d
Author: Neil Horman <nhorman@openssl.org>
Date: Wed Jan 3 13:47:05 2024 -0500
cleanse stack variable in kdf_pbkdf1_do_derive
kdf_pbkdf1_do_derive stores key derivation information in a stack
variable, which is left uncleansed prior to returning. Ensure that the
stack information is zeroed prior to return to avoid potential leaks of
key information
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23194)
(cherry picked from commit 5963aa8c196d7c5a940a979299a07418527932af)
commit a693d69cd8b4b88a81f3e8174dcf90bbed4cbb53
Author: Neil Horman <nhorman@openssl.org>
Date: Tue Jan 2 15:48:00 2024 -0500
Validate config options during x509 extension creation
There are several points during x509 extension creation which rely on
configuration options which may have been incorrectly parsed due to
invalid settings. Preform a value check for null in those locations to
avoid various crashes/undefined behaviors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23183)
(cherry picked from commit bac7e687d71b124b09ad6ad3e15be9b38c08a1ba)
commit 7043f6924a80f3f6f137f680aae4c968d03f3ba3
Author: Neil Horman <nhorman@openssl.org>
Date: Fri Dec 15 14:35:04 2023 -0500
fixup! Adding interop tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22726)
(cherry picked from commit b062a3c552bf283319dede3437598f1747730053)