Openssl 3.1.6+quic #165
Closed
Openssl 3.1.6+quic #165
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviewed-by: Richard Levitte <[email protected]> Release: yes
Coverity issue 1453632 noted a missing null check in kdf_test_ctrl recently. If a malformed value is passed in from the test file that does not contain a ':' character, the p variable will be NULL, leading to a NULL derefence prepare_from_text Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23398) (cherry picked from commit 6ca1d3e)
bind_afalg calls afalg_aes_cbc which allocates cipher_handle->_hidden global object(s) but if one of them fails due to out of memory, the function bind_afalg relies on the engine destroy method to be called. But that does not happen because the dynamic engine object is not destroyed in the usual way in dynamic_load in this case: If the bind_engine function fails, there will be no further calls into the shared object. See ./crypto/engine/eng_dyn.c near the comment: /* Copy the original ENGINE structure back */ Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#23409) (cherry picked from commit 729a149)
For some reason, those functions (and the _init functions too) would raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed ctx is NULL, and then not check if the provider supplied the function that would support these libcrypto functions. This corrects the situation, and has all those libcrypto functions raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the corresponding provider supplied, and only when that one is missing, raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when ERR_R_PASSED_NULL_PARAMETER is raised. This is done consistently for all affected functions. Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#23411) (cherry picked from commit 5a25177)
This reverts commit 2b74e75. The commit was wrong. With 3.x versions the engines must be themselves responsible for creating their EVP_PKEYs in a way that they are treated as legacy - either by using the respective set1 calls or by setting non-default EVP_PKEY_METHOD. The workaround has caused more problems than it solved. Fixes openssl#22945 Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#23063) (cherry picked from commit 39ea783)
Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#23063) (cherry picked from commit dbb478a)
Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Todd Short <[email protected]> (Merged from openssl#23444)
The following files referred to ../liblegacy.a when they should have referred to ../../liblegacy.a. This cause the creation of a mysterious directory 'crypto/providers', and because of an increased strictness with regards to where directories are created, configuration failure on some platforms. Fixes openssl#23436 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23452) (cherry picked from commit 667b454)
The existing loop pattern did not really run the expected tests on the duplicated keys. Fixes openssl#23129 Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#23292) (cherry picked from commit 387b93e)
CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23512) (cherry picked from commit 76cecff)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23503) (cherry picked from commit cb4f7a6)
Only modify doc/man* in the openssl-3.1 branch. Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23544)
https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html The pages for 3.0/3.1/master seem to have the following EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); which does not match with the actual header which is EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); Fixes openssl#23532 Reviewed-by: Shane Lontis <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23541) (cherry picked from commit 4f6133f)
encoder_process assumes a cleanup function has been set in the currently in-use encoder during processing, which can lead to segfaults if said function hasn't been set Add a NULL check for this condition, returning -1 if it is not set Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#23069) (cherry picked from commit cf57c3e)
CLA: trivial Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23586) (cherry picked from commit c3e8d67)
The EVP_DigestInit(3) manual page contains wrong name for the define macro for the OSSL_DIGEST_PARAM_MICALG param. Fixes openssl#23580 CLA: trivial Reviewed-by: Paul Yang <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23615) (cherry picked from commit 5e5c256)
Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively long. This fixes a false positive encountered by OSS-Fuzz. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23640) (cherry picked from commit 4a6f70c)
…ld-time. This fixes an issue with a mix of atexit() usage in DLL and statically linked libcrypto that came out in the test suite on NonStop, which has slightly different DLL unload processing semantics compared to Linux. The change allows a build configuration to select whether to register OPENSSL_cleanup() with atexit() or not, so avoid situations where atexit() registration causes SIGSEGV. INSTALL.md and CHANGES.md have been modified to include and describe this option. Signed-off-by: Randall S. Becker <[email protected]> Signed-off-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23642) (cherry picked from commit 0e1989d)
Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> (Merged from openssl#23642) (cherry picked from commit 66e6f72)
Return value of function 'SSL_CTX_ctrl', that is called from SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), is not checked, but it is usually checked for this function. CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23647) (cherry picked from commit 6f794b4)
Fix error: relocation truncated to fit: R_PPC64_REL14 (stub) against symbol `ChaCha20_ctr32_vsx_8x' CLA: trivial Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23618) (cherry picked from commit 1afb326)
Fixes openssl#23624 The calculation of the size for gid_arr reallocation was wrong. A multiplication by gid_arr array item size was missing. Testcase is added. Reviewed-by: Nicola Tuveri <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23659)
…e Makefile. If a user's `make` command came from a path that contained a space then both the `$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS) would not be properly quoted and the build would fail. Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23663) (cherry picked from commit aba6219)
Fixes openssl#23363 Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23404) (cherry picked from commit c5cc9c4)
Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#23678) (cherry picked from commit 74fd682)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#23774)
the page the link refers to does not exist. Anyone objects to delete file? Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#23719) (cherry picked from commit 8545398)
CLA: trivial Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Richard Levitte <[email protected]> (Merged from openssl#23805) (cherry picked from commit 52a75f4)
Signed-off-by: Vladimirs Ambrosovs <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23825) (cherry picked from commit c91f0ca)
Recently asan/tsan/ubsan runs have been failing randomly. It appears that a recent runner update may have led to the Address Space Layout Randomization setting in the linux kernel of ubuntu-latest runner getting set to too high a value (it defaults to 30). Such a setting leads to the possibility that a given application will have memory mapped to an address space that the sanitizer code typically uses to do its job. Lowering this value allows a/t/ubsan to work consistently again Reviewed-by: Tim Hudson <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23842) (cherry picked from commit 37cd49f)
CLA: trivial Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24366) (cherry picked from commit 3e9d933)
Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#24348) (cherry picked from commit 32ca45d)
Default configuration of the fips provider for tests is pedantic which means that sslapitest was not fully executed with fips provider. The ems check must be switched off for full execution. Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#24347) (cherry picked from commit d2af5e4)
Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#24347) (cherry picked from commit f6e4698)
According to the "GB/T 32918.4-2016" section 6.1 encryption, step A5: If result of the "KDF" is all zeros, we should go back to the begin(step A1). section 7.1 decryption, step B4: If result of the "KDF" is all zeros, we should raise error and exit. Signed-off-by: Liu-Ermeng <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23210) (cherry picked from commit 1706206)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24375) (cherry picked from commit 987baef)
Remove duplicate entries for -nocerts and -noattr CLA:trivial Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24052) (cherry picked from commit 5a0c92c)
This avoids overly long computation of various validation checks. Fixes CVE-2024-4603 Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Shane Lontis <[email protected]> (Merged from openssl#24346) (cherry picked from commit 85ccbab)
CLA: trivial Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tim Hudson <[email protected]> (Merged from openssl#24413) (cherry picked from commit 45f5d51)
Fixes: openssl#23979 Previously fips module relied on OPENSSL_cpuid_setup being used as constructor by the linker to correctly setup the capability vector, either via .section .init (for x86_64) or via __attribute__((constructor)). This would make ld.so call OPENSSL_cpuid_setup before the init function for fips module. However, this early constructing behavior has several disadvantages: 1. Not all platform/toolchain supports such behavior 2. Initialisation sequence is not well defined, and some function might not be initialized when cpuid_setup is called 3. Implicit path is hard to maintain and debug Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24419) (cherry picked from commit a192b24)
Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24435) (cherry picked from commit a73e07d)
If we're part way through processing a record, or the application has not released all the records then we should not free our buffer because they are still needed. CVE-2024-4741 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#24395)
In order to ensure we do not have a UAF we reset the rlayer.packet pointer to NULL after we free it. CVE-2024-4741 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#24395)
Test that attempting to free the buffers at points where they should not be freed works as expected. Follow on from CVE-2024-4741 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#24395)
The sslapitest has a helper function to load the dasync engine which is useful for testing pipelining. We would like to have the same facility from sslbuffertest, so we move the function to the common location ssltestlib.c Follow on from CVE-2024-4741 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#24395)
We extend the testing to test what happens when pipelining is in use. Follow on from CVE-2024-4741 Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Neil Horman <[email protected]> (Merged from openssl#24395)
Fixes openssl#24476 CLA: trivial Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24488) (cherry picked from commit 434e7f7)
Some versions if the VMS C system header files seem to require this. Fixes openssl#24466 on release older than 3.3. Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Todd Short <[email protected]> (Merged from openssl#24471) (cherry picked from commit 54e9e25)
Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#24464) (cherry picked from commit abe05fd)
Fixes openssl#24475 Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24511) (cherry picked from commit 0986e12)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24520) (cherry picked from commit 0c73d65)
Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Tom Cosgrove <[email protected]> (Merged from openssl#24550) (cherry picked from commit 3fa9df5)
Reviewed-by: Neil Horman <[email protected]> Release: yes
Reviewed-by: Neil Horman <[email protected]> Release: yes
Reviewed-by: Neil Horman <[email protected]> Release: yes
merged 3.1.5+quic on top of 3.1.6
|
Close in favor of the PR that uses quictls/openssl-3.1.6 -> quictls/openssl-3.1.6+quic as base for merge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update to 3.1.6 with vulnerabilities fixed
Vulnerabilities fixed: