If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.
It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.
So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
We remove a function that was left behind and is no longer called after the
record layer refactor
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
This fix removes explicit support for the SPT threading model in configurations.
This also reverts commit f63e1b48ac that were
required for SPT but broke other models.
Fixes: #22798
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22807)
Since the gen->type will not be set in a2i_GENERAL_NAME
the gen->d.otherName will not be automatically
cleaned up by GENERAL_NAME_free.
Also fixed a similar leak in a2i_GENERAL_NAME,
where ASN1_STRING_set may fail but gen->d.ia5
will not be automatically cleaned up.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22996)
The EVP interface explicitly allows in-place encryption/decryption,
but this fact is just 'partially' documented in `EVP_EncryptUpdate(3)`
(pun intended): the manual page mentions only operation failure in
case of 'partial' overlaps. This is not even correct, because
the check for partially overlapping buffers is only implemented
in legacy code paths.
Currently, in-place encryption/decryption is only documented for
RSA (`RSA_public_encrypt(3)`) and DES (`DES_ecb_encrypt(3)`), as
well as in the provider interface (`provider-cipher(7)`).
This commit amends `EVP_EncryptUpdate(3)` and `provider-cipher(7)`
to make the front-end and back-end documentation consistent.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22875)
Test the next arithmetic operation to safely determine if adding the
next digit in the passed property string will overflow
Also, noted a bug in the parse_hex code. When parsing non-digit
characters (i.e. a-f and A-F), we do a tolower conversion (which is
fine), and then subtract 'a' to get the hex value from the ascii (which
is definately wrong). We should subtract 'W' to convert tolower
converted hex digits in the range a-f to their hex value counterparts
Add tests to test_property_parse_error to ensure overflow checks work
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22874)
This also adds the configuration options 'enable-quic'.
Fixes#22907
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22908)
For some reason, it was added to the Unix and VMS build templates, but
Windows was forgotten.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22947)
Like in #17345, evp_extra_test links libcrypto statically, but also has
a dynamic/shared load via the legacy provider, which leads to ambiguous
behavior in evp_extra_test on some platforms, usually a crash (SIGSEGV)
on exit via the atexit handlers. Statically link the legacy provider to
avoid this.
Fixes#22819
Helped-by: Neil Horman <nhorman@openssl.org>
Helped-by: Tomas Mraz <tomas@openssl.org>
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22905)
This function can be called during OPENSSL_cleanup() when
the cache was already flushed and deallocated.
Fixes#22939
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22941)
On some systems it is too small although the system allows longer
filenames.
Fixes#22886
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22889)
When a provider can't return parameters, make that a warning instead of an
error, and continue to list further providers.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
We test its validity by trying to load it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
If the provider's output dispatch table is NULL, trying to parse it causes a
crash. Let's not do that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22866)
Common symbols (type 'C' in the 'nm' output) are allowed to be defined more
than once. This makes test/recipes/01-test_symbol_presence.t reflect that.
Fixes#22869 (partially)
Fixes#22837
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22880)
On some platforms, the compiler may add symbols that aren't ours and that we
should ignore.
They are generally expected to start with a double underscore, and thereby
easy to detect.
Fixes#22869 (partially)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22880)
HPE has a weird preference to prefix letters and zero-padding. Properly trim
them before processing.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22891)
Do not allow mid-expression line breaks.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22814)
Some platform implementations are without `sharedlib_import()`, so we need
to check that it exists before using it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22789)
$(SRCDIR)/util/libcrypto.num and $(SRCDIR)/util/libssl.num were made their
own targets to have 'make ordinals' reproduce them (run mknum.pl) only if
needed.
Unfortunately, because the shared library linker scripts depend on these
.num files, we suddenly have mknum.pl run at random times when building.
Furthermore, this created a diamond dependency, which disturbs parallell
building because multiple mknum.pl on the same file could run at the same
time.
This reverts commit 0e55c3ab8d.
Fixes#21999
Partially fixes#22841
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22890)
Coverity recorded issues 1551739 and 1551737, a potential double free in the
tests. It occurs when the DUP operation fails in such a way val3_read is
returned as the same pointer as val2_read. Ideally it should never
happen, but resetting val3_read to 0 should satisfy coverity that there
is no issue here
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22800)
Coverity issue 1551719 noted CRYPTO_secure_used referenced a shared
variable without taking the appropriate read lock. Add that.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22802)
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes#22842
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
When the CMS_ReceiptRequest cannot be created,
the rct_to and rct_from may be leaked.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22742)
And clean up partially created choice objects, which have
still the default type = -1 from ASIdentifierChoice_new().
Fixes#22700
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22745)
"d_i in RFC8017" -> "d_i" in RFC8017
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22868)
well know -> well known
CLA: trivial
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22778)
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22795)
