Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
38,783 Commits 37 Branches 420 Tags
master
Commit Graph

460 Commits

Author SHA1 Message Date
Bob Beck
c082649033 Ensure ASN1 types are checked before use. 
Some of these were fixed by LibreSSL in commit aa1f637d45
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
 2026-01-13 12:11:18 +01:00
Bob Beck
2fab90bb5e 4.0-POST-CLANG-FORMAT-WEBKIT 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29242)
 2025-12-09 00:28:19 -07:00
openssl-machine
e66332418f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Release: yes
 2025-09-02 13:05:45 +00:00
77tiann
bda2473a44 Fix memory leak on EVP_CIPHER_param_to_asn1 failure 
When EVP_CIPHER_param_to_asn1() fails, xalg->parameter was not freed,
leading to a memory leak. This patch adds proper cleanup for that case.
CLA: trivial

Signed-off-by: 77tiann <27392025k@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28131)
 2025-08-11 16:54:46 +02:00
Tomas Mraz
bb86c43fa8 libapps + libcrypto: Silence warnings on Win64 builds 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)
 2025-07-02 17:26:26 +02:00
JiashengJiang
9882d389df crypto/pkcs7/pk7_smime.c: Add BIO_free() to avoid memory leak 
Add BIO_free() to free tmpout if OPENSSL_malloc() fails to avoid memory leak.

Fixes: 8e70485 ("RT3955: Reduce some stack usage")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27631)
 2025-05-27 19:49:07 +02:00
openssl-machine
0c679f5566 Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Release: yes
 2025-03-12 13:35:59 +00:00
Frederik Wedel-Heinen
00fbc96988 Adds missing checks of return from XXX_up_ref(). 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26294)
 2025-02-18 16:32:59 +01:00
Tomas Mraz
f2348f1f84 Avoid NULL dereference with PKCS7_OP_SET_DETACHED_SIGNATURE 
We would dereference p7->d.sign pointer which can be NULL.

Reported by Han Zheng.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26078)
 2024-12-02 09:44:58 +01:00
Niels Dossche
a64d26ac02 Use sk_X509_ATTRIBUTE_deep_copy() to copy attribute stacks in pk7_doit.c 
Clean up the code by using the dedicated stack copy function.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25713)
 2024-11-28 15:27:08 +01:00
olszomal
8cfc26e6c4 Add support for p7->d.sign->contents with the V_ASN1_SEQUENCE type 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22575)
 2024-10-21 11:32:04 +01:00
Niels Dossche
d8b7a6eae9 Fix potential memory leak in PKCS7_signatureVerify() 
Fixes #25594

The code jumps to an error block when EVP_VerifyUpdate fails.
This error block does not free abuf.
In the success path the abuf memory is freed.
Move the free operation to the error block.

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25596)
 2024-10-07 17:55:13 +02:00
Tomas Mraz
7ed6de997f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
 2024-09-05 09:35:49 +02:00
XZ-X
391334dd8c When calling ASN1_item_i2d () check both returned length and allocated pointer 
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24979)
 2024-08-20 11:45:14 +02:00
Dr. David von Oheimb
29bbe7d008 {CMS,PKCS7}_verify(): use 'certs' parameter ('-certfile' option) also for chain building 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18916)
 2024-07-17 16:34:53 +02:00
Bernd Edlinger
82a13a1f50 Fix possible double-free in pkcs7 add_attribute function 
The problem is the ownership of the input parameter value
is transfered to the X509_ATTRIBUTE object attr, as soon
as X509_ATTRIBUTE_create succeeds, but when an error happens
after that point there is no way to get the ownership back
to the caller, which is necessary to fullfill the API contract.

Fixed that by moving the call to X509_ATTRIBUTE_create to the
end of the function, and make sure that no errors are possible
after that point.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22721)
 2024-07-08 12:25:45 +02:00
Richard Levitte
b646179229 Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
 2024-04-09 13:43:26 +02:00
Jiasheng Jiang
8211ca45e4 PKCS7: Remove one of the duplicate checks 
There are two consecutive identical checks "if (i <= 0)".
We can remove one of them to make the code clear.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23741)
 2024-03-11 15:19:15 +01:00
Matt Caswell
041962b429 Add NULL checks where ContentInfo data can be NULL 
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.

CVE-2024-0727

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23361)
 2024-01-25 15:27:43 +00:00
Bernd Edlinger
7d52539f00 Fix possible memleak in PKCS7_add0_attrib_signing_time 
When PKCS7_add_signed_attribute fails, the ASN1_TIME
object may be leaked when it was not passed in as
input parameter.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
 2023-11-22 09:49:02 +01:00
Bernd Edlinger
ed3d277127 Fix a possible memleak in PKCS7_add_attrib_smimecap 
When PKCS7_add_signed_attribute fails, the ASN1_STRING
object may be leaked.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22744)
 2023-11-22 09:25:24 +01:00
Dr. David von Oheimb
d7ad09da77 CMS and PKCS7: fix handlling of EVP_PKEY_get_size() failure 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
 2023-10-26 16:03:48 +01:00
Matt Caswell
da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Dr. David von Oheimb
36b91a198a CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function 
Also remove needless constant_time_* and ERR_clear_error() calls
from OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
 2023-05-30 22:02:10 +02:00
Tomas Mraz
35da6af1f8 Support signedAndEnveloped content in PKCS7_decrypt() 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2023-02-07 17:05:10 +01:00
Tomas Mraz
6eebe6c023 pk7_doit.c: Check return of BIO_set_md() calls 
These calls invoke EVP_DigestInit() which can fail for digests
with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write()
or EVP_DigestFinal() from BIO_read() will segfault on NULL
dereference. This can be triggered by an attacker providing
PKCS7 data digested with MD4 for example if the legacy provider
is not loaded.

If BIO_set_md() fails the md BIO cannot be used.

CVE-2023-0401

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2023-02-07 17:05:10 +01:00
Tomas Mraz
80253dbdc9 Do not dereference PKCS7 object data if not set 
Fixes CVE-2023-0216

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2023-02-07 17:05:10 +01:00
ndossche
e3663717fc Fix incomplete check on EVP_CIPHER_param_to_asn1() 
That function is a wrapper around evp_cipher_param_to_asn1_ex() which
can return 0 as an error value via its ret <= 0 check [1].
Furthermore, all other callers of this function check against <= 0
instead of < 0 and this is also in line with what the documentation
tells us. Fix the incomplete check by changing it to <= 0 as well.

CLA: trivial

[1] 114d99b46b/crypto/evp/evp_lib.c (L164-L165)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20180)
 2023-02-02 10:14:12 +11:00
Niels Dossche
114d99b46b Fix incomplete checks for EVP_CIPHER_asn1_to_param 
EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.

Fixes: #20116

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)
 2023-01-25 14:27:14 +00:00
Hubert Kario
056dade341 smime/pkcs7: disable the Bleichenbacher workaround 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13817)
 2022-12-12 11:30:52 +01:00
Cameron Cawley
2a5c0d93cf pkcs7: Remove unused includes 
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19608)
 2022-11-10 08:11:57 +11:00
FdaSilvaYY
c734058309 crypto/*: Fix various typos, repeated words, align some spelling to LDP. 
partially revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
 2022-10-12 16:55:01 +11:00
Richard Levitte
e077455e9e Stop raising ERR_R_MALLOC_FAILURE in most places 
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
 2022-10-05 14:02:03 +02:00
David von Oheimb
4fdc16af05 X509_STORE_CTX_set_default(): improve error handling, also in its use 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18918)
 2022-09-16 10:07:15 +02:00
Dr. David von Oheimb
f69ec4b484 PKCS7: add notes to pkcs7.h.in and minor code cleanup in crypto/{pkcs7,cms}/ 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18915)
 2022-09-02 21:29:38 +02:00
Dr. David von Oheimb
2b44565476 PKCS7_dataVerify(): fix missing use of CRLs in PKCS#7 message 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18913)
 2022-09-01 11:04:46 +02:00
Dr. David von Oheimb
ba9e3721fe x509_att.c: improve error checking and reporting and coding style 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18931)
 2022-08-24 11:25:04 +02:00
Alon Bar-Lev
67c0460b89 Handle SMIME_crlf_copy return code 
Currently the SMIME_crlf_copy result is ignored in all usages. It does
return failure when memory allocation fails.

This patch handles the SMIME_crlf_copy return code in all occurrences.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18876)
 2022-07-28 10:05:59 +01:00
Nikolas
30adf6d209 Revert unnecessary PKCS7_verify() performance optimization 
It appears that creating temporary read-only mem BIO won't increase performance significally
anymore. But it increases PKCS7_verify() complexity, so should be removed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16590)
 2022-06-02 18:41:49 +02:00
Peiwei Hu
48b571fe77 Fix the checks of BIO_get_cipher_status 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)
 2022-06-02 10:36:56 -04:00
Peiwei Hu
8d9fec1781 Fix the incorrect checks of EVP_CIPHER_CTX_set_key_length 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18397)
 2022-05-27 07:57:43 +02:00
Peiwei Hu
639e576023 Fix check of dtls1_process_record 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18369)
 2022-05-26 11:47:04 +10:00
Matt Caswell
fecb3aae22 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
 2022-05-03 13:34:51 +01:00
Dr. David von Oheimb
04bc3c1277 Fix malloc failure handling of X509_ALGOR_set0() 
Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)
 2022-01-14 18:47:20 +01:00
Matt Caswell
38fc02a708 Update copyright year 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)
 2021-06-17 13:24:59 +01:00
Matt Caswell
dea2878fac Teach more of the ASN.1 code about libctx/propq 
Make sure we pass libctx/propq down to all the layers so that objects that
are created during parsing have the right values. Then use this new
capability for PKCS7.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
 2021-06-05 17:39:10 +10:00
Tomas Mraz
ed576acdf5 Rename all getters to use get/get0 in name 
For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
 2021-06-01 12:40:00 +02:00
Pauli
5cbd2ea3f9 add zero strenght arguments to BN and RAND RNG calls 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15513)
 2021-05-29 17:17:12 +10:00
Pauli
b93f6c2db9 err: rename err_load_xxx_strings_int functions 
The new names are ossl_err_load_xxx_strings.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15446)
 2021-05-26 13:01:47 +10:00
Dr. David von Oheimb
7c701c590d Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)
 2021-05-19 09:23:30 +02:00