From 6767b5b1a8d4674a4811d8703215dc51af5fec9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 07:56:28 +0000 Subject: [PATCH 1/6] Bump actions/checkout from 2 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Huiyue Xu CLA: trivial Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/21953) (cherry picked from commit d4231af60a8d04196b3b873c2fa8638daff36173) --- .github/workflows/ci.yml | 36 ++++++++++++------------- .github/workflows/cross-compiles.yml | 2 +- .github/workflows/run-checker-ci.yml | 2 +- .github/workflows/run-checker-daily.yml | 2 +- .github/workflows/run-checker-merge.yml | 2 +- .github/workflows/windows.yml | 6 ++--- 6 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ccf2060e5..bcb02f5417 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: check_update: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: config @@ -35,7 +35,7 @@ jobs: check_docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --strict-warnings && perl configdata.pm --dump - name: make build_generated @@ -49,7 +49,7 @@ jobs: check-ansi: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CPPFLAGS=-ansi ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - name: make @@ -58,7 +58,7 @@ jobs: basic_gcc: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=gcc ./config --strict-warnings && perl configdata.pm --dump - name: make @@ -69,7 +69,7 @@ jobs: basic_clang: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=clang ./config --strict-warnings && perl configdata.pm --dump - name: make @@ -80,7 +80,7 @@ jobs: minimal: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --strict-warnings no-shared no-dso no-pic no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump - name: make @@ -91,7 +91,7 @@ jobs: no-deprecated: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --strict-warnings no-deprecated && perl configdata.pm --dump - name: make @@ -105,7 +105,7 @@ jobs: os: [ ubuntu-latest, macos-latest ] runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --strict-warnings no-shared && perl configdata.pm --dump - name: make @@ -116,7 +116,7 @@ jobs: address_ub_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make @@ -130,7 +130,7 @@ jobs: # memory_sanitizer: # runs-on: ubuntu-latest # steps: -# - uses: actions/checkout@v3 +# - uses: actions/checkout@v4 # - name: config # # --debug -O1 is to produce a debug build that runs in a reasonable amount of time # run: CC=clang ./config --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump @@ -142,7 +142,7 @@ jobs: threads_sanitizer: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=clang ./config --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make @@ -153,7 +153,7 @@ jobs: enable_non-default_options: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd && perl configdata.pm --dump - name: make @@ -164,7 +164,7 @@ jobs: legacy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump - name: make @@ -175,7 +175,7 @@ jobs: buildtest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: ./config no-asm no-makedepend enable-buildtest-c++ --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - name: make @@ -186,7 +186,7 @@ jobs: out-of-tree_build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: setup build dir run: | set -eux @@ -210,7 +210,7 @@ jobs: os: [ubuntu-latest, macos-latest ] runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: extra preparations run: | mkdir ./build @@ -231,7 +231,7 @@ jobs: external-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: recursive - name: package installs @@ -263,7 +263,7 @@ jobs: PYTHON: - 3.9 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: recursive - name: Configure OpenSSL diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 1bd62da1b1..2a8970c863 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -125,7 +125,7 @@ jobs: sudo apt-get -yq --force-yes install \ gcc-${{ matrix.platform.arch }} \ ${{ matrix.platform.libs }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: | diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 8a587bca3f..a8cfd03399 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -30,7 +30,7 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=clang ./config --strict-warnings ${{ matrix.opt }} - name: config dump diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 43d1b0afaa..effc420cb6 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -117,7 +117,7 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=clang ./config --strict-warnings ${{ matrix.opt }} - name: config dump diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index b4887e6b03..4d701366ca 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -26,7 +26,7 @@ jobs: ] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: config run: CC=clang ./config --strict-warnings ${{ matrix.opt }} - name: config dump diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 395f69764f..4ec4b64d1c 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -21,7 +21,7 @@ jobs: config: VC-WIN32 --strict-warnings runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: ilammy/msvc-dev-cmd@v1 with: arch: ${{ matrix.platform.arch }} @@ -57,7 +57,7 @@ jobs: - windows-2022 runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: ilammy/msvc-dev-cmd@v1 - uses: shogo82148/actions-setup-perl@v1 - name: prepare the build directory @@ -81,7 +81,7 @@ jobs: - windows-2022 runs-on: ${{matrix.os}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: ilammy/msvc-dev-cmd@v1 - uses: shogo82148/actions-setup-perl@v1 - name: prepare the build directory -- Gitee From 06a8d944f1f010903707966e31caddb5aaf07bae Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Thu, 7 Sep 2023 17:38:50 +0200 Subject: [PATCH 2/6] Fix a possible memleak in eckey_priv_encode Additionally use OPENSSL_clear_free on the private key data in case of error. Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22007) Signed-off-by: Huiyue Xu --- crypto/ec/ec_ameth.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 5098bd7a66..c48b7cb754 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -38,7 +38,6 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { - ASN1_OBJECT_free(asn1obj); ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); return 0; } @@ -98,9 +97,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) ptype, pval, penc, penclen)) return 1; err: - if (ptype == V_ASN1_OBJECT) - ASN1_OBJECT_free(pval); - else + if (ptype == V_ASN1_SEQUENCE) ASN1_STRING_free(pval); OPENSSL_free(penc); return 0; @@ -256,24 +253,32 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) eplen = i2d_ECPrivateKey(&ec_key, NULL); if (!eplen) { + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } ep = OPENSSL_malloc(eplen); if (ep == NULL) { + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); return 0; } p = ep; if (!i2d_ECPrivateKey(&ec_key, &p)) { - OPENSSL_free(ep); + OPENSSL_clear_free(ep, eplen); + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) { - OPENSSL_free(ep); + OPENSSL_clear_free(ep, eplen); + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); return 0; } -- Gitee From e355ea0ff399010b62966b495a8f2450032a1d58 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Thu, 7 Sep 2023 19:22:25 +0200 Subject: [PATCH 3/6] Fix a possbile memleak in rsa_pub_encode That seems to be only an issue for RSA-PSS with parameters. Spotted by code review, so it looks like there is no test coverage for this. Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22007) Signed-off-by: Huiyue Xu --- crypto/rsa/rsa_ameth.c | 5 ++++- test/recipes/15-test_rsapss.t | 10 +++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 2c9c46ea53..63efd93798 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -82,13 +82,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) if (!rsa_param_encode(pkey, &str, &strtype)) return 0; penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); - if (penclen <= 0) + if (penclen <= 0) { + ASN1_STRING_free(str); return 0; + } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), strtype, str, penc, penclen)) return 1; OPENSSL_free(penc); + ASN1_STRING_free(str); return 0; } diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t index 65ec6f3d75..61c13b6a49 100644 --- a/test/recipes/15-test_rsapss.t +++ b/test/recipes/15-test_rsapss.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_rsapss"); -plan tests => 5; +plan tests => 7; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', @@ -47,3 +47,11 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), srctop_file('test', 'testrsa.pem')])), "openssl dgst -prverify"); unlink 'testrsapss.sig'; + +ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', + '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10', + '-out', 'testrsapss.pem'])), + "openssl genpkey RSA-PSS with pss parameters"); +ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])), + "openssl pkey, execute rsa_pub_encode with pss parameters"); +unlink 'testrsapss.pem'; -- Gitee From 74c3e76130d7a75b2ad9d7af8b7ccd46933a54fe Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Thu, 7 Sep 2023 18:05:44 +0200 Subject: [PATCH 4/6] Fix error handling in CMS_EncryptedData_encrypt That caused several memory leaks in case of error. Also when the CMS object that is created by CMS_EncryptedData_encrypt is not used in the normal way, but instead just deleted by CMS_ContentInfo_free some memory was lost. Fixes #21985 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22008) Signed-off-by: Huiyue Xu --- crypto/cms/cms_asn1.c | 15 +++++++++++++-- crypto/cms/cms_local.h | 1 + crypto/cms/cms_sd.c | 14 +++++++++++++- crypto/cms/cms_smime.c | 3 ++- .../cms/2aba8037213156ea1593054768d4576cb8d08309 | Bin 0 -> 13 bytes .../cms/2aba8037213156ea1593054768d4576cb8d083ed | Bin 0 -> 13 bytes test/recipes/80-test_cms.t | 7 +++++++ 7 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d08309 create mode 100644 fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d083ed diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 08069d72a2..d006ada998 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -51,6 +51,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, EVP_PKEY_free(si->pkey); X509_free(si->signer); EVP_MD_CTX_free(si->mctx); + EVP_PKEY_CTX_free(si->pctx); } return 1; } @@ -89,11 +90,21 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = { ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) -ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { +static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval; + + if (operation == ASN1_OP_FREE_POST) + OPENSSL_clear_free(ec->key, ec->keylen); + return 1; +} + +ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = { ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) -} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) +} ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo) ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index a0ce4448f6..b275bddf75 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -342,6 +342,7 @@ struct CMS_Receipt_st { DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo) +DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_Attributes_Sign) DECLARE_ASN1_ITEM(CMS_Attributes_Verify) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 3f2a782565..708b443704 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -375,6 +375,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; + else + EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); } if (!sd->signerInfos) @@ -600,6 +602,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; + si->pctx = NULL; if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); @@ -680,6 +683,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); si->pctx = pctx; } @@ -745,8 +749,13 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) return -1; } mctx = si->mctx; + if (si->pctx != NULL) { + EVP_PKEY_CTX_free(si->pctx); + si->pctx = NULL; + } if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); if (!cms_sd_asn1_ctrl(si, 1)) goto err; @@ -859,8 +868,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) goto err; si->pctx = pkctx; - if (!cms_sd_asn1_ctrl(si, 1)) + if (!cms_sd_asn1_ctrl(si, 1)) { + si->pctx = NULL; goto err; + } + si->pctx = NULL; r = EVP_PKEY_verify(pkctx, si->signature->data, si->signature->length, mval, mlen); if (r <= 0) { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 6e7dbc4da1..8f3a9fbaeb 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -211,7 +211,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, if (cms == NULL) return NULL; if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) - return NULL; + goto err; if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); @@ -220,6 +220,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, || CMS_final(cms, in, NULL, flags)) return cms; + err: CMS_ContentInfo_free(cms); return NULL; } diff --git a/fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d08309 b/fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d08309 new file mode 100644 index 0000000000000000000000000000000000000000..8b18bb15d5fa6ade857b5118cab2977a5e225334 GIT binary patch literal 13 UcmXruX5-Xq^Jx3d%gD|Q026)!*Z=?k literal 0 HcmV?d00001 diff --git a/fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d083ed b/fuzz/corpora/cms/2aba8037213156ea1593054768d4576cb8d083ed new file mode 100644 index 0000000000000000000000000000000000000000..0aabaa3fdfcb608a5549fa93b6c9e2028c49bc7e GIT binary patch literal 13 UcmXruX5-Xq^Jx3d%gD|K026@%+W-In literal 0 HcmV?d00001 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index adb60e1436..544d4466b5 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -288,6 +288,13 @@ my @smime_cms_tests = ( "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] ], + [ "encrypted content test streaming PEM format -noout, 128 bit AES key", + [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-noout" ], + [ "-help" ] + ], + ); my @smime_cms_comp_tests = ( -- Gitee From 0309790f951843fe592eeb95e438ca3cd840e600 Mon Sep 17 00:00:00 2001 From: Dmitry Misharov Date: Thu, 7 Sep 2023 13:52:46 +0200 Subject: [PATCH 5/6] remove unused Appveyour config Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22000) (cherry picked from commit 8ac32e1e1b1a786366333acf897d332339610e6b) Signed-off-by: Huiyue Xu --- appveyor.yml | 78 ---------------------------------------------------- 1 file changed, 78 deletions(-) delete mode 100644 appveyor.yml diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 6210391f20..0000000000 --- a/appveyor.yml +++ /dev/null @@ -1,78 +0,0 @@ -image: - - Visual Studio 2017 - -platform: - - x64 - - x86 - -environment: - fast_finish: true - matrix: - - VSVER: 15 - -configuration: - - shared - - plain - - minimal - -before_build: - - ps: >- - Install-Module VSSetup -Scope CurrentUser - - ps: >- - Get-VSSetupInstance -All - - ps: >- - gci env:* | sort-object name - - ps: >- - If ($env:Platform -Match "x86") { - $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32 no-asm --strict-warnings" - } Else { - $env:VCVARS_PLATFORM="amd64" - $env:TARGET="VC-WIN64A-masm" - } - - ps: >- - If ($env:Configuration -Match "shared") { - $env:SHARED="no-makedepend" - } ElseIf ($env:Configuration -Match "minimal") { - $env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT" - } Else { - $env:SHARED="no-shared no-makedepend" - } - - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM% - - mkdir _build - - cd _build - - perl ..\Configure %TARGET% %SHARED% - - perl configdata.pm --dump - - cd .. - - ps: >- - if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | - Select-String "\[extended tests\]") ) { - $env:EXTENDED_TESTS="yes" - } - -build_script: - - cd _build - - ps: >- - If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { - cmd /c "nmake build_all_generated 2>&1" - cmd /c "nmake PERL=no-perl 2>&1" - } - - cd .. - -test_script: - - cd _build - - ps: >- - If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { - if ($env:EXTENDED_TESTS) { - cmd /c "nmake test V=1 2>&1" - } Else { - cmd /c "nmake test V=1 TESTS=-test_fuzz 2>&1" - } - } - - ps: >- - if ($env:EXTENDED_TESTS) { - mkdir ..\_install - cmd /c "nmake install DESTDIR=..\_install 2>&1" - } - - cd .. -- Gitee From 8fdaeedd9143b4cd81459bf86c863d52a7e57add Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 8 Sep 2023 15:35:22 +0200 Subject: [PATCH 6/6] Add CVE-2023-4807 fix to CHANGES and NEWS Reviewed-by: Matt Caswell Reviewed-by: Hugo Landau Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22034) Signed-off-by: Huiyue Xu --- CHANGES | 22 +++++++++++++++++++++- NEWS | 3 ++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index b0b2f44e41..8c6f19356d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,27 @@ Changes between 1.1.1v and 1.1.1w [xx XXX xxxx] - *) + *) Fix POLY1305 MAC implementation corrupting XMM registers on Windows. + + The POLY1305 MAC (message authentication code) implementation in OpenSSL + does not save the contents of non-volatile XMM registers on Windows 64 + platform when calculating the MAC of data larger than 64 bytes. Before + returning to the caller all the XMM registers are set to zero rather than + restoring their previous content. The vulnerable code is used only on newer + x86_64 processors supporting the AVX512-IFMA instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However given the contents of the registers are just + zeroized so the attacker cannot put arbitrary values inside, the most likely + consequence, if any, would be an incorrect result of some application + dependent calculations or a crash leading to a denial of service. + + (CVE-2023-4807) + [Bernd Edlinger] + Changes between 1.1.1u and 1.1.1v [1 Aug 2023] diff --git a/NEWS b/NEWS index 2cbee28283..12ecbf1def 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.1.1v and OpenSSL 1.1.1w [under development] - o + o Fix POLY1305 MAC implementation corrupting XMM registers on Windows + (CVE-2023-4807) Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] -- Gitee