Merge ~adrien/ubuntu/+source/openssl:openssl-3.0-git into ubuntu/+source/openssl:ubuntu/devel
- Git
- lp:~adrien/ubuntu/+source/openssl
- openssl-3.0-git
- Merge into ubuntu/devel
Status: | Work in progress |
---|---|
Proposed branch: | ~adrien/ubuntu/+source/openssl:openssl-3.0-git |
Merge into: | ubuntu/+source/openssl:ubuntu/devel |
Diff against target: |
4525 lines (+4163/-1) 59 files modified
debian/changelog (+6/-0) debian/openssl.docs (+0/-1) debian/patches/post-3.0.13/0001-Prepare-for-3.0.14.patch (+61/-0) debian/patches/post-3.0.13/0002-fix-missing-null-check-in-kdf_test_ctrl.patch (+66/-0) debian/patches/post-3.0.13/0003-Fix-a-possible-memleak-in-bind_afalg.patch (+46/-0) debian/patches/post-3.0.13/0004-Fix-error-reporting-in-EVP_PKEY_-sign-verify-verify_.patch (+117/-0) debian/patches/post-3.0.13/0005-Revert-Improved-detection-of-engine-provided-private.patch (+82/-0) debian/patches/post-3.0.13/0006-Document-the-implications-of-setting-engine-based-lo.patch (+37/-0) debian/patches/post-3.0.13/0008-Fix-a-few-incorrect-paths-in-some-build.info-files.patch (+67/-0) debian/patches/post-3.0.13/0009-Make-IV-buf-in-prov_cipher_ctx_st-aligned.patch (+62/-0) debian/patches/post-3.0.13/0010-Fix-testcases-to-run-on-duplicated-keys.patch (+246/-0) debian/patches/post-3.0.13/0011-Rearrange-terms-in-gf_mul-to-prevent-segfault.patch (+36/-0) debian/patches/post-3.0.13/0012-Fix-memory-leaks-on-error-cases-during-drbg-initiali.patch (+106/-0) debian/patches/post-3.0.13/0013-Fix-typos-found-by-codespell-in-openssl-3.0.patch (+87/-0) debian/patches/post-3.0.13/0014-KDF_CTX_new-API-has-incorrect-signature-const-should.patch (+41/-0) debian/patches/post-3.0.13/0015-Check-for-NULL-cleanup-function-before-using-it-in-e.patch (+40/-0) debian/patches/post-3.0.13/0016-Fixed-Visual-Studio-2008-compiler-errors.patch (+31/-0) debian/patches/post-3.0.13/0017-Correct-the-defined-name-of-the-parameter-micalg-in-.patch (+38/-0) debian/patches/post-3.0.13/0018-Don-t-print-excessively-long-ASN1-items-in-fuzzer.patch (+47/-0) debian/patches/post-3.0.13/0019-Add-atexit-configuration-option-to-using-atexit-in-l.patch (+142/-0) debian/patches/post-3.0.13/0020-Minor-wording-fixes-related-to-no-atexit.patch (+44/-0) debian/patches/post-3.0.13/0021-s_cb.c-Add-missing-return-value-checks.patch (+45/-0) debian/patches/post-3.0.13/0022-SSL_set1_groups_list-Fix-memory-corruption-with-40-g.patch (+106/-0) debian/patches/post-3.0.13/0023-Ensure-MAKE-commands-and-CFLAGS-are-appropriately-qu.patch (+103/-0) debian/patches/post-3.0.13/0024-Fix-off-by-one-issue-in-buf2hexstr_sep.patch (+32/-0) debian/patches/post-3.0.13/0026-Try-to-fix-intermittent-CI-failures-in-sslapitest.patch (+48/-0) debian/patches/post-3.0.13/0027-FAQ.md-should-be-removed.patch (+33/-0) debian/patches/post-3.0.13/0028-Doc-fix-style.patch (+61/-0) debian/patches/post-3.0.13/0029-Fix-dasync_rsa_decrypt-to-call-EVP_PKEY_meth_get_dec.patch (+33/-0) debian/patches/post-3.0.13/0031-SSL_add_dir_cert_subjects_to_stack-Documented-return.patch (+61/-0) debian/patches/post-3.0.13/0032-Fix-unbounded-memory-growth-when-using-no-cached-fet.patch (+78/-0) debian/patches/post-3.0.13/0033-Update-FIPS-hmac-key-documentation.patch (+35/-0) debian/patches/post-3.0.13/0035-Fixed-a-typo-and-grammar-in-openssl-ts.pod.patch (+35/-0) debian/patches/post-3.0.13/0036-Replace-unsigned-with-int.patch (+49/-0) debian/patches/post-3.0.13/0037-Add-NULL-check-before-accessing-PKCS7-encrypted-algo.patch (+82/-0) debian/patches/post-3.0.13/0038-Explicitly-state-what-keys-does.patch (+33/-0) debian/patches/post-3.0.13/0040-Fix-openssl-req-with-addext-subjectAltName-dirName.patch (+77/-0) debian/patches/post-3.0.13/0041-Fix-handling-of-NULL-sig-parameter-in-ECDSA_sign-and.patch (+173/-0) debian/patches/post-3.0.13/0042-Align-openssl-req-string_mask-docs-to-how-the-softwa.patch (+62/-0) debian/patches/post-3.0.13/0043-Add-documentation-policy-link-to-CONTRIBUTING-guide.patch (+40/-0) debian/patches/post-3.0.13/0045-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-z.patch (+36/-0) debian/patches/post-3.0.13/0046-openssl-crl-1-The-verify-option-is-implied-by-CA-opt.patch (+32/-0) debian/patches/post-3.0.13/0048-Add-a-test-for-session-cache-handling.patch (+132/-0) debian/patches/post-3.0.13/0049-Extend-the-multi_resume-test-for-simultaneous-resump.patch (+161/-0) debian/patches/post-3.0.13/0050-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch (+121/-0) debian/patches/post-3.0.13/0051-Add-a-CHANGES.md-NEWS.md-entry-for-the-unbounded-mem.patch (+80/-0) debian/patches/post-3.0.13/0052-Hardening-around-not_resumable-sessions.patch (+38/-0) debian/patches/post-3.0.13/0053-Add-a-test-for-session-cache-overflow.patch (+171/-0) debian/patches/post-3.0.13/0054-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch (+309/-0) debian/patches/post-3.0.13/0055-Fix-Error-finalizing-cipher-loop-when-running-openss.patch (+59/-0) debian/patches/post-3.0.13/0056-APPS-Add-missing-OPENSSL_free-and-combine-the-error-.patch (+60/-0) debian/patches/post-3.0.13/0057-man-EVP_PKEY_CTX_set_params-document-params-is-a-lis.patch (+34/-0) debian/patches/post-3.0.13/0058-Fix-socket-descriptor-checks-on-Windows.patch (+53/-0) debian/patches/post-3.0.13/0059-Document-that-private-and-pairwise-checks-are-not-bo.patch (+34/-0) debian/patches/post-3.0.13/0060-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch (+37/-0) debian/patches/post-3.0.13/0061-list_provider_info-Fix-leak-on-error.patch (+31/-0) debian/patches/post-3.0.13/0062-doc-fingerprints.txt-Add-the-future-OpenSSL-release-.patch (+34/-0) debian/patches/post-3.0.13/0063-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch (+94/-0) debian/patches/series (+59/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu import | Pending | ||
Review via email: mp+464615@code.launchpad.net |
Commit message
Update to the most recent changes in the openssl-3.0 branch in order to include
all the latest fixes. I went through all changes and they looked usually small
and were always reviewed upstream (and included in other releases, therefore
widening the effective tester base).
Description of the change
NB: the first patch in the series changes VERSION.dat to contain "14"
which is not something we want to do until 3.0.14 is actually released
and used; I will respin this.
# ๐ PPA
A PPA is available at:
https:/
# ๐ฐ Changelog diff from ubuntu/devel
@@ -0,0 +1,7 @@
+openssl (3.0.13+
+
+ * Add all possible patches from the openssl-3.0 branch after 3.0.13 until
+ 2024/04/15 in order to get close to 3.0.14 when it is released.
+
+ -- Adrien Nader <email address hidden> Wed, 17 Apr 2024 17:23:59 +0200
+
# ๐ Diffstats from ubuntu/devel for debian/
debian/changelog | 7 +
debian/
.../post-
...2-fix-
...0003-
...eporting-
...oved-
...e-implicati
...-incorrect-
...Make-
...0-Fix-
...range-
...leaks-
...x-typos-
...-API-
...ULL-
...-Fixed-
...-defined-
...int-
...configurati
...-Minor-
...21-
...oups_
...-commands-
...24-
...ix-
.../0027-
.../patches/
...rsa_
..._cert_
...ed-
.../0033-
...ixed-
.../0036-
...eck-
.../0038-
...sl-
...g-of-
...sl-
...ntation-
...K_OF.
...-1-
...048-
...multi_
...nstrained-
...ES.
...2-Hardening
...053-
...-Fix-
...inalizing-
...ssing-
...Y_CTX_
...8-Fix-
...at-
...essPrefix-
...0061-
...rints.
...mpty-
debian/
59 files changed, 4164 insertions(+), 1 deletion(-)
## Diff of debian/
diff --git a/debian/
index 14e11b9465.
--- a/debian/
+++ b/debian/
@@ -24,3 +24,62 @@ fips/crypto-
fips/apps-
fips/apps-
fips/test-
+
+# Patches after 3.0.13, not yet released as part of 3.0.14
+#
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
+post-3.
# โก๏ธ DEP-3 headers from added patches:
The Forwarded header is missing in all of the patches below but that's
because I've taken the verbatim from upstream. I'm including the patch
list to ease reviews.
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 01/63] Prepare for 3.0.14
## debian/
From: Neil Horman <email address hidden>
Subject: [PATCH 02/63] fix missing null check in kdf_test_ctrl
## debian/
From: Bernd Edlinger <email address hidden>
Subject: [PATCH 03/63] Fix a possible memleak in bind_afalg
## debian/
From: Richard Levitte <email address hidden>
Subject: [PATCH 04/63] Fix error reporting in
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 05/63] Revert "Improved detection of engine-provided private
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 06/63] Document the implications of setting engine-based
## debian/
From: Richard Levitte <email address hidden>
Subject: [PATCH 08/63] Fix a few incorrect paths in some build.info files
## debian/
From: "Hongren (Zenithal) Zheng" <email address hidden>
Subject: [PATCH 09/63] Make IV/buf in prov_cipher_ctx_st aligned
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 10/63] Fix testcases to run on duplicated keys
## debian/
From: Angel Baez <email address hidden>
Subject: [PATCH 11/63] Rearrange terms in gf_mul to prevent segfault
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 12/63] Fix memory leaks on error cases during drbg
## debian/
From: Dimitri Papadopoulos
Subject: [PATCH 13/63] Fix typos found by codespell in openssl-3.0
## debian/
From: Shakti Shah <email address hidden>
Subject: [PATCH 14/63] KDF_CTX_new API has incorrect signature (const should
## debian/
From: Neil Horman <email address hidden>
Subject: [PATCH 15/63] Check for NULL cleanup function before using it in
## debian/
From: Marcel Gosmann <email address hidden>
Subject: [PATCH 16/63] Fixed Visual Studio 2008 compiler errors
## debian/
From: Bernd Ritter <email address hidden>
Subject: [PATCH 17/63] Correct the defined name of the parameter "micalg" in
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 18/63] Don't print excessively long ASN1 items in fuzzer
## debian/
From: "Randall S. Becker" <email address hidden>
Subject: [PATCH 19/63] Add atexit configuration option to using atexit() in
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 20/63] Minor wording fixes related to no-atexit
## debian/
From: MrRurikov <email address hidden>
Subject: [PATCH 21/63] s_cb.c: Add missing return value checks
## debian/
From: Michael Baentsch <email address hidden>
Subject: [PATCH 22/63] SSL_set1_
## debian/
From: Hamilton Chapman <email address hidden>
Subject: [PATCH 23/63] Ensure `$(MAKE)` commands and `CFLAGS` are
## debian/
From: shridhar kalavagunta <email address hidden>
Subject: [PATCH 24/63] Fix off by one issue in buf2hexstr_sep()
## debian/
From: Bernd Edlinger <email address hidden>
Subject: [PATCH 26/63] Try to fix intermittent CI failures in sslapitest
## debian/
From: Alexandr Nedvedicky <email address hidden>
Subject: [PATCH 27/63] FAQ.md should be removed
## debian/
From: =?UTF-8?
Subject: [PATCH 28/63] Doc: fix style
## debian/
From: Vladimirs Ambrosovs <email address hidden>
Subject: [PATCH 29/63] Fix dasync_rsa_decrypt to call
## debian/
From: Shakti Shah <email address hidden>
Subject: [PATCH 31/63] SSL_add_
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 32/63] Fix unbounded memory growth when using no-cached-fetch
## debian/
From: Matt Hauck <email address hidden>
Subject: [PATCH 33/63] Update FIPS hmac key documentation
## debian/
From: olszomal <email address hidden>
Subject: [PATCH 35/63] Fixed a typo and grammar in openssl-ts.pod
## debian/
From: Jiasheng Jiang <email address hidden>
Subject: [PATCH 36/63] Replace unsigned with int
## debian/
From: =?UTF-8?
Subject: [PATCH 37/63] Add NULL check before accessing PKCS7 encrypted
## debian/
From: Simo Sorce <email address hidden>
Subject: [PATCH 38/63] Explicitly state what -keys does
## debian/
From: Bernd Edlinger <email address hidden>
Subject: [PATCH 40/63] Fix openssl req with -addext subjectAltName=
## debian/
From: Bernd Edlinger <email address hidden>
Subject: [PATCH 41/63] Fix handling of NULL sig parameter in ECDSA_sign and
## debian/
From: Job Snijders <email address hidden>
Subject: [PATCH 42/63] Align 'openssl req' string_mask docs to how the
## debian/
From: slontis <email address hidden>
Subject: [PATCH 43/63] Add 'documentation policy' link to CONTRIBUTING guide.
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 45/63] DEFINE_
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 46/63] openssl-crl(1): The -verify option is implied by -CA*
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 48/63] Add a test for session cache handling
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 49/63] Extend the multi_resume test for simultaneous
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 50/63] Fix unconstrained session cache growth in TLSv1.3
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 51/63] Add a CHANGES.md/NEWS.md entry for the unbounded memory
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 52/63] Hardening around not_resumable sessions
## debian/
From: Matt Caswell <email address hidden>
Subject: [PATCH 53/63] Add a test for session cache overflow
## debian/
From: Todd Short <email address hidden>
Subject: [PATCH 54/63] Fix EVP_PKEY_
## debian/
From: Tom Cosgrove <email address hidden>
Subject: [PATCH 55/63] Fix "Error finalizing cipher loop" when running openssl
## debian/
From: Jiasheng Jiang <email address hidden>
Subject: [PATCH 56/63] APPS: Add missing OPENSSL_free() and combine the error
## debian/
From: Hubert Kario <email address hidden>
Subject: [PATCH 57/63] man EVP_PKEY_
## debian/
From: olszomal <email address hidden>
Subject: [PATCH 58/63] Fix socket descriptor checks on Windows
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 59/63] Document that private and pairwise checks are not
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 60/63] make_addressPre
## debian/
From: Tomas Mraz <email address hidden>
Subject: [PATCH 61/63] list_provider_
## debian/
From: Richard Levitte <email address hidden>
Subject: [PATCH 62/63] doc/fingerprint
## debian/
From: trinity-1686a <email address hidden>
Subject: [PATCH 63/63] Handle empty param in EVP_PKEY_
# ๐งช Autopkgtest results
- โ
openssl on noble for arm64 @ 18.04.24 12:47:02
โข Log: https:/
- โ
openssl on noble for armhf @ 18.04.24 13:03:08
โข Log: https:/
- โ
openssl on noble for ppc64el @ 18.04.24 12:40:41
โข Log: https:/
- โ
openssl on noble for s390x @ 18.04.24 12:43:22
โข Log: https:/
# ๐ Lintian diff
No relevant lintian error or warning.
(lintian warns about spelling in patches but these are all spelling
errors in upstream git)
Unmerged commits
- 6860833... by Adrien Nader
-
reconstruct-
changelog - ac60608... by Adrien Nader
-
* Add commits between 3.0.13 and today as patches.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 0a215f4..2e3c512 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,9 @@ |
6 | +openssl (3.0.13-0ubuntu4) noble; urgency=medium |
7 | + |
8 | + * Add patches after 3.0.13 and today. |
9 | + |
10 | + -- Adrien Nader <adrien.nader@canonical.com> Wed, 17 Apr 2024 17:23:59 +0200 |
11 | + |
12 | openssl (3.0.13-0ubuntu3) noble; urgency=medium |
13 | |
14 | * No-change rebuild for CVE-2024-3094 |
15 | diff --git a/debian/openssl.docs b/debian/openssl.docs |
16 | index 3f304a6..5fe0223 100644 |
17 | --- a/debian/openssl.docs |
18 | +++ b/debian/openssl.docs |
19 | @@ -3,5 +3,4 @@ doc/HOWTO |
20 | README.md |
21 | README-ENGINES.md |
22 | NEWS.md |
23 | -FAQ.md |
24 | debian/README.optimization |
25 | diff --git a/debian/patches/post-3.0.13/0001-Prepare-for-3.0.14.patch b/debian/patches/post-3.0.13/0001-Prepare-for-3.0.14.patch |
26 | new file mode 100644 |
27 | index 0000000..d35873c |
28 | --- /dev/null |
29 | +++ b/debian/patches/post-3.0.13/0001-Prepare-for-3.0.14.patch |
30 | @@ -0,0 +1,61 @@ |
31 | +From a1572c9a10bd07aee5daeb19ac97b01a21831d2d Mon Sep 17 00:00:00 2001 |
32 | +From: Matt Caswell <matt@openssl.org> |
33 | +Date: Tue, 30 Jan 2024 13:28:22 +0000 |
34 | +Subject: [PATCH 01/63] Prepare for 3.0.14 |
35 | + |
36 | +Reviewed-by: Richard Levitte <levitte@openssl.org> |
37 | +Release: yes |
38 | +--- |
39 | + CHANGES.md | 4 ++++ |
40 | + NEWS.md | 4 ++++ |
41 | + VERSION.dat | 6 +++--- |
42 | + 3 files changed, 11 insertions(+), 3 deletions(-) |
43 | + |
44 | +diff --git a/CHANGES.md b/CHANGES.md |
45 | +index bd876eb89d..91dd358db8 100644 |
46 | +--- a/CHANGES.md |
47 | ++++ b/CHANGES.md |
48 | +@@ -28,6 +28,10 @@ breaking changes, and mappings for the large list of deprecated functions. |
49 | + |
50 | + [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod |
51 | + |
52 | ++### Changes between 3.0.13 and 3.0.14 [xx XXX xxxx] |
53 | ++ |
54 | ++ * none yet |
55 | ++ |
56 | + ### Changes between 3.0.12 and 3.0.13 [30 Jan 2024] |
57 | + |
58 | + * A file in PKCS12 format can contain certificates and keys and may come from |
59 | +diff --git a/NEWS.md b/NEWS.md |
60 | +index d9a48b157e..11fc8b10b0 100644 |
61 | +--- a/NEWS.md |
62 | ++++ b/NEWS.md |
63 | +@@ -18,6 +18,10 @@ OpenSSL Releases |
64 | + OpenSSL 3.0 |
65 | + ----------- |
66 | + |
67 | ++### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [under development] |
68 | ++ |
69 | ++ * none |
70 | ++ |
71 | + ### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024] |
72 | + |
73 | + * Fixed PKCS12 Decoding crashes |
74 | +diff --git a/VERSION.dat b/VERSION.dat |
75 | +index 3ee1a6f829..3080991a11 100644 |
76 | +--- a/VERSION.dat |
77 | ++++ b/VERSION.dat |
78 | +@@ -1,7 +1,7 @@ |
79 | + MAJOR=3 |
80 | + MINOR=0 |
81 | +-PATCH=13 |
82 | +-PRE_RELEASE_TAG= |
83 | ++PATCH=14 |
84 | ++PRE_RELEASE_TAG=dev |
85 | + BUILD_METADATA= |
86 | +-RELEASE_DATE="30 Jan 2024" |
87 | ++RELEASE_DATE="" |
88 | + SHLIB_VERSION=3 |
89 | +-- |
90 | +2.40.1 |
91 | + |
92 | diff --git a/debian/patches/post-3.0.13/0002-fix-missing-null-check-in-kdf_test_ctrl.patch b/debian/patches/post-3.0.13/0002-fix-missing-null-check-in-kdf_test_ctrl.patch |
93 | new file mode 100644 |
94 | index 0000000..a5207fa |
95 | --- /dev/null |
96 | +++ b/debian/patches/post-3.0.13/0002-fix-missing-null-check-in-kdf_test_ctrl.patch |
97 | @@ -0,0 +1,66 @@ |
98 | +From 4ee81ec4e0c2842d9ec1549a83516000b4685a4d Mon Sep 17 00:00:00 2001 |
99 | +From: Neil Horman <nhorman@openssl.org> |
100 | +Date: Fri, 26 Jan 2024 11:33:18 -0500 |
101 | +Subject: [PATCH 02/63] fix missing null check in kdf_test_ctrl |
102 | + |
103 | +Coverity issue 1453632 noted a missing null check in kdf_test_ctrl |
104 | +recently. If a malformed value is passed in from the test file that |
105 | +does not contain a ':' character, the p variable will be NULL, leading |
106 | +to a NULL derefence prepare_from_text |
107 | + |
108 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
109 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
110 | +(Merged from https://github.com/openssl/openssl/pull/23398) |
111 | + |
112 | +(cherry picked from commit 6ca1d3ee81b61bc973e4e1079ec68ac73331c159) |
113 | +--- |
114 | + test/evp_test.c | 15 +++++++++------ |
115 | + 1 file changed, 9 insertions(+), 6 deletions(-) |
116 | + |
117 | +diff --git a/test/evp_test.c b/test/evp_test.c |
118 | +index 782841a692..2701040dab 100644 |
119 | +--- a/test/evp_test.c |
120 | ++++ b/test/evp_test.c |
121 | +@@ -2773,30 +2773,33 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, |
122 | + if (!TEST_ptr(name = OPENSSL_strdup(value))) |
123 | + return 0; |
124 | + p = strchr(name, ':'); |
125 | +- if (p != NULL) |
126 | ++ if (p == NULL) |
127 | ++ p = ""; |
128 | ++ else |
129 | + *p++ = '\0'; |
130 | + |
131 | + rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, |
132 | +- p != NULL ? strlen(p) : 0, NULL); |
133 | ++ strlen(p), NULL); |
134 | + *++kdata->p = OSSL_PARAM_construct_end(); |
135 | + if (!rv) { |
136 | + t->err = "KDF_PARAM_ERROR"; |
137 | + OPENSSL_free(name); |
138 | + return 0; |
139 | + } |
140 | +- if (p != NULL && strcmp(name, "digest") == 0) { |
141 | ++ if (strcmp(name, "digest") == 0) { |
142 | + if (is_digest_disabled(p)) { |
143 | + TEST_info("skipping, '%s' is disabled", p); |
144 | + t->skip = 1; |
145 | + } |
146 | + } |
147 | +- if (p != NULL |
148 | +- && (strcmp(name, "cipher") == 0 |
149 | +- || strcmp(name, "cekalg") == 0) |
150 | ++ |
151 | ++ if ((strcmp(name, "cipher") == 0 |
152 | ++ || strcmp(name, "cekalg") == 0) |
153 | + && is_cipher_disabled(p)) { |
154 | + TEST_info("skipping, '%s' is disabled", p); |
155 | + t->skip = 1; |
156 | + } |
157 | ++ |
158 | + OPENSSL_free(name); |
159 | + return 1; |
160 | + } |
161 | +-- |
162 | +2.40.1 |
163 | + |
164 | diff --git a/debian/patches/post-3.0.13/0003-Fix-a-possible-memleak-in-bind_afalg.patch b/debian/patches/post-3.0.13/0003-Fix-a-possible-memleak-in-bind_afalg.patch |
165 | new file mode 100644 |
166 | index 0000000..d3ca03b |
167 | --- /dev/null |
168 | +++ b/debian/patches/post-3.0.13/0003-Fix-a-possible-memleak-in-bind_afalg.patch |
169 | @@ -0,0 +1,46 @@ |
170 | +From 25681cb8dcc3086c681917926fe8199df14bf83e Mon Sep 17 00:00:00 2001 |
171 | +From: Bernd Edlinger <bernd.edlinger@hotmail.de> |
172 | +Date: Sun, 28 Jan 2024 23:50:16 +0100 |
173 | +Subject: [PATCH 03/63] Fix a possible memleak in bind_afalg |
174 | + |
175 | +bind_afalg calls afalg_aes_cbc which allocates |
176 | +cipher_handle->_hidden global object(s) |
177 | +but if one of them fails due to out of memory, |
178 | +the function bind_afalg relies on the engine destroy |
179 | +method to be called. But that does not happen |
180 | +because the dynamic engine object is not destroyed |
181 | +in the usual way in dynamic_load in this case: |
182 | + |
183 | +If the bind_engine function fails, there will be no |
184 | +further calls into the shared object. |
185 | +See ./crypto/engine/eng_dyn.c near the comment: |
186 | +/* Copy the original ENGINE structure back */ |
187 | + |
188 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
189 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
190 | +(Merged from https://github.com/openssl/openssl/pull/23409) |
191 | + |
192 | +(cherry picked from commit 729a1496cc4cda669dea6501c991113c78f04560) |
193 | +--- |
194 | + engines/e_afalg.c | 4 +++- |
195 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
196 | + |
197 | +diff --git a/engines/e_afalg.c b/engines/e_afalg.c |
198 | +index 2c08cbb28d..ccef155ea2 100644 |
199 | +--- a/engines/e_afalg.c |
200 | ++++ b/engines/e_afalg.c |
201 | +@@ -811,8 +811,10 @@ static int bind_helper(ENGINE *e, const char *id) |
202 | + if (!afalg_chk_platform()) |
203 | + return 0; |
204 | + |
205 | +- if (!bind_afalg(e)) |
206 | ++ if (!bind_afalg(e)) { |
207 | ++ afalg_destroy(e); |
208 | + return 0; |
209 | ++ } |
210 | + return 1; |
211 | + } |
212 | + |
213 | +-- |
214 | +2.40.1 |
215 | + |
216 | diff --git a/debian/patches/post-3.0.13/0004-Fix-error-reporting-in-EVP_PKEY_-sign-verify-verify_.patch b/debian/patches/post-3.0.13/0004-Fix-error-reporting-in-EVP_PKEY_-sign-verify-verify_.patch |
217 | new file mode 100644 |
218 | index 0000000..79ad3cd |
219 | --- /dev/null |
220 | +++ b/debian/patches/post-3.0.13/0004-Fix-error-reporting-in-EVP_PKEY_-sign-verify-verify_.patch |
221 | @@ -0,0 +1,117 @@ |
222 | +From 5781c0a181c97530e57708fa67bb5faa44368246 Mon Sep 17 00:00:00 2001 |
223 | +From: Richard Levitte <levitte@openssl.org> |
224 | +Date: Mon, 29 Jan 2024 08:51:52 +0100 |
225 | +Subject: [PATCH 04/63] Fix error reporting in |
226 | + EVP_PKEY_{sign,verify,verify_recover} |
227 | + |
228 | +For some reason, those functions (and the _init functions too) would |
229 | +raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE when the passed |
230 | +ctx is NULL, and then not check if the provider supplied the function |
231 | +that would support these libcrypto functions. |
232 | + |
233 | +This corrects the situation, and has all those libcrypto functions |
234 | +raise ERR_R_PASS_NULL_PARAMETER if ctx is NULL, and then check for the |
235 | +corresponding provider supplied, and only when that one is missing, |
236 | +raise EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE. |
237 | + |
238 | +Because 0 doesn't mean error for EVP_PKEY_verify(), -1 is returned when |
239 | +ERR_R_PASSED_NULL_PARAMETER is raised. This is done consistently for all |
240 | +affected functions. |
241 | + |
242 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
243 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
244 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
245 | +(Merged from https://github.com/openssl/openssl/pull/23411) |
246 | + |
247 | +(cherry picked from commit 5a25177d1b07ef6e754fec1747b57ee90ab1e028) |
248 | +--- |
249 | + crypto/evp/signature.c | 31 +++++++++++++++++++++++-------- |
250 | + 1 file changed, 23 insertions(+), 8 deletions(-) |
251 | + |
252 | +diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c |
253 | +index fb269b3bfd..5689505566 100644 |
254 | +--- a/crypto/evp/signature.c |
255 | ++++ b/crypto/evp/signature.c |
256 | +@@ -403,8 +403,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, |
257 | + int iter; |
258 | + |
259 | + if (ctx == NULL) { |
260 | +- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
261 | +- return -2; |
262 | ++ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); |
263 | ++ return -1; |
264 | + } |
265 | + |
266 | + evp_pkey_ctx_free_old_ops(ctx); |
267 | +@@ -634,8 +634,8 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, |
268 | + int ret; |
269 | + |
270 | + if (ctx == NULL) { |
271 | +- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
272 | +- return -2; |
273 | ++ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); |
274 | ++ return -1; |
275 | + } |
276 | + |
277 | + if (ctx->operation != EVP_PKEY_OP_SIGN) { |
278 | +@@ -646,6 +646,11 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, |
279 | + if (ctx->op.sig.algctx == NULL) |
280 | + goto legacy; |
281 | + |
282 | ++ if (ctx->op.sig.signature->sign == NULL) { |
283 | ++ ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
284 | ++ return -2; |
285 | ++ } |
286 | ++ |
287 | + ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen, |
288 | + (sig == NULL) ? 0 : *siglen, tbs, tbslen); |
289 | + |
290 | +@@ -678,8 +683,8 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, |
291 | + int ret; |
292 | + |
293 | + if (ctx == NULL) { |
294 | +- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
295 | +- return -2; |
296 | ++ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); |
297 | ++ return -1; |
298 | + } |
299 | + |
300 | + if (ctx->operation != EVP_PKEY_OP_VERIFY) { |
301 | +@@ -690,6 +695,11 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, |
302 | + if (ctx->op.sig.algctx == NULL) |
303 | + goto legacy; |
304 | + |
305 | ++ if (ctx->op.sig.signature->verify == NULL) { |
306 | ++ ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
307 | ++ return -2; |
308 | ++ } |
309 | ++ |
310 | + ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen, |
311 | + tbs, tbslen); |
312 | + |
313 | +@@ -721,8 +731,8 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, |
314 | + int ret; |
315 | + |
316 | + if (ctx == NULL) { |
317 | +- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
318 | +- return -2; |
319 | ++ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); |
320 | ++ return -1; |
321 | + } |
322 | + |
323 | + if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { |
324 | +@@ -733,6 +743,11 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, |
325 | + if (ctx->op.sig.algctx == NULL) |
326 | + goto legacy; |
327 | + |
328 | ++ if (ctx->op.sig.signature->verify_recover == NULL) { |
329 | ++ ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
330 | ++ return -2; |
331 | ++ } |
332 | ++ |
333 | + ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout, |
334 | + routlen, |
335 | + (rout == NULL ? 0 : *routlen), |
336 | +-- |
337 | +2.40.1 |
338 | + |
339 | diff --git a/debian/patches/post-3.0.13/0005-Revert-Improved-detection-of-engine-provided-private.patch b/debian/patches/post-3.0.13/0005-Revert-Improved-detection-of-engine-provided-private.patch |
340 | new file mode 100644 |
341 | index 0000000..22abf7a |
342 | --- /dev/null |
343 | +++ b/debian/patches/post-3.0.13/0005-Revert-Improved-detection-of-engine-provided-private.patch |
344 | @@ -0,0 +1,82 @@ |
345 | +From ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6 Mon Sep 17 00:00:00 2001 |
346 | +From: Tomas Mraz <tomas@openssl.org> |
347 | +Date: Fri, 15 Dec 2023 13:45:50 +0100 |
348 | +Subject: [PATCH 05/63] Revert "Improved detection of engine-provided private |
349 | + "classic" keys" |
350 | + |
351 | +This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5. |
352 | + |
353 | +The commit was wrong. With 3.x versions the engines must be themselves |
354 | +responsible for creating their EVP_PKEYs in a way that they are treated |
355 | +as legacy - either by using the respective set1 calls or by setting |
356 | +non-default EVP_PKEY_METHOD. |
357 | + |
358 | +The workaround has caused more problems than it solved. |
359 | + |
360 | +Fixes #22945 |
361 | + |
362 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
363 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
364 | +(Merged from https://github.com/openssl/openssl/pull/23063) |
365 | + |
366 | +(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380) |
367 | +--- |
368 | + crypto/engine/eng_pkey.c | 42 ---------------------------------------- |
369 | + 1 file changed, 42 deletions(-) |
370 | + |
371 | +diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c |
372 | +index f84fcde460..075a61b5bf 100644 |
373 | +--- a/crypto/engine/eng_pkey.c |
374 | ++++ b/crypto/engine/eng_pkey.c |
375 | +@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, |
376 | + ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); |
377 | + return NULL; |
378 | + } |
379 | +- /* We enforce check for legacy key */ |
380 | +- switch (EVP_PKEY_get_id(pkey)) { |
381 | +- case EVP_PKEY_RSA: |
382 | +- { |
383 | +- RSA *rsa = EVP_PKEY_get1_RSA(pkey); |
384 | +- EVP_PKEY_set1_RSA(pkey, rsa); |
385 | +- RSA_free(rsa); |
386 | +- } |
387 | +- break; |
388 | +-# ifndef OPENSSL_NO_EC |
389 | +- case EVP_PKEY_SM2: |
390 | +- case EVP_PKEY_EC: |
391 | +- { |
392 | +- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); |
393 | +- EVP_PKEY_set1_EC_KEY(pkey, ec); |
394 | +- EC_KEY_free(ec); |
395 | +- } |
396 | +- break; |
397 | +-# endif |
398 | +-# ifndef OPENSSL_NO_DSA |
399 | +- case EVP_PKEY_DSA: |
400 | +- { |
401 | +- DSA *dsa = EVP_PKEY_get1_DSA(pkey); |
402 | +- EVP_PKEY_set1_DSA(pkey, dsa); |
403 | +- DSA_free(dsa); |
404 | +- } |
405 | +- break; |
406 | +-#endif |
407 | +-# ifndef OPENSSL_NO_DH |
408 | +- case EVP_PKEY_DH: |
409 | +- { |
410 | +- DH *dh = EVP_PKEY_get1_DH(pkey); |
411 | +- EVP_PKEY_set1_DH(pkey, dh); |
412 | +- DH_free(dh); |
413 | +- } |
414 | +- break; |
415 | +-#endif |
416 | +- default: |
417 | +- /*Do nothing */ |
418 | +- break; |
419 | +- } |
420 | +- |
421 | + return pkey; |
422 | + } |
423 | + |
424 | +-- |
425 | +2.40.1 |
426 | + |
427 | diff --git a/debian/patches/post-3.0.13/0006-Document-the-implications-of-setting-engine-based-lo.patch b/debian/patches/post-3.0.13/0006-Document-the-implications-of-setting-engine-based-lo.patch |
428 | new file mode 100644 |
429 | index 0000000..37d8ca2 |
430 | --- /dev/null |
431 | +++ b/debian/patches/post-3.0.13/0006-Document-the-implications-of-setting-engine-based-lo.patch |
432 | @@ -0,0 +1,37 @@ |
433 | +From 41073fdc4266015bb5ed2f4e6e6bf43462632bee Mon Sep 17 00:00:00 2001 |
434 | +From: Tomas Mraz <tomas@openssl.org> |
435 | +Date: Wed, 27 Dec 2023 19:21:49 +0100 |
436 | +Subject: [PATCH 06/63] Document the implications of setting engine-based |
437 | + low-level methods |
438 | + |
439 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
440 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
441 | +(Merged from https://github.com/openssl/openssl/pull/23063) |
442 | + |
443 | +(cherry picked from commit dbb478a51d3f695ec713e9829a2353a0d2d61a59) |
444 | +--- |
445 | + doc/man7/migration_guide.pod | 8 ++++++++ |
446 | + 1 file changed, 8 insertions(+) |
447 | + |
448 | +diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod |
449 | +index 61641324a7..1434f2fde2 100644 |
450 | +--- a/doc/man7/migration_guide.pod |
451 | ++++ b/doc/man7/migration_guide.pod |
452 | +@@ -136,6 +136,14 @@ To ensure the future compatibility, the engines should be turned to providers. |
453 | + To prefer the provider-based hardware offload, you can specify the default |
454 | + properties to prefer your provider. |
455 | + |
456 | ++Setting engine-based or application-based default low-level crypto method such |
457 | ++as B<RSA_METHOD> or B<EC_KEY_METHOD> is still possible and keys inside the |
458 | ++default provider will use the engine-based implementation for the crypto |
459 | ++operations. However B<EVP_PKEY>s created by decoding by using B<OSSL_DECODER>, |
460 | ++B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy |
461 | ++B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar |
462 | ++functions must be used. |
463 | ++ |
464 | + =head3 Versioning Scheme |
465 | + |
466 | + The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new |
467 | +-- |
468 | +2.40.1 |
469 | + |
470 | diff --git a/debian/patches/post-3.0.13/0008-Fix-a-few-incorrect-paths-in-some-build.info-files.patch b/debian/patches/post-3.0.13/0008-Fix-a-few-incorrect-paths-in-some-build.info-files.patch |
471 | new file mode 100644 |
472 | index 0000000..f1b1102 |
473 | --- /dev/null |
474 | +++ b/debian/patches/post-3.0.13/0008-Fix-a-few-incorrect-paths-in-some-build.info-files.patch |
475 | @@ -0,0 +1,67 @@ |
476 | +From 7b3eda56d7891aceef91867de64f24b20e3db212 Mon Sep 17 00:00:00 2001 |
477 | +From: Richard Levitte <levitte@openssl.org> |
478 | +Date: Thu, 1 Feb 2024 10:57:51 +0100 |
479 | +Subject: [PATCH 08/63] Fix a few incorrect paths in some build.info files |
480 | + |
481 | +The following files referred to ../liblegacy.a when they should have |
482 | +referred to ../../liblegacy.a. This cause the creation of a mysterious |
483 | +directory 'crypto/providers', and because of an increased strictness |
484 | +with regards to where directories are created, configuration failure |
485 | +on some platforms. |
486 | + |
487 | +Fixes #23436 |
488 | + |
489 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
490 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
491 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
492 | +(Merged from https://github.com/openssl/openssl/pull/23452) |
493 | + |
494 | +(cherry picked from commit 667b45454a47959ce2934b74c899662e686993de) |
495 | +--- |
496 | + crypto/aes/build.info | 2 +- |
497 | + crypto/ec/build.info | 2 +- |
498 | + crypto/sha/build.info | 2 +- |
499 | + 3 files changed, 3 insertions(+), 3 deletions(-) |
500 | + |
501 | +diff --git a/crypto/aes/build.info b/crypto/aes/build.info |
502 | +index b250903fa6..271015e35e 100644 |
503 | +--- a/crypto/aes/build.info |
504 | ++++ b/crypto/aes/build.info |
505 | +@@ -76,7 +76,7 @@ DEFINE[../../providers/libdefault.a]=$AESDEF |
506 | + # already gets everything that the static libcrypto.a has, and doesn't need it |
507 | + # added again. |
508 | + IF[{- !$disabled{module} && !$disabled{shared} -}] |
509 | +- DEFINE[../providers/liblegacy.a]=$AESDEF |
510 | ++ DEFINE[../../providers/liblegacy.a]=$AESDEF |
511 | + ENDIF |
512 | + |
513 | + GENERATE[aes-ia64.s]=asm/aes-ia64.S |
514 | +diff --git a/crypto/ec/build.info b/crypto/ec/build.info |
515 | +index a511e887a9..6dd98e9f4f 100644 |
516 | +--- a/crypto/ec/build.info |
517 | ++++ b/crypto/ec/build.info |
518 | +@@ -77,7 +77,7 @@ DEFINE[../../providers/libdefault.a]=$ECDEF |
519 | + # Otherwise, it already gets everything that the static libcrypto.a |
520 | + # has, and doesn't need it added again. |
521 | + IF[{- !$disabled{module} && !$disabled{shared} -}] |
522 | +- DEFINE[../providers/liblegacy.a]=$ECDEF |
523 | ++ DEFINE[../../providers/liblegacy.a]=$ECDEF |
524 | + ENDIF |
525 | + |
526 | + GENERATE[ecp_nistz256-x86.S]=asm/ecp_nistz256-x86.pl |
527 | +diff --git a/crypto/sha/build.info b/crypto/sha/build.info |
528 | +index d61f7de9b6..186ec13cc8 100644 |
529 | +--- a/crypto/sha/build.info |
530 | ++++ b/crypto/sha/build.info |
531 | +@@ -88,7 +88,7 @@ DEFINE[../../providers/libdefault.a]=$SHA1DEF $KECCAK1600DEF |
532 | + # linked with libcrypto. Otherwise, it already gets everything that |
533 | + # the static libcrypto.a has, and doesn't need it added again. |
534 | + IF[{- !$disabled{module} && !$disabled{shared} -}] |
535 | +- DEFINE[../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF |
536 | ++ DEFINE[../../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF |
537 | + ENDIF |
538 | + |
539 | + GENERATE[sha1-586.S]=asm/sha1-586.pl |
540 | +-- |
541 | +2.40.1 |
542 | + |
543 | diff --git a/debian/patches/post-3.0.13/0009-Make-IV-buf-in-prov_cipher_ctx_st-aligned.patch b/debian/patches/post-3.0.13/0009-Make-IV-buf-in-prov_cipher_ctx_st-aligned.patch |
544 | new file mode 100644 |
545 | index 0000000..b8cee08 |
546 | --- /dev/null |
547 | +++ b/debian/patches/post-3.0.13/0009-Make-IV-buf-in-prov_cipher_ctx_st-aligned.patch |
548 | @@ -0,0 +1,62 @@ |
549 | +From a91c268853c4bda825a505629a873e21685490bf Mon Sep 17 00:00:00 2001 |
550 | +From: "Hongren (Zenithal) Zheng" <i@zenithal.me> |
551 | +Date: Mon, 9 May 2022 19:42:39 +0800 |
552 | +Subject: [PATCH 09/63] Make IV/buf in prov_cipher_ctx_st aligned |
553 | + |
554 | +Make IV/buf aligned will drastically improve performance |
555 | +as some architecture performs badly on misaligned memory |
556 | +access. |
557 | + |
558 | +Ref to |
559 | +https://gist.github.com/ZenithalHourlyRate/7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md |
560 | +Ref to |
561 | +openssl#18197 |
562 | + |
563 | +Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me> |
564 | + |
565 | +Reviewed-by: Paul Dale <pauli@openssl.org> |
566 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
567 | + |
568 | +(cherry picked from commit 2787a709c984d3884e1726383c2f2afca428d795) |
569 | + |
570 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
571 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
572 | +(Merged from https://github.com/openssl/openssl/pull/23463) |
573 | +--- |
574 | + .../implementations/include/prov/ciphercommon.h | 13 +++++++------ |
575 | + 1 file changed, 7 insertions(+), 6 deletions(-) |
576 | + |
577 | +diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h |
578 | +index 383b759304..7f9a4a3bf2 100644 |
579 | +--- a/providers/implementations/include/prov/ciphercommon.h |
580 | ++++ b/providers/implementations/include/prov/ciphercommon.h |
581 | +@@ -42,6 +42,13 @@ typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, |
582 | + #define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200 |
583 | + |
584 | + struct prov_cipher_ctx_st { |
585 | ++ /* place buffer at the beginning for memory alignment */ |
586 | ++ /* The original value of the iv */ |
587 | ++ unsigned char oiv[GENERIC_BLOCK_SIZE]; |
588 | ++ /* Buffer of partial blocks processed via update calls */ |
589 | ++ unsigned char buf[GENERIC_BLOCK_SIZE]; |
590 | ++ unsigned char iv[GENERIC_BLOCK_SIZE]; |
591 | ++ |
592 | + block128_f block; |
593 | + union { |
594 | + cbc128_f cbc; |
595 | +@@ -83,12 +90,6 @@ struct prov_cipher_ctx_st { |
596 | + * manage partial blocks themselves. |
597 | + */ |
598 | + unsigned int num; |
599 | +- |
600 | +- /* The original value of the iv */ |
601 | +- unsigned char oiv[GENERIC_BLOCK_SIZE]; |
602 | +- /* Buffer of partial blocks processed via update calls */ |
603 | +- unsigned char buf[GENERIC_BLOCK_SIZE]; |
604 | +- unsigned char iv[GENERIC_BLOCK_SIZE]; |
605 | + const PROV_CIPHER_HW *hw; /* hardware specific functions */ |
606 | + const void *ks; /* Pointer to algorithm specific key data */ |
607 | + OSSL_LIB_CTX *libctx; |
608 | +-- |
609 | +2.40.1 |
610 | + |
611 | diff --git a/debian/patches/post-3.0.13/0010-Fix-testcases-to-run-on-duplicated-keys.patch b/debian/patches/post-3.0.13/0010-Fix-testcases-to-run-on-duplicated-keys.patch |
612 | new file mode 100644 |
613 | index 0000000..003a8e1 |
614 | --- /dev/null |
615 | +++ b/debian/patches/post-3.0.13/0010-Fix-testcases-to-run-on-duplicated-keys.patch |
616 | @@ -0,0 +1,246 @@ |
617 | +From f3875dad4bca7d62c54a24ca920c06492020ce64 Mon Sep 17 00:00:00 2001 |
618 | +From: Tomas Mraz <tomas@openssl.org> |
619 | +Date: Fri, 12 Jan 2024 18:47:56 +0100 |
620 | +Subject: [PATCH 10/63] Fix testcases to run on duplicated keys |
621 | + |
622 | +The existing loop pattern did not really run the expected |
623 | +tests on the duplicated keys. |
624 | + |
625 | +Fixes #23129 |
626 | + |
627 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
628 | +Reviewed-by: Richard Levitte <levitte@openssl.org> |
629 | +(Merged from https://github.com/openssl/openssl/pull/23292) |
630 | + |
631 | +(cherry picked from commit 387b93e14907cd8203d6f2c9d78e49df01cb6e1f) |
632 | +--- |
633 | + test/evp_extra_test.c | 6 +++- |
634 | + test/evp_pkey_provided_test.c | 63 +++++++++++++++++++++++++---------- |
635 | + test/keymgmt_internal_test.c | 8 +++-- |
636 | + 3 files changed, 56 insertions(+), 21 deletions(-) |
637 | + |
638 | +diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c |
639 | +index 6b484f8711..e7b813493f 100644 |
640 | +--- a/test/evp_extra_test.c |
641 | ++++ b/test/evp_extra_test.c |
642 | +@@ -1100,7 +1100,7 @@ static int test_EC_priv_only_legacy(void) |
643 | + goto err; |
644 | + eckey = NULL; |
645 | + |
646 | +- while (dup_pk == NULL) { |
647 | ++ for (;;) { |
648 | + ret = 0; |
649 | + ctx = EVP_MD_CTX_new(); |
650 | + if (!TEST_ptr(ctx)) |
651 | +@@ -1116,6 +1116,9 @@ static int test_EC_priv_only_legacy(void) |
652 | + EVP_MD_CTX_free(ctx); |
653 | + ctx = NULL; |
654 | + |
655 | ++ if (dup_pk != NULL) |
656 | ++ break; |
657 | ++ |
658 | + if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) |
659 | + goto err; |
660 | + /* EVP_PKEY_eq() returns -2 with missing public keys */ |
661 | +@@ -1125,6 +1128,7 @@ static int test_EC_priv_only_legacy(void) |
662 | + if (!ret) |
663 | + goto err; |
664 | + } |
665 | ++ ret = 1; |
666 | + |
667 | + err: |
668 | + EVP_MD_CTX_free(ctx); |
669 | +diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c |
670 | +index 27f90e42a7..688a8c1c5e 100644 |
671 | +--- a/test/evp_pkey_provided_test.c |
672 | ++++ b/test/evp_pkey_provided_test.c |
673 | +@@ -389,7 +389,7 @@ static int test_fromdata_rsa(void) |
674 | + fromdata_params), 1)) |
675 | + goto err; |
676 | + |
677 | +- while (dup_pk == NULL) { |
678 | ++ for (;;) { |
679 | + ret = 0; |
680 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32) |
681 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8) |
682 | +@@ -417,7 +417,10 @@ static int test_fromdata_rsa(void) |
683 | + ret = test_print_key_using_pem("RSA", pk) |
684 | + && test_print_key_using_encoder("RSA", pk); |
685 | + |
686 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
687 | ++ if (!ret || dup_pk != NULL) |
688 | ++ break; |
689 | ++ |
690 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
691 | + goto err; |
692 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
693 | + EVP_PKEY_free(pk); |
694 | +@@ -602,7 +605,7 @@ static int test_fromdata_dh_named_group(void) |
695 | + &len))) |
696 | + goto err; |
697 | + |
698 | +- while (dup_pk == NULL) { |
699 | ++ for (;;) { |
700 | + ret = 0; |
701 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) |
702 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) |
703 | +@@ -682,7 +685,10 @@ static int test_fromdata_dh_named_group(void) |
704 | + ret = test_print_key_using_pem("DH", pk) |
705 | + && test_print_key_using_encoder("DH", pk); |
706 | + |
707 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
708 | ++ if (!ret || dup_pk != NULL) |
709 | ++ break; |
710 | ++ |
711 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
712 | + goto err; |
713 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
714 | + EVP_PKEY_free(pk); |
715 | +@@ -783,7 +789,7 @@ static int test_fromdata_dh_fips186_4(void) |
716 | + fromdata_params), 1)) |
717 | + goto err; |
718 | + |
719 | +- while (dup_pk == NULL) { |
720 | ++ for (;;) { |
721 | + ret = 0; |
722 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) |
723 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) |
724 | +@@ -857,7 +863,10 @@ static int test_fromdata_dh_fips186_4(void) |
725 | + ret = test_print_key_using_pem("DH", pk) |
726 | + && test_print_key_using_encoder("DH", pk); |
727 | + |
728 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
729 | ++ if (!ret || dup_pk != NULL) |
730 | ++ break; |
731 | ++ |
732 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
733 | + goto err; |
734 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
735 | + EVP_PKEY_free(pk); |
736 | +@@ -1090,7 +1099,7 @@ static int test_fromdata_ecx(int tst) |
737 | + fromdata_params), 1)) |
738 | + goto err; |
739 | + |
740 | +- while (dup_pk == NULL) { |
741 | ++ for (;;) { |
742 | + ret = 0; |
743 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits) |
744 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits) |
745 | +@@ -1145,7 +1154,10 @@ static int test_fromdata_ecx(int tst) |
746 | + ret = test_print_key_using_pem(alg, pk) |
747 | + && test_print_key_using_encoder(alg, pk); |
748 | + |
749 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
750 | ++ if (!ret || dup_pk != NULL) |
751 | ++ break; |
752 | ++ |
753 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
754 | + goto err; |
755 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
756 | + EVP_PKEY_free(pk); |
757 | +@@ -1262,7 +1274,7 @@ static int test_fromdata_ec(void) |
758 | + fromdata_params), 1)) |
759 | + goto err; |
760 | + |
761 | +- while (dup_pk == NULL) { |
762 | ++ for (;;) { |
763 | + ret = 0; |
764 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256) |
765 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128) |
766 | +@@ -1301,6 +1313,15 @@ static int test_fromdata_ec(void) |
767 | + || !TEST_BN_eq(group_b, b)) |
768 | + goto err; |
769 | + |
770 | ++ EC_GROUP_free(group); |
771 | ++ group = NULL; |
772 | ++ BN_free(group_p); |
773 | ++ group_p = NULL; |
774 | ++ BN_free(group_a); |
775 | ++ group_a = NULL; |
776 | ++ BN_free(group_b); |
777 | ++ group_b = NULL; |
778 | ++ |
779 | + if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, |
780 | + out_curve_name, |
781 | + sizeof(out_curve_name), |
782 | +@@ -1329,7 +1350,10 @@ static int test_fromdata_ec(void) |
783 | + ret = test_print_key_using_pem(alg, pk) |
784 | + && test_print_key_using_encoder(alg, pk); |
785 | + |
786 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
787 | ++ if (!ret || dup_pk != NULL) |
788 | ++ break; |
789 | ++ |
790 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
791 | + goto err; |
792 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
793 | + EVP_PKEY_free(pk); |
794 | +@@ -1575,7 +1599,7 @@ static int test_fromdata_dsa_fips186_4(void) |
795 | + fromdata_params), 1)) |
796 | + goto err; |
797 | + |
798 | +- while (dup_pk == NULL) { |
799 | ++ for (;;) { |
800 | + ret = 0; |
801 | + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) |
802 | + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) |
803 | +@@ -1624,12 +1648,12 @@ static int test_fromdata_dsa_fips186_4(void) |
804 | + &pcounter_out)) |
805 | + || !TEST_int_eq(pcounter, pcounter_out)) |
806 | + goto err; |
807 | +- BN_free(p); |
808 | +- p = NULL; |
809 | +- BN_free(q); |
810 | +- q = NULL; |
811 | +- BN_free(g); |
812 | +- g = NULL; |
813 | ++ BN_free(p_out); |
814 | ++ p_out = NULL; |
815 | ++ BN_free(q_out); |
816 | ++ q_out = NULL; |
817 | ++ BN_free(g_out); |
818 | ++ g_out = NULL; |
819 | + BN_free(j_out); |
820 | + j_out = NULL; |
821 | + BN_free(pub_out); |
822 | +@@ -1657,7 +1681,10 @@ static int test_fromdata_dsa_fips186_4(void) |
823 | + ret = test_print_key_using_pem("DSA", pk) |
824 | + && test_print_key_using_encoder("DSA", pk); |
825 | + |
826 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
827 | ++ if (!ret || dup_pk != NULL) |
828 | ++ break; |
829 | ++ |
830 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
831 | + goto err; |
832 | + ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
833 | + EVP_PKEY_free(pk); |
834 | +diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c |
835 | +index ce2e458f8c..78b1cd717e 100644 |
836 | +--- a/test/keymgmt_internal_test.c |
837 | ++++ b/test/keymgmt_internal_test.c |
838 | +@@ -224,7 +224,7 @@ static int test_pass_rsa(FIXTURE *fixture) |
839 | + || !TEST_ptr_ne(km1, km2)) |
840 | + goto err; |
841 | + |
842 | +- while (dup_pk == NULL) { |
843 | ++ for (;;) { |
844 | + ret = 0; |
845 | + km = km3; |
846 | + /* Check that we can't export an RSA key into an RSA-PSS keymanager */ |
847 | +@@ -255,7 +255,11 @@ static int test_pass_rsa(FIXTURE *fixture) |
848 | + } |
849 | + |
850 | + ret = (ret == OSSL_NELEM(expected)); |
851 | +- if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
852 | ++ |
853 | ++ if (!ret || dup_pk != NULL) |
854 | ++ break; |
855 | ++ |
856 | ++ if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) |
857 | + goto err; |
858 | + |
859 | + ret = TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); |
860 | +-- |
861 | +2.40.1 |
862 | + |
863 | diff --git a/debian/patches/post-3.0.13/0011-Rearrange-terms-in-gf_mul-to-prevent-segfault.patch b/debian/patches/post-3.0.13/0011-Rearrange-terms-in-gf_mul-to-prevent-segfault.patch |
864 | new file mode 100644 |
865 | index 0000000..af701dc |
866 | --- /dev/null |
867 | +++ b/debian/patches/post-3.0.13/0011-Rearrange-terms-in-gf_mul-to-prevent-segfault.patch |
868 | @@ -0,0 +1,36 @@ |
869 | +From 59416d6fce255cd582fa753293bcaea4aad13be8 Mon Sep 17 00:00:00 2001 |
870 | +From: Angel Baez <51308340+abaez004@users.noreply.github.com> |
871 | +Date: Wed, 7 Feb 2024 10:34:48 -0500 |
872 | +Subject: [PATCH 11/63] Rearrange terms in gf_mul to prevent segfault |
873 | + |
874 | +CLA: trivial |
875 | + |
876 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
877 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
878 | +(Merged from https://github.com/openssl/openssl/pull/23512) |
879 | + |
880 | +(cherry picked from commit 76cecff5e9bedb2bafc60062283f99722697082a) |
881 | +--- |
882 | + crypto/ec/curve448/arch_64/f_impl64.c | 6 +++--- |
883 | + 1 file changed, 3 insertions(+), 3 deletions(-) |
884 | + |
885 | +diff --git a/crypto/ec/curve448/arch_64/f_impl64.c b/crypto/ec/curve448/arch_64/f_impl64.c |
886 | +index 8f7a7dd391..4555b3c29a 100644 |
887 | +--- a/crypto/ec/curve448/arch_64/f_impl64.c |
888 | ++++ b/crypto/ec/curve448/arch_64/f_impl64.c |
889 | +@@ -45,9 +45,9 @@ void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) |
890 | + accum0 += widemul(a[j + 4], b[i - j + 4]); |
891 | + } |
892 | + for (; j < 4; j++) { |
893 | +- accum2 += widemul(a[j], b[i - j + 8]); |
894 | +- accum1 += widemul(aa[j], bbb[i - j + 4]); |
895 | +- accum0 += widemul(a[j + 4], bb[i - j + 4]); |
896 | ++ accum2 += widemul(a[j], b[i + 8 - j]); |
897 | ++ accum1 += widemul(aa[j], bbb[i + 4 - j]); |
898 | ++ accum0 += widemul(a[j + 4], bb[i + 4 - j]); |
899 | + } |
900 | + |
901 | + accum1 -= accum2; |
902 | +-- |
903 | +2.40.1 |
904 | + |
905 | diff --git a/debian/patches/post-3.0.13/0012-Fix-memory-leaks-on-error-cases-during-drbg-initiali.patch b/debian/patches/post-3.0.13/0012-Fix-memory-leaks-on-error-cases-during-drbg-initiali.patch |
906 | new file mode 100644 |
907 | index 0000000..d553d24 |
908 | --- /dev/null |
909 | +++ b/debian/patches/post-3.0.13/0012-Fix-memory-leaks-on-error-cases-during-drbg-initiali.patch |
910 | @@ -0,0 +1,106 @@ |
911 | +From 3732a8963d7aacde04f138204e235478609cba8a Mon Sep 17 00:00:00 2001 |
912 | +From: Tomas Mraz <tomas@openssl.org> |
913 | +Date: Wed, 7 Feb 2024 10:27:50 +0100 |
914 | +Subject: [PATCH 12/63] Fix memory leaks on error cases during drbg |
915 | + initializations |
916 | + |
917 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
918 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
919 | +(Merged from https://github.com/openssl/openssl/pull/23503) |
920 | + |
921 | +(cherry picked from commit cb4f7a6ee053e8c51cf3ac35fee333d1f25552c0) |
922 | +--- |
923 | + providers/implementations/rands/drbg.c | 3 ++- |
924 | + providers/implementations/rands/drbg_ctr.c | 5 +++-- |
925 | + providers/implementations/rands/drbg_hash.c | 3 ++- |
926 | + providers/implementations/rands/drbg_hmac.c | 3 ++- |
927 | + providers/implementations/rands/drbg_local.h | 1 + |
928 | + 5 files changed, 10 insertions(+), 5 deletions(-) |
929 | + |
930 | +diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c |
931 | +index e30836c53c..09edce8eb4 100644 |
932 | +--- a/providers/implementations/rands/drbg.c |
933 | ++++ b/providers/implementations/rands/drbg.c |
934 | +@@ -765,6 +765,7 @@ int ossl_drbg_enable_locking(void *vctx) |
935 | + PROV_DRBG *ossl_rand_drbg_new |
936 | + (void *provctx, void *parent, const OSSL_DISPATCH *p_dispatch, |
937 | + int (*dnew)(PROV_DRBG *ctx), |
938 | ++ void (*dfree)(void *vctx), |
939 | + int (*instantiate)(PROV_DRBG *drbg, |
940 | + const unsigned char *entropy, size_t entropylen, |
941 | + const unsigned char *nonce, size_t noncelen, |
942 | +@@ -844,7 +845,7 @@ PROV_DRBG *ossl_rand_drbg_new |
943 | + return drbg; |
944 | + |
945 | + err: |
946 | +- ossl_rand_drbg_free(drbg); |
947 | ++ dfree(drbg); |
948 | + return NULL; |
949 | + } |
950 | + |
951 | +diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c |
952 | +index 451113c4d1..988a08bf93 100644 |
953 | +--- a/providers/implementations/rands/drbg_ctr.c |
954 | ++++ b/providers/implementations/rands/drbg_ctr.c |
955 | +@@ -581,7 +581,7 @@ err: |
956 | + EVP_CIPHER_CTX_free(ctr->ctx_ecb); |
957 | + EVP_CIPHER_CTX_free(ctr->ctx_ctr); |
958 | + ctr->ctx_ecb = ctr->ctx_ctr = NULL; |
959 | +- return 0; |
960 | ++ return 0; |
961 | + } |
962 | + |
963 | + static int drbg_ctr_new(PROV_DRBG *drbg) |
964 | +@@ -602,7 +602,8 @@ static int drbg_ctr_new(PROV_DRBG *drbg) |
965 | + static void *drbg_ctr_new_wrapper(void *provctx, void *parent, |
966 | + const OSSL_DISPATCH *parent_dispatch) |
967 | + { |
968 | +- return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_ctr_new, |
969 | ++ return ossl_rand_drbg_new(provctx, parent, parent_dispatch, |
970 | ++ &drbg_ctr_new, &drbg_ctr_free, |
971 | + &drbg_ctr_instantiate, &drbg_ctr_uninstantiate, |
972 | + &drbg_ctr_reseed, &drbg_ctr_generate); |
973 | + } |
974 | +diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c |
975 | +index 6deb0a2925..4acf9a9830 100644 |
976 | +--- a/providers/implementations/rands/drbg_hash.c |
977 | ++++ b/providers/implementations/rands/drbg_hash.c |
978 | +@@ -410,7 +410,8 @@ static int drbg_hash_new(PROV_DRBG *ctx) |
979 | + static void *drbg_hash_new_wrapper(void *provctx, void *parent, |
980 | + const OSSL_DISPATCH *parent_dispatch) |
981 | + { |
982 | +- return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_hash_new, |
983 | ++ return ossl_rand_drbg_new(provctx, parent, parent_dispatch, |
984 | ++ &drbg_hash_new, &drbg_hash_free, |
985 | + &drbg_hash_instantiate, &drbg_hash_uninstantiate, |
986 | + &drbg_hash_reseed, &drbg_hash_generate); |
987 | + } |
988 | +diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c |
989 | +index e68465a78c..571f5e6f7a 100644 |
990 | +--- a/providers/implementations/rands/drbg_hmac.c |
991 | ++++ b/providers/implementations/rands/drbg_hmac.c |
992 | +@@ -296,7 +296,8 @@ static int drbg_hmac_new(PROV_DRBG *drbg) |
993 | + static void *drbg_hmac_new_wrapper(void *provctx, void *parent, |
994 | + const OSSL_DISPATCH *parent_dispatch) |
995 | + { |
996 | +- return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_hmac_new, |
997 | ++ return ossl_rand_drbg_new(provctx, parent, parent_dispatch, |
998 | ++ &drbg_hmac_new, &drbg_hmac_free, |
999 | + &drbg_hmac_instantiate, &drbg_hmac_uninstantiate, |
1000 | + &drbg_hmac_reseed, &drbg_hmac_generate); |
1001 | + } |
1002 | +diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h |
1003 | +index 8bc5df89c2..a2d1ef5307 100644 |
1004 | +--- a/providers/implementations/rands/drbg_local.h |
1005 | ++++ b/providers/implementations/rands/drbg_local.h |
1006 | +@@ -181,6 +181,7 @@ struct prov_drbg_st { |
1007 | + PROV_DRBG *ossl_rand_drbg_new |
1008 | + (void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch, |
1009 | + int (*dnew)(PROV_DRBG *ctx), |
1010 | ++ void (*dfree)(void *vctx), |
1011 | + int (*instantiate)(PROV_DRBG *drbg, |
1012 | + const unsigned char *entropy, size_t entropylen, |
1013 | + const unsigned char *nonce, size_t noncelen, |
1014 | +-- |
1015 | +2.40.1 |
1016 | + |
1017 | diff --git a/debian/patches/post-3.0.13/0013-Fix-typos-found-by-codespell-in-openssl-3.0.patch b/debian/patches/post-3.0.13/0013-Fix-typos-found-by-codespell-in-openssl-3.0.patch |
1018 | new file mode 100644 |
1019 | index 0000000..3561960 |
1020 | --- /dev/null |
1021 | +++ b/debian/patches/post-3.0.13/0013-Fix-typos-found-by-codespell-in-openssl-3.0.patch |
1022 | @@ -0,0 +1,87 @@ |
1023 | +From 77c6fa6bc7aae11467ca467a5ffbe260551051d7 Mon Sep 17 00:00:00 2001 |
1024 | +From: Dimitri Papadopoulos |
1025 | + <3234522+DimitriPapadopoulos@users.noreply.github.com> |
1026 | +Date: Sun, 11 Feb 2024 18:31:23 +0100 |
1027 | +Subject: [PATCH 13/63] Fix typos found by codespell in openssl-3.0 |
1028 | + |
1029 | +Only modify doc/man* in the openssl-3.0 branch. |
1030 | + |
1031 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1032 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1033 | +(Merged from https://github.com/openssl/openssl/pull/23546) |
1034 | +--- |
1035 | + doc/internal/man3/OPTIONS.pod | 2 +- |
1036 | + doc/internal/man3/ossl_method_construct.pod | 2 +- |
1037 | + doc/internal/man3/ossl_provider_new.pod | 2 +- |
1038 | + doc/internal/man3/ossl_random_add_conf_module.pod | 2 +- |
1039 | + doc/internal/man7/EVP_PKEY.pod | 2 +- |
1040 | + 5 files changed, 5 insertions(+), 5 deletions(-) |
1041 | + |
1042 | +diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod |
1043 | +index 90593ca46f..fed879e528 100644 |
1044 | +--- a/doc/internal/man3/OPTIONS.pod |
1045 | ++++ b/doc/internal/man3/OPTIONS.pod |
1046 | +@@ -155,7 +155,7 @@ on multiple lines; each entry should use B<OPT_MORE_STR>, like this: |
1047 | + {OPT_MORE_STR, 0, 0, |
1048 | + "This flag is not really needed on Unix systems"}, |
1049 | + {OPT_MORE_STR, 0, 0, |
1050 | +- "(Unix and descendents for ths win!)"} |
1051 | ++ "(Unix and descendents for the win!)"} |
1052 | + |
1053 | + Each subsequent line will be indented the correct amount. |
1054 | + |
1055 | +diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod |
1056 | +index 3683798b06..603930dc1f 100644 |
1057 | +--- a/doc/internal/man3/ossl_method_construct.pod |
1058 | ++++ b/doc/internal/man3/ossl_method_construct.pod |
1059 | +@@ -93,7 +93,7 @@ This default store should be stored in the library context I<libctx>. |
1060 | + The method to be looked up should be identified with data found in I<data> |
1061 | + (which is the I<mcm_data> that was passed to ossl_construct_method()). |
1062 | + In other words, the ossl_method_construct() caller is entirely responsible |
1063 | +-for ensuring the necesssary data is made available. |
1064 | ++for ensuring the necessary data is made available. |
1065 | + |
1066 | + Optionally, I<prov> may be given as a search criterion, to narrow down the |
1067 | + search of a method belonging to just one provider. |
1068 | +diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod |
1069 | +index 8bd5594c48..f33f07adfc 100644 |
1070 | +--- a/doc/internal/man3/ossl_provider_new.pod |
1071 | ++++ b/doc/internal/man3/ossl_provider_new.pod |
1072 | +@@ -297,7 +297,7 @@ in a bitstring that's internal to I<provider>. |
1073 | + |
1074 | + ossl_provider_test_operation_bit() checks if the bit operation I<bitnum> |
1075 | + is set (1) or not (0) in the internal I<provider> bitstring, and sets |
1076 | +-I<*result> to 1 or 0 accorddingly. |
1077 | ++I<*result> to 1 or 0 accordingly. |
1078 | + |
1079 | + ossl_provider_init_as_child() stores in the library context I<ctx> references to |
1080 | + the necessary upcalls for managing child providers. The I<handle> and I<in> |
1081 | +diff --git a/doc/internal/man3/ossl_random_add_conf_module.pod b/doc/internal/man3/ossl_random_add_conf_module.pod |
1082 | +index 6d4f5810dc..f1ea37a68c 100644 |
1083 | +--- a/doc/internal/man3/ossl_random_add_conf_module.pod |
1084 | ++++ b/doc/internal/man3/ossl_random_add_conf_module.pod |
1085 | +@@ -15,7 +15,7 @@ ossl_random_add_conf_module - internal random configuration module |
1086 | + |
1087 | + ossl_random_add_conf_module() adds the random configuration module |
1088 | + for providers. |
1089 | +-This allows the type and parameters of the stardard setup of random number |
1090 | ++This allows the type and parameters of the standard setup of random number |
1091 | + generators to be configured with an OpenSSL L<config(5)> file. |
1092 | + |
1093 | + =head1 RETURN VALUES |
1094 | +diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod |
1095 | +index cc738b9c28..ffaff36553 100644 |
1096 | +--- a/doc/internal/man7/EVP_PKEY.pod |
1097 | ++++ b/doc/internal/man7/EVP_PKEY.pod |
1098 | +@@ -19,7 +19,7 @@ private/public key pairs, but has had other uses as well. |
1099 | + |
1100 | + =for comment "uses" could as well be "abuses"... |
1101 | + |
1102 | +-The private/public key pair that an B<EVP_PKEY> contains is refered to |
1103 | ++The private/public key pair that an B<EVP_PKEY> contains is referred to |
1104 | + as its "internal key" or "origin" (the reason for "origin" is |
1105 | + explained further down, in L</Export cache for provider operations>), |
1106 | + and it can take one of the following forms: |
1107 | +-- |
1108 | +2.40.1 |
1109 | + |
1110 | diff --git a/debian/patches/post-3.0.13/0014-KDF_CTX_new-API-has-incorrect-signature-const-should.patch b/debian/patches/post-3.0.13/0014-KDF_CTX_new-API-has-incorrect-signature-const-should.patch |
1111 | new file mode 100644 |
1112 | index 0000000..d3e13e7 |
1113 | --- /dev/null |
1114 | +++ b/debian/patches/post-3.0.13/0014-KDF_CTX_new-API-has-incorrect-signature-const-should.patch |
1115 | @@ -0,0 +1,41 @@ |
1116 | +From 112754183a720b4db0f2770a80a55805010b4e68 Mon Sep 17 00:00:00 2001 |
1117 | +From: Shakti Shah <shaktishah33@gmail.com> |
1118 | +Date: Sun, 11 Feb 2024 01:09:10 +0530 |
1119 | +Subject: [PATCH 14/63] KDF_CTX_new API has incorrect signature (const should |
1120 | + not be there) |
1121 | + |
1122 | +https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html |
1123 | + |
1124 | +The pages for 3.0/3.1/master seem to have the following |
1125 | +EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); |
1126 | + |
1127 | +which does not match with the actual header which is |
1128 | +EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); |
1129 | + |
1130 | +Fixes #23532 |
1131 | + |
1132 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
1133 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1134 | +(Merged from https://github.com/openssl/openssl/pull/23541) |
1135 | + |
1136 | +(cherry picked from commit 4f6133f9db2b9b7ce5e59d8b8ec38202a154c524) |
1137 | +--- |
1138 | + doc/man3/EVP_KDF.pod | 2 +- |
1139 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1140 | + |
1141 | +diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod |
1142 | +index 31d61b2a3d..9009fd21c1 100644 |
1143 | +--- a/doc/man3/EVP_KDF.pod |
1144 | ++++ b/doc/man3/EVP_KDF.pod |
1145 | +@@ -20,7 +20,7 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines |
1146 | + typedef struct evp_kdf_st EVP_KDF; |
1147 | + typedef struct evp_kdf_ctx_st EVP_KDF_CTX; |
1148 | + |
1149 | +- EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); |
1150 | ++ EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); |
1151 | + const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); |
1152 | + void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); |
1153 | + EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); |
1154 | +-- |
1155 | +2.40.1 |
1156 | + |
1157 | diff --git a/debian/patches/post-3.0.13/0015-Check-for-NULL-cleanup-function-before-using-it-in-e.patch b/debian/patches/post-3.0.13/0015-Check-for-NULL-cleanup-function-before-using-it-in-e.patch |
1158 | new file mode 100644 |
1159 | index 0000000..3e6883a |
1160 | --- /dev/null |
1161 | +++ b/debian/patches/post-3.0.13/0015-Check-for-NULL-cleanup-function-before-using-it-in-e.patch |
1162 | @@ -0,0 +1,40 @@ |
1163 | +From 3baa3531be6374428ba0e6e650f9dc2c2b4827a6 Mon Sep 17 00:00:00 2001 |
1164 | +From: Neil Horman <nhorman@openssl.org> |
1165 | +Date: Sat, 16 Dec 2023 15:32:48 -0500 |
1166 | +Subject: [PATCH 15/63] Check for NULL cleanup function before using it in |
1167 | + encoder_process |
1168 | + |
1169 | +encoder_process assumes a cleanup function has been set in the currently |
1170 | +in-use encoder during processing, which can lead to segfaults if said |
1171 | +function hasn't been set |
1172 | + |
1173 | +Add a NULL check for this condition, returning -1 if it is not set |
1174 | + |
1175 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1176 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1177 | +(Merged from https://github.com/openssl/openssl/pull/23069) |
1178 | + |
1179 | +(cherry picked from commit cf57c3ecfa416afbc47d36633981034809ee6792) |
1180 | +--- |
1181 | + crypto/encode_decode/encoder_lib.c | 5 +++++ |
1182 | + 1 file changed, 5 insertions(+) |
1183 | + |
1184 | +diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c |
1185 | +index 7a55c7ab9a..74cda1ff0b 100644 |
1186 | +--- a/crypto/encode_decode/encoder_lib.c |
1187 | ++++ b/crypto/encode_decode/encoder_lib.c |
1188 | +@@ -59,6 +59,11 @@ int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out) |
1189 | + return 0; |
1190 | + } |
1191 | + |
1192 | ++ if (ctx->cleanup == NULL || ctx->construct == NULL) { |
1193 | ++ ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INIT_FAIL); |
1194 | ++ return 0; |
1195 | ++ } |
1196 | ++ |
1197 | + return encoder_process(&data) > 0; |
1198 | + } |
1199 | + |
1200 | +-- |
1201 | +2.40.1 |
1202 | + |
1203 | diff --git a/debian/patches/post-3.0.13/0016-Fixed-Visual-Studio-2008-compiler-errors.patch b/debian/patches/post-3.0.13/0016-Fixed-Visual-Studio-2008-compiler-errors.patch |
1204 | new file mode 100644 |
1205 | index 0000000..058dae5 |
1206 | --- /dev/null |
1207 | +++ b/debian/patches/post-3.0.13/0016-Fixed-Visual-Studio-2008-compiler-errors.patch |
1208 | @@ -0,0 +1,31 @@ |
1209 | +From 70d9a358b9f736e10f7a8fda50953ad58b13a19e Mon Sep 17 00:00:00 2001 |
1210 | +From: Marcel Gosmann <thafiredragonofdeath@gmail.com> |
1211 | +Date: Wed, 14 Feb 2024 11:35:47 +0100 |
1212 | +Subject: [PATCH 16/63] Fixed Visual Studio 2008 compiler errors |
1213 | + |
1214 | +CLA: trivial |
1215 | + |
1216 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1217 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1218 | +(Merged from https://github.com/openssl/openssl/pull/23586) |
1219 | + |
1220 | +(cherry picked from commit c3e8d67885c0c4295cfd1df35a41bf1f3fa9dc37) |
1221 | +--- |
1222 | + crypto/property/property_parse.c | 1 + |
1223 | + 1 file changed, 1 insertion(+) |
1224 | + |
1225 | +diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c |
1226 | +index 19ea39a786..397510823e 100644 |
1227 | +--- a/crypto/property/property_parse.c |
1228 | ++++ b/crypto/property/property_parse.c |
1229 | +@@ -14,6 +14,7 @@ |
1230 | + #include <openssl/err.h> |
1231 | + #include "internal/propertyerr.h" |
1232 | + #include "internal/property.h" |
1233 | ++#include "internal/numbers.h" |
1234 | + #include "crypto/ctype.h" |
1235 | + #include "internal/nelem.h" |
1236 | + #include "property_local.h" |
1237 | +-- |
1238 | +2.40.1 |
1239 | + |
1240 | diff --git a/debian/patches/post-3.0.13/0017-Correct-the-defined-name-of-the-parameter-micalg-in-.patch b/debian/patches/post-3.0.13/0017-Correct-the-defined-name-of-the-parameter-micalg-in-.patch |
1241 | new file mode 100644 |
1242 | index 0000000..b6fa947 |
1243 | --- /dev/null |
1244 | +++ b/debian/patches/post-3.0.13/0017-Correct-the-defined-name-of-the-parameter-micalg-in-.patch |
1245 | @@ -0,0 +1,38 @@ |
1246 | +From 88038f5aec58b138d45f33a745b732e6510eba33 Mon Sep 17 00:00:00 2001 |
1247 | +From: Bernd Ritter <ritter@b1-systems.de> |
1248 | +Date: Sat, 17 Feb 2024 19:15:14 +0100 |
1249 | +Subject: [PATCH 17/63] Correct the defined name of the parameter "micalg" in |
1250 | + the documentation |
1251 | + |
1252 | +The EVP_DigestInit(3) manual page contains wrong name for the define |
1253 | +macro for the OSSL_DIGEST_PARAM_MICALG param. |
1254 | + |
1255 | +Fixes #23580 |
1256 | + |
1257 | +CLA: trivial |
1258 | + |
1259 | +Reviewed-by: Paul Yang <kaishen.yy@antfin.com> |
1260 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1261 | +(Merged from https://github.com/openssl/openssl/pull/23615) |
1262 | + |
1263 | +(cherry picked from commit 5e5c256bbad572cf8d8d9ef9127722ca028d2704) |
1264 | +--- |
1265 | + doc/man3/EVP_DigestInit.pod | 2 +- |
1266 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1267 | + |
1268 | +diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod |
1269 | +index 1953df3c5e..58968c44cb 100644 |
1270 | +--- a/doc/man3/EVP_DigestInit.pod |
1271 | ++++ b/doc/man3/EVP_DigestInit.pod |
1272 | +@@ -483,7 +483,7 @@ EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys: |
1273 | + |
1274 | + =over 4 |
1275 | + |
1276 | +-=item "micalg" (B<OSSL_PARAM_DIGEST_KEY_MICALG>) <UTF8 string>. |
1277 | ++=item "micalg" (B<OSSL_DIGEST_PARAM_MICALG>) <UTF8 string>. |
1278 | + |
1279 | + Gets the digest Message Integrity Check algorithm string. This is used when |
1280 | + creating S/MIME multipart/signed messages, as specified in RFC 3851. |
1281 | +-- |
1282 | +2.40.1 |
1283 | + |
1284 | diff --git a/debian/patches/post-3.0.13/0018-Don-t-print-excessively-long-ASN1-items-in-fuzzer.patch b/debian/patches/post-3.0.13/0018-Don-t-print-excessively-long-ASN1-items-in-fuzzer.patch |
1285 | new file mode 100644 |
1286 | index 0000000..7483a96 |
1287 | --- /dev/null |
1288 | +++ b/debian/patches/post-3.0.13/0018-Don-t-print-excessively-long-ASN1-items-in-fuzzer.patch |
1289 | @@ -0,0 +1,47 @@ |
1290 | +From 878d31954738369c35cbafbaa65e9201e9fc6d4b Mon Sep 17 00:00:00 2001 |
1291 | +From: Matt Caswell <matt@openssl.org> |
1292 | +Date: Tue, 20 Feb 2024 15:11:26 +0000 |
1293 | +Subject: [PATCH 18/63] Don't print excessively long ASN1 items in fuzzer |
1294 | + |
1295 | +Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively |
1296 | +long. |
1297 | + |
1298 | +This fixes a false positive encountered by OSS-Fuzz. |
1299 | + |
1300 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1301 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1302 | +(Merged from https://github.com/openssl/openssl/pull/23640) |
1303 | + |
1304 | +(cherry picked from commit 4a6f70c03182b421d326831532edca32bcdb3fb1) |
1305 | +--- |
1306 | + fuzz/asn1.c | 14 ++++++++++---- |
1307 | + 1 file changed, 10 insertions(+), 4 deletions(-) |
1308 | + |
1309 | +diff --git a/fuzz/asn1.c b/fuzz/asn1.c |
1310 | +index ee602a08a3..d55554b7fd 100644 |
1311 | +--- a/fuzz/asn1.c |
1312 | ++++ b/fuzz/asn1.c |
1313 | +@@ -312,10 +312,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
1314 | + ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i); |
1315 | + |
1316 | + if (o != NULL) { |
1317 | +- BIO *bio = BIO_new(BIO_s_null()); |
1318 | +- if (bio != NULL) { |
1319 | +- ASN1_item_print(bio, o, 4, i, pctx); |
1320 | +- BIO_free(bio); |
1321 | ++ /* |
1322 | ++ * Don't print excessively long output to prevent spurious fuzzer |
1323 | ++ * timeouts. |
1324 | ++ */ |
1325 | ++ if (b - buf < 10000) { |
1326 | ++ BIO *bio = BIO_new(BIO_s_null()); |
1327 | ++ if (bio != NULL) { |
1328 | ++ ASN1_item_print(bio, o, 4, i, pctx); |
1329 | ++ BIO_free(bio); |
1330 | ++ } |
1331 | + } |
1332 | + if (ASN1_item_i2d(o, &der, i) > 0) { |
1333 | + OPENSSL_free(der); |
1334 | +-- |
1335 | +2.40.1 |
1336 | + |
1337 | diff --git a/debian/patches/post-3.0.13/0019-Add-atexit-configuration-option-to-using-atexit-in-l.patch b/debian/patches/post-3.0.13/0019-Add-atexit-configuration-option-to-using-atexit-in-l.patch |
1338 | new file mode 100644 |
1339 | index 0000000..de2c084 |
1340 | --- /dev/null |
1341 | +++ b/debian/patches/post-3.0.13/0019-Add-atexit-configuration-option-to-using-atexit-in-l.patch |
1342 | @@ -0,0 +1,142 @@ |
1343 | +From 73a68d8adde293ad73cb66444b4b683a5697d686 Mon Sep 17 00:00:00 2001 |
1344 | +From: "Randall S. Becker" <randall.becker@nexbridge.ca> |
1345 | +Date: Thu, 25 Jan 2024 22:11:27 +0000 |
1346 | +Subject: [PATCH 19/63] Add atexit configuration option to using atexit() in |
1347 | + libcrypto at build-time. |
1348 | + |
1349 | +This fixes an issue with a mix of atexit() usage in DLL and statically linked |
1350 | +libcrypto that came out in the test suite on NonStop, which has slightly |
1351 | +different DLL unload processing semantics compared to Linux. The change |
1352 | +allows a build configuration to select whether to register OPENSSL_cleanup() |
1353 | +with atexit() or not, so avoid situations where atexit() registration causes |
1354 | +SIGSEGV. |
1355 | + |
1356 | +INSTALL.md and CHANGES.md have been modified to include and describe this |
1357 | +option. |
1358 | + |
1359 | +Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> |
1360 | +Signed-off-by: Tomas Mraz <tomas@openssl.org> |
1361 | + |
1362 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1363 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
1364 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1365 | +(Merged from https://github.com/openssl/openssl/pull/23642) |
1366 | + |
1367 | +(cherry picked from commit 0e1989d4c7435809b60f614c23ba8c9a7c0373e8) |
1368 | +--- |
1369 | + .github/workflows/run-checker-ci.yml | 1 + |
1370 | + CHANGES.md | 6 +++++- |
1371 | + Configure | 1 + |
1372 | + INSTALL.md | 7 +++++++ |
1373 | + NOTES-NONSTOP.md | 5 ++++- |
1374 | + crypto/init.c | 12 +++++++----- |
1375 | + test/recipes/90-test_shlibload.t | 1 + |
1376 | + 7 files changed, 26 insertions(+), 7 deletions(-) |
1377 | + |
1378 | +diff --git a/CHANGES.md b/CHANGES.md |
1379 | +index 91dd358db8..b42dd83bc0 100644 |
1380 | +--- a/CHANGES.md |
1381 | ++++ b/CHANGES.md |
1382 | +@@ -30,7 +30,11 @@ breaking changes, and mappings for the large list of deprecated functions. |
1383 | + |
1384 | + ### Changes between 3.0.13 and 3.0.14 [xx XXX xxxx] |
1385 | + |
1386 | +- * none yet |
1387 | ++ * New atexit configuration switch, which controls whether the OPENSSL_cleanup |
1388 | ++ is registered when libcrypto is unloaded. This can be used on platforms |
1389 | ++ where using atexit() from shared libraries causes crashes on exit. |
1390 | ++ |
1391 | ++ *Randall S. Becker* |
1392 | + |
1393 | + ### Changes between 3.0.12 and 3.0.13 [30 Jan 2024] |
1394 | + |
1395 | +diff --git a/Configure b/Configure |
1396 | +index 84cc409464..ab90de6ccc 100755 |
1397 | +--- a/Configure |
1398 | ++++ b/Configure |
1399 | +@@ -405,6 +405,7 @@ my @disablables = ( |
1400 | + "asan", |
1401 | + "asm", |
1402 | + "async", |
1403 | ++ "atexit", |
1404 | + "autoalginit", |
1405 | + "autoerrinit", |
1406 | + "autoload-config", |
1407 | +diff --git a/INSTALL.md b/INSTALL.md |
1408 | +index fef408e9d1..045b13739b 100644 |
1409 | +--- a/INSTALL.md |
1410 | ++++ b/INSTALL.md |
1411 | +@@ -546,6 +546,13 @@ be used even with this option. |
1412 | + |
1413 | + Do not build support for async operations. |
1414 | + |
1415 | ++### no-atexit |
1416 | ++ |
1417 | ++Do not use `atexit()` in libcrypto builds. |
1418 | ++ |
1419 | ++`atexit()` has varied semantics between platforms and can cause SIGSEGV in some |
1420 | ++circumstances. This options disables the atexit registration of OPENSSL_cleanup. |
1421 | ++ |
1422 | + ### no-autoalginit |
1423 | + |
1424 | + Don't automatically load all supported ciphers and digests. |
1425 | +diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md |
1426 | +index 68438b9988..ab13de7d3a 100644 |
1427 | +--- a/NOTES-NONSTOP.md |
1428 | ++++ b/NOTES-NONSTOP.md |
1429 | +@@ -56,7 +56,10 @@ relating to `atexit()` processing when a shared library is unloaded and when |
1430 | + the program terminates. This limitation applies to all OpenSSL shared library |
1431 | + components. |
1432 | + |
1433 | +-A resolution to this situation is under investigation. |
1434 | ++It is possible to configure the build with `no-atexit` to avoid the SIGSEGV. |
1435 | ++Preferably, you can explicitly call `OPENSSL_cleanup()` from your application. |
1436 | ++It is not mandatory as it just deallocates various global data structures |
1437 | ++OpenSSL allocated. |
1438 | + |
1439 | + About Prefix and OpenSSLDir |
1440 | + --------------------------- |
1441 | +diff --git a/crypto/init.c b/crypto/init.c |
1442 | +index cacf637c89..994f752b4e 100644 |
1443 | +--- a/crypto/init.c |
1444 | ++++ b/crypto/init.c |
1445 | +@@ -97,17 +97,19 @@ static int win32atexit(void) |
1446 | + |
1447 | + DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) |
1448 | + { |
1449 | +-#ifdef OPENSSL_INIT_DEBUG |
1450 | ++#ifndef OPENSSL_NO_ATEXIT |
1451 | ++# ifdef OPENSSL_INIT_DEBUG |
1452 | + fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); |
1453 | +-#endif |
1454 | +-#ifndef OPENSSL_SYS_UEFI |
1455 | +-# if defined(_WIN32) && !defined(__BORLANDC__) |
1456 | ++# endif |
1457 | ++# ifndef OPENSSL_SYS_UEFI |
1458 | ++# if defined(_WIN32) && !defined(__BORLANDC__) |
1459 | + /* We use _onexit() in preference because it gets called on DLL unload */ |
1460 | + if (_onexit(win32atexit) == NULL) |
1461 | + return 0; |
1462 | +-# else |
1463 | ++# else |
1464 | + if (atexit(OPENSSL_cleanup) != 0) |
1465 | + return 0; |
1466 | ++# endif |
1467 | + # endif |
1468 | + #endif |
1469 | + |
1470 | +diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t |
1471 | +index 8f691dee38..af6bae20af 100644 |
1472 | +--- a/test/recipes/90-test_shlibload.t |
1473 | ++++ b/test/recipes/90-test_shlibload.t |
1474 | +@@ -23,6 +23,7 @@ plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|; |
1475 | + plan skip_all => "Test is disabled on NonStop" if config('target') =~ m|^nonstop|; |
1476 | + plan skip_all => "Test only supported in a dso build" if disabled("dso"); |
1477 | + plan skip_all => "Test is disabled in an address sanitizer build" unless disabled("asan"); |
1478 | ++plan skip_all => "Test is disabled if no-atexit is specified" if disabled("atexit"); |
1479 | + |
1480 | + plan tests => 10; |
1481 | + |
1482 | +-- |
1483 | +2.40.1 |
1484 | + |
1485 | diff --git a/debian/patches/post-3.0.13/0020-Minor-wording-fixes-related-to-no-atexit.patch b/debian/patches/post-3.0.13/0020-Minor-wording-fixes-related-to-no-atexit.patch |
1486 | new file mode 100644 |
1487 | index 0000000..49a94ad |
1488 | --- /dev/null |
1489 | +++ b/debian/patches/post-3.0.13/0020-Minor-wording-fixes-related-to-no-atexit.patch |
1490 | @@ -0,0 +1,44 @@ |
1491 | +From d3457f990c6acedf54a40e3ef9ada9d5904c66ef Mon Sep 17 00:00:00 2001 |
1492 | +From: Tomas Mraz <tomas@openssl.org> |
1493 | +Date: Tue, 20 Feb 2024 18:42:24 +0100 |
1494 | +Subject: [PATCH 20/63] Minor wording fixes related to no-atexit |
1495 | + |
1496 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1497 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
1498 | +(Merged from https://github.com/openssl/openssl/pull/23642) |
1499 | + |
1500 | +(cherry picked from commit 66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7) |
1501 | +--- |
1502 | + INSTALL.md | 2 +- |
1503 | + test/recipes/90-test_shlibload.t | 2 +- |
1504 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
1505 | + |
1506 | +diff --git a/INSTALL.md b/INSTALL.md |
1507 | +index 045b13739b..21e82b4f91 100644 |
1508 | +--- a/INSTALL.md |
1509 | ++++ b/INSTALL.md |
1510 | +@@ -551,7 +551,7 @@ Do not build support for async operations. |
1511 | + Do not use `atexit()` in libcrypto builds. |
1512 | + |
1513 | + `atexit()` has varied semantics between platforms and can cause SIGSEGV in some |
1514 | +-circumstances. This options disables the atexit registration of OPENSSL_cleanup. |
1515 | ++circumstances. This option disables the atexit registration of OPENSSL_cleanup. |
1516 | + |
1517 | + ### no-autoalginit |
1518 | + |
1519 | +diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t |
1520 | +index af6bae20af..ccd7fa43e3 100644 |
1521 | +--- a/test/recipes/90-test_shlibload.t |
1522 | ++++ b/test/recipes/90-test_shlibload.t |
1523 | +@@ -23,7 +23,7 @@ plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|; |
1524 | + plan skip_all => "Test is disabled on NonStop" if config('target') =~ m|^nonstop|; |
1525 | + plan skip_all => "Test only supported in a dso build" if disabled("dso"); |
1526 | + plan skip_all => "Test is disabled in an address sanitizer build" unless disabled("asan"); |
1527 | +-plan skip_all => "Test is disabled if no-atexit is specified" if disabled("atexit"); |
1528 | ++plan skip_all => "Test is disabled in no-atexit build" if disabled("atexit"); |
1529 | + |
1530 | + plan tests => 10; |
1531 | + |
1532 | +-- |
1533 | +2.40.1 |
1534 | + |
1535 | diff --git a/debian/patches/post-3.0.13/0021-s_cb.c-Add-missing-return-value-checks.patch b/debian/patches/post-3.0.13/0021-s_cb.c-Add-missing-return-value-checks.patch |
1536 | new file mode 100644 |
1537 | index 0000000..07110ab |
1538 | --- /dev/null |
1539 | +++ b/debian/patches/post-3.0.13/0021-s_cb.c-Add-missing-return-value-checks.patch |
1540 | @@ -0,0 +1,45 @@ |
1541 | +From 6f794b461c6e16c8afb996ee190e084cbbddb6b8 Mon Sep 17 00:00:00 2001 |
1542 | +From: MrRurikov <96385824+MrRurikov@users.noreply.github.com> |
1543 | +Date: Wed, 21 Feb 2024 11:11:34 +0300 |
1544 | +Subject: [PATCH 21/63] s_cb.c: Add missing return value checks |
1545 | + |
1546 | +Return value of function 'SSL_CTX_ctrl', that is called from |
1547 | +SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), |
1548 | +is not checked, but it is usually checked for this function. |
1549 | + |
1550 | +CLA: trivial |
1551 | + |
1552 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1553 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1554 | +(Merged from https://github.com/openssl/openssl/pull/23647) |
1555 | +--- |
1556 | + apps/lib/s_cb.c | 6 ++++-- |
1557 | + 1 file changed, 4 insertions(+), 2 deletions(-) |
1558 | + |
1559 | +diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c |
1560 | +index f2ddd94c3d..e869831e20 100644 |
1561 | +--- a/apps/lib/s_cb.c |
1562 | ++++ b/apps/lib/s_cb.c |
1563 | +@@ -1318,7 +1318,8 @@ int ssl_load_stores(SSL_CTX *ctx, |
1564 | + if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore)) |
1565 | + goto err; |
1566 | + add_crls_store(vfy, crls); |
1567 | +- SSL_CTX_set1_verify_cert_store(ctx, vfy); |
1568 | ++ if (SSL_CTX_set1_verify_cert_store(ctx, vfy) == 0) |
1569 | ++ goto err; |
1570 | + if (crl_download) |
1571 | + store_setup_crl_download(vfy); |
1572 | + } |
1573 | +@@ -1332,7 +1333,8 @@ int ssl_load_stores(SSL_CTX *ctx, |
1574 | + goto err; |
1575 | + if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore)) |
1576 | + goto err; |
1577 | +- SSL_CTX_set1_chain_cert_store(ctx, ch); |
1578 | ++ if (SSL_CTX_set1_chain_cert_store(ctx, ch) == 0) |
1579 | ++ goto err; |
1580 | + } |
1581 | + rv = 1; |
1582 | + err: |
1583 | +-- |
1584 | +2.40.1 |
1585 | + |
1586 | diff --git a/debian/patches/post-3.0.13/0022-SSL_set1_groups_list-Fix-memory-corruption-with-40-g.patch b/debian/patches/post-3.0.13/0022-SSL_set1_groups_list-Fix-memory-corruption-with-40-g.patch |
1587 | new file mode 100644 |
1588 | index 0000000..bfd58ef |
1589 | --- /dev/null |
1590 | +++ b/debian/patches/post-3.0.13/0022-SSL_set1_groups_list-Fix-memory-corruption-with-40-g.patch |
1591 | @@ -0,0 +1,106 @@ |
1592 | +From d9d260eb95ec129b93a55965b6f2f392df0ed0a9 Mon Sep 17 00:00:00 2001 |
1593 | +From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
1594 | +Date: Mon, 19 Feb 2024 06:41:35 +0100 |
1595 | +Subject: [PATCH 22/63] SSL_set1_groups_list(): Fix memory corruption with 40 |
1596 | + groups and more |
1597 | + |
1598 | +Fixes #23624 |
1599 | + |
1600 | +The calculation of the size for gid_arr reallocation was wrong. |
1601 | +A multiplication by gid_arr array item size was missing. |
1602 | + |
1603 | +Testcase is added. |
1604 | + |
1605 | +Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> |
1606 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1607 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1608 | +(Cherry-pick from https://github.com/openssl/openssl/pull/23625) |
1609 | + |
1610 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1611 | +(Merged from https://github.com/openssl/openssl/pull/23661) |
1612 | +--- |
1613 | + ssl/t1_lib.c | 3 ++- |
1614 | + test/sslapitest.c | 15 ++++----------- |
1615 | + test/tls-provider.c | 7 +++++-- |
1616 | + 3 files changed, 11 insertions(+), 14 deletions(-) |
1617 | + |
1618 | +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c |
1619 | +index 8be00a4f34..d775ba56da 100644 |
1620 | +--- a/ssl/t1_lib.c |
1621 | ++++ b/ssl/t1_lib.c |
1622 | +@@ -734,7 +734,8 @@ static int gid_cb(const char *elem, int len, void *arg) |
1623 | + return 0; |
1624 | + if (garg->gidcnt == garg->gidmax) { |
1625 | + uint16_t *tmp = |
1626 | +- OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT); |
1627 | ++ OPENSSL_realloc(garg->gid_arr, |
1628 | ++ (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr)); |
1629 | + if (tmp == NULL) |
1630 | + return 0; |
1631 | + garg->gidmax += GROUPLIST_INCREMENT; |
1632 | +diff --git a/test/sslapitest.c b/test/sslapitest.c |
1633 | +index e0274f12f7..231f498199 100644 |
1634 | +--- a/test/sslapitest.c |
1635 | ++++ b/test/sslapitest.c |
1636 | +@@ -9269,20 +9269,11 @@ static int test_pluggable_group(int idx) |
1637 | + OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); |
1638 | + /* Check that we are not impacted by a provider without any groups */ |
1639 | + OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); |
1640 | +- const char *group_name = idx == 0 ? "xorgroup" : "xorkemgroup"; |
1641 | ++ const char *group_name = idx == 0 ? "xorkemgroup" : "xorgroup"; |
1642 | + |
1643 | + if (!TEST_ptr(tlsprov)) |
1644 | + goto end; |
1645 | + |
1646 | +- if (legacyprov == NULL) { |
1647 | +- /* |
1648 | +- * In this case we assume we've been built with "no-legacy" and skip |
1649 | +- * this test (there is no OPENSSL_NO_LEGACY) |
1650 | +- */ |
1651 | +- testresult = 1; |
1652 | +- goto end; |
1653 | +- } |
1654 | +- |
1655 | + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
1656 | + TLS_client_method(), |
1657 | + TLS1_3_VERSION, |
1658 | +@@ -9292,7 +9283,9 @@ static int test_pluggable_group(int idx) |
1659 | + NULL, NULL))) |
1660 | + goto end; |
1661 | + |
1662 | +- if (!TEST_true(SSL_set1_groups_list(serverssl, group_name)) |
1663 | ++ /* ensure GROUPLIST_INCREMENT (=40) logic triggers: */ |
1664 | ++ if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup:xorkemgroup:dummy1:dummy2:dummy3:dummy4:dummy5:dummy6:dummy7:dummy8:dummy9:dummy10:dummy11:dummy12:dummy13:dummy14:dummy15:dummy16:dummy17:dummy18:dummy19:dummy20:dummy21:dummy22:dummy23:dummy24:dummy25:dummy26:dummy27:dummy28:dummy29:dummy30:dummy31:dummy32:dummy33:dummy34:dummy35:dummy36:dummy37:dummy38:dummy39:dummy40:dummy41:dummy42:dummy43")) |
1665 | ++ /* removing a single algorithm from the list makes the test pass */ |
1666 | + || !TEST_true(SSL_set1_groups_list(clientssl, group_name))) |
1667 | + goto end; |
1668 | + |
1669 | +diff --git a/test/tls-provider.c b/test/tls-provider.c |
1670 | +index 5c44b6812e..eff6f76150 100644 |
1671 | +--- a/test/tls-provider.c |
1672 | ++++ b/test/tls-provider.c |
1673 | +@@ -210,6 +210,8 @@ static int tls_prov_get_capabilities(void *provctx, const char *capability, |
1674 | + } |
1675 | + dummygroup[0].data = dummy_group_names[i]; |
1676 | + dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; |
1677 | ++ /* assign unique group IDs also to dummy groups for registration */ |
1678 | ++ *((int *)(dummygroup[3].data)) = 65279 - NUM_DUMMY_GROUPS + i; |
1679 | + ret &= cb(dummygroup, arg); |
1680 | + } |
1681 | + |
1682 | +@@ -817,9 +819,10 @@ unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx) |
1683 | + return 0; |
1684 | + /* |
1685 | + * Ensure group_id is within the IANA Reserved for private use range |
1686 | +- * (65024-65279) |
1687 | ++ * (65024-65279). |
1688 | ++ * Carve out NUM_DUMMY_GROUPS ids for properly registering those. |
1689 | + */ |
1690 | +- group_id %= 65279 - 65024; |
1691 | ++ group_id %= 65279 - NUM_DUMMY_GROUPS - 65024; |
1692 | + group_id += 65024; |
1693 | + |
1694 | + /* Ensure we did not already issue this group_id */ |
1695 | +-- |
1696 | +2.40.1 |
1697 | + |
1698 | diff --git a/debian/patches/post-3.0.13/0023-Ensure-MAKE-commands-and-CFLAGS-are-appropriately-qu.patch b/debian/patches/post-3.0.13/0023-Ensure-MAKE-commands-and-CFLAGS-are-appropriately-qu.patch |
1699 | new file mode 100644 |
1700 | index 0000000..8cc25f6 |
1701 | --- /dev/null |
1702 | +++ b/debian/patches/post-3.0.13/0023-Ensure-MAKE-commands-and-CFLAGS-are-appropriately-qu.patch |
1703 | @@ -0,0 +1,103 @@ |
1704 | +From 1dea252221624542ca258231e5dc4c8bb528a97b Mon Sep 17 00:00:00 2001 |
1705 | +From: Hamilton Chapman <hamchapman@gmail.com> |
1706 | +Date: Wed, 21 Feb 2024 13:47:19 +0000 |
1707 | +Subject: [PATCH 23/63] Ensure `$(MAKE)` commands and `CFLAGS` are |
1708 | + appropriately quoted in the Makefile. |
1709 | + |
1710 | +If a user's `make` command came from a path that contained a space then both the |
1711 | +`$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS) |
1712 | +would not be properly quoted and the build would fail. |
1713 | + |
1714 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1715 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1716 | +(Merged from https://github.com/openssl/openssl/pull/23663) |
1717 | + |
1718 | +(cherry picked from commit aba621934696ca52193bd41cd35816649b6b321b) |
1719 | +--- |
1720 | + Configurations/15-ios.conf | 6 +++--- |
1721 | + Configurations/unix-Makefile.tmpl | 14 +++++++------- |
1722 | + 2 files changed, 10 insertions(+), 10 deletions(-) |
1723 | + |
1724 | +diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf |
1725 | +index 54d37f63f4..81e3d68bc7 100644 |
1726 | +--- a/Configurations/15-ios.conf |
1727 | ++++ b/Configurations/15-ios.conf |
1728 | +@@ -49,16 +49,16 @@ my %targets = ( |
1729 | + # |
1730 | + "iphoneos-cross" => { |
1731 | + inherit_from => [ "ios-common" ], |
1732 | +- cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), |
1733 | ++ cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"), |
1734 | + }, |
1735 | + "ios-cross" => { |
1736 | + inherit_from => [ "ios-xcrun" ], |
1737 | + CC => "cc", |
1738 | +- cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), |
1739 | ++ cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""), |
1740 | + }, |
1741 | + "ios64-cross" => { |
1742 | + inherit_from => [ "ios64-xcrun" ], |
1743 | + CC => "cc", |
1744 | +- cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), |
1745 | ++ cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""), |
1746 | + }, |
1747 | + ); |
1748 | +diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl |
1749 | +index 3754595d38..644540397d 100644 |
1750 | +--- a/Configurations/unix-Makefile.tmpl |
1751 | ++++ b/Configurations/unix-Makefile.tmpl |
1752 | +@@ -21,7 +21,7 @@ |
1753 | + sub dependmagic { |
1754 | + my $target = shift; |
1755 | + |
1756 | +- return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; |
1757 | ++ return "$target: build_generated\n\t\"\$(MAKE)\" depend && \"\$(MAKE)\" _$target\n_$target"; |
1758 | + } |
1759 | + |
1760 | + our $COLUMNS = $ENV{COLUMNS}; |
1761 | +@@ -527,7 +527,7 @@ all: build_sw build_docs |
1762 | + |
1763 | + test: tests |
1764 | + {- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils |
1765 | +- $(MAKE) run_tests |
1766 | ++ "$(MAKE)" run_tests |
1767 | + run_tests: FORCE |
1768 | + @ : {- output_off() if $disabled{tests}; "" -} |
1769 | + ( SRCTOP=$(SRCDIR) \ |
1770 | +@@ -542,7 +542,7 @@ run_tests: FORCE |
1771 | + |
1772 | + list-tests: |
1773 | + @ : {- output_off() if $disabled{tests}; "" -} |
1774 | +- $(MAKE) run_tests TESTS=list |
1775 | ++ "$(MAKE)" run_tests TESTS=list |
1776 | + @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} |
1777 | + @echo "Tests are not supported with your chosen Configure options" |
1778 | + @ : {- output_on() if !$disabled{tests}; "" -} |
1779 | +@@ -1193,12 +1193,12 @@ providers/fips.module.sources.new: configdata.pm |
1780 | + cd sources-tmp \ |
1781 | + && $$srcdir/Configure --banner=Configured enable-fips -O0 \ |
1782 | + && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \ |
1783 | +- && $(MAKE) -sj 4 build_generated providers/fips.so \ |
1784 | ++ && "$(MAKE)" -sj 4 build_generated providers/fips.so \ |
1785 | + && find . -name '*.d' | xargs cat > dep1 \ |
1786 | +- && $(MAKE) distclean \ |
1787 | ++ && "$(MAKE)" distclean \ |
1788 | + && $$srcdir/Configure --banner=Configured enable-fips no-asm -O0 \ |
1789 | + && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \ |
1790 | +- && $(MAKE) -sj 4 build_generated providers/fips.so \ |
1791 | ++ && "$(MAKE)" -sj 4 build_generated providers/fips.so \ |
1792 | + && find . -name '*.d' | xargs cat > dep2 \ |
1793 | + && cat sources1 sources2 \ |
1794 | + | grep -v ' : \\$$' | grep -v util/providers.num \ |
1795 | +@@ -1332,7 +1332,7 @@ ordinals: build_generated |
1796 | + $(SSLHEADERS) |
1797 | + |
1798 | + test_ordinals: |
1799 | +- $(MAKE) run_tests TESTS=test_ordinals |
1800 | ++ "$(MAKE)" run_tests TESTS=test_ordinals |
1801 | + |
1802 | + tags TAGS: FORCE |
1803 | + rm -f TAGS tags |
1804 | +-- |
1805 | +2.40.1 |
1806 | + |
1807 | diff --git a/debian/patches/post-3.0.13/0024-Fix-off-by-one-issue-in-buf2hexstr_sep.patch b/debian/patches/post-3.0.13/0024-Fix-off-by-one-issue-in-buf2hexstr_sep.patch |
1808 | new file mode 100644 |
1809 | index 0000000..78e5cb3 |
1810 | --- /dev/null |
1811 | +++ b/debian/patches/post-3.0.13/0024-Fix-off-by-one-issue-in-buf2hexstr_sep.patch |
1812 | @@ -0,0 +1,32 @@ |
1813 | +From d44aa28b0db3ba355fe68c5971c90c9a1414788f Mon Sep 17 00:00:00 2001 |
1814 | +From: shridhar kalavagunta <coolshrid@hotmail.com> |
1815 | +Date: Fri, 26 Jan 2024 21:10:32 -0600 |
1816 | +Subject: [PATCH 24/63] Fix off by one issue in buf2hexstr_sep() |
1817 | + |
1818 | +Fixes #23363 |
1819 | + |
1820 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1821 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1822 | +(Merged from https://github.com/openssl/openssl/pull/23404) |
1823 | + |
1824 | +(cherry picked from commit c5cc9c419a0a8d97a44f01f95f0e213f56da4574) |
1825 | +--- |
1826 | + crypto/o_str.c | 2 +- |
1827 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
1828 | + |
1829 | +diff --git a/crypto/o_str.c b/crypto/o_str.c |
1830 | +index 7fa487dd5f..bfbc2ca5e3 100644 |
1831 | +--- a/crypto/o_str.c |
1832 | ++++ b/crypto/o_str.c |
1833 | +@@ -251,7 +251,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, |
1834 | + *q = CH_ZERO; |
1835 | + |
1836 | + #ifdef CHARSET_EBCDIC |
1837 | +- ebcdic2ascii(str, str, q - str - 1); |
1838 | ++ ebcdic2ascii(str, str, q - str); |
1839 | + #endif |
1840 | + return 1; |
1841 | + } |
1842 | +-- |
1843 | +2.40.1 |
1844 | + |
1845 | diff --git a/debian/patches/post-3.0.13/0026-Try-to-fix-intermittent-CI-failures-in-sslapitest.patch b/debian/patches/post-3.0.13/0026-Try-to-fix-intermittent-CI-failures-in-sslapitest.patch |
1846 | new file mode 100644 |
1847 | index 0000000..2ef0e0e |
1848 | --- /dev/null |
1849 | +++ b/debian/patches/post-3.0.13/0026-Try-to-fix-intermittent-CI-failures-in-sslapitest.patch |
1850 | @@ -0,0 +1,48 @@ |
1851 | +From f57a462abbf93f3fcdc25cf71e01fe005560e651 Mon Sep 17 00:00:00 2001 |
1852 | +From: Bernd Edlinger <bernd.edlinger@hotmail.de> |
1853 | +Date: Wed, 28 Feb 2024 07:14:08 +0100 |
1854 | +Subject: [PATCH 26/63] Try to fix intermittent CI failures in sslapitest |
1855 | + |
1856 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1857 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
1858 | +(Merged from https://github.com/openssl/openssl/pull/23774) |
1859 | + |
1860 | +(cherry picked from commit 98dd1f7266d66614a4e04e921e74303f14cea7df) |
1861 | +--- |
1862 | + test/tls-provider.c | 6 +++++- |
1863 | + 1 file changed, 5 insertions(+), 1 deletion(-) |
1864 | + |
1865 | +diff --git a/test/tls-provider.c b/test/tls-provider.c |
1866 | +index eff6f76150..57adcac783 100644 |
1867 | +--- a/test/tls-provider.c |
1868 | ++++ b/test/tls-provider.c |
1869 | +@@ -185,6 +185,8 @@ static int tls_prov_get_capabilities(void *provctx, const char *capability, |
1870 | + } |
1871 | + |
1872 | + /* Register our 2 groups */ |
1873 | ++ OPENSSL_assert(xor_group.group_id >= 65024 |
1874 | ++ && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); |
1875 | + ret = cb(xor_group_params, arg); |
1876 | + ret &= cb(xor_kemgroup_params, arg); |
1877 | + |
1878 | +@@ -196,6 +198,7 @@ static int tls_prov_get_capabilities(void *provctx, const char *capability, |
1879 | + |
1880 | + for (i = 0; i < NUM_DUMMY_GROUPS; i++) { |
1881 | + OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; |
1882 | ++ unsigned int dummygroup_id; |
1883 | + |
1884 | + memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); |
1885 | + |
1886 | +@@ -211,7 +214,8 @@ static int tls_prov_get_capabilities(void *provctx, const char *capability, |
1887 | + dummygroup[0].data = dummy_group_names[i]; |
1888 | + dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; |
1889 | + /* assign unique group IDs also to dummy groups for registration */ |
1890 | +- *((int *)(dummygroup[3].data)) = 65279 - NUM_DUMMY_GROUPS + i; |
1891 | ++ dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; |
1892 | ++ dummygroup[3].data = (unsigned char*)&dummygroup_id; |
1893 | + ret &= cb(dummygroup, arg); |
1894 | + } |
1895 | + |
1896 | +-- |
1897 | +2.40.1 |
1898 | + |
1899 | diff --git a/debian/patches/post-3.0.13/0027-FAQ.md-should-be-removed.patch b/debian/patches/post-3.0.13/0027-FAQ.md-should-be-removed.patch |
1900 | new file mode 100644 |
1901 | index 0000000..80ae456 |
1902 | --- /dev/null |
1903 | +++ b/debian/patches/post-3.0.13/0027-FAQ.md-should-be-removed.patch |
1904 | @@ -0,0 +1,33 @@ |
1905 | +From e24965adffb87a9355cbab1d2a906bcb8ed98e0a Mon Sep 17 00:00:00 2001 |
1906 | +From: Alexandr Nedvedicky <sashan@openssl.org> |
1907 | +Date: Fri, 1 Mar 2024 08:25:19 +0100 |
1908 | +Subject: [PATCH 27/63] FAQ.md should be removed |
1909 | + |
1910 | +the page the link refers to does not exist. |
1911 | +Anyone objects to delete file? |
1912 | + |
1913 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1914 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1915 | +(Merged from https://github.com/openssl/openssl/pull/23719) |
1916 | + |
1917 | +(cherry picked from commit 854539889d31ed2ea63280256fd7aab66e828ae5) |
1918 | +--- |
1919 | + FAQ.md | 6 ------ |
1920 | + 1 file changed, 6 deletions(-) |
1921 | + delete mode 100644 FAQ.md |
1922 | + |
1923 | +diff --git a/FAQ.md b/FAQ.md |
1924 | +deleted file mode 100644 |
1925 | +index 30f5010ce3..0000000000 |
1926 | +--- a/FAQ.md |
1927 | ++++ /dev/null |
1928 | +@@ -1,6 +0,0 @@ |
1929 | +-Frequently Asked Questions (FAQ) |
1930 | +-================================ |
1931 | +- |
1932 | +-The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage. |
1933 | +- |
1934 | +- [FAQ]: https://www.openssl.org/docs/faq.html |
1935 | +-- |
1936 | +2.40.1 |
1937 | + |
1938 | diff --git a/debian/patches/post-3.0.13/0028-Doc-fix-style.patch b/debian/patches/post-3.0.13/0028-Doc-fix-style.patch |
1939 | new file mode 100644 |
1940 | index 0000000..540c0e5 |
1941 | --- /dev/null |
1942 | +++ b/debian/patches/post-3.0.13/0028-Doc-fix-style.patch |
1943 | @@ -0,0 +1,61 @@ |
1944 | +From 650cac22ed95430d15cff9b0ade9edce6c4145aa Mon Sep 17 00:00:00 2001 |
1945 | +From: =?UTF-8?q?=E8=B0=AD=E4=B9=9D=E9=BC=8E?= <109224573@qq.com> |
1946 | +Date: Sun, 10 Mar 2024 02:18:05 +0000 |
1947 | +Subject: [PATCH 28/63] Doc: fix style |
1948 | + |
1949 | +CLA: trivial |
1950 | + |
1951 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
1952 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
1953 | +Reviewed-by: Richard Levitte <levitte@openssl.org> |
1954 | +(Merged from https://github.com/openssl/openssl/pull/23805) |
1955 | + |
1956 | +(cherry picked from commit 52a75f4088f2b2c59721152d9ec6ecf4d17c7e43) |
1957 | +--- |
1958 | + doc/man1/openssl-mac.pod.in | 15 ++++++++++----- |
1959 | + 1 file changed, 10 insertions(+), 5 deletions(-) |
1960 | + |
1961 | +diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in |
1962 | +index 5639747991..053c6910b2 100644 |
1963 | +--- a/doc/man1/openssl-mac.pod.in |
1964 | ++++ b/doc/man1/openssl-mac.pod.in |
1965 | +@@ -123,26 +123,31 @@ To see the list of supported MAC's use the command C<openssl list |
1966 | + |
1967 | + =head1 EXAMPLES |
1968 | + |
1969 | +-To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \ |
1970 | ++To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: |
1971 | ++ |
1972 | + openssl mac -digest SHA1 \ |
1973 | + -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ |
1974 | + -in msg.bin HMAC |
1975 | + |
1976 | +-To create a SipHash MAC from a file with a binary file output: \ |
1977 | ++To create a SipHash MAC from a file with a binary file output: |
1978 | ++ |
1979 | + openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \ |
1980 | + -in msg.bin -out out.bin -binary SipHash |
1981 | + |
1982 | +-To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\ |
1983 | ++To create a hex-encoded CMAC-AES-128-CBC MAC from a file: |
1984 | ++ |
1985 | + openssl mac -cipher AES-128-CBC \ |
1986 | + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \ |
1987 | + -in msg.bin CMAC |
1988 | + |
1989 | + To create a hex-encoded KMAC128 MAC from a file with a Customisation String |
1990 | +-'Tag' and output length of 16: \ |
1991 | ++'Tag' and output length of 16: |
1992 | ++ |
1993 | + openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \ |
1994 | + -macopt size:16 -in msg.bin KMAC128 |
1995 | + |
1996 | +-To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \ |
1997 | ++To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: |
1998 | ++ |
1999 | + openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \ |
2000 | + -macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC |
2001 | + |
2002 | +-- |
2003 | +2.40.1 |
2004 | + |
2005 | diff --git a/debian/patches/post-3.0.13/0029-Fix-dasync_rsa_decrypt-to-call-EVP_PKEY_meth_get_dec.patch b/debian/patches/post-3.0.13/0029-Fix-dasync_rsa_decrypt-to-call-EVP_PKEY_meth_get_dec.patch |
2006 | new file mode 100644 |
2007 | index 0000000..77519c5 |
2008 | --- /dev/null |
2009 | +++ b/debian/patches/post-3.0.13/0029-Fix-dasync_rsa_decrypt-to-call-EVP_PKEY_meth_get_dec.patch |
2010 | @@ -0,0 +1,33 @@ |
2011 | +From 17d12183797033f55aec03376ffd3969cd703c0e Mon Sep 17 00:00:00 2001 |
2012 | +From: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> |
2013 | +Date: Tue, 12 Mar 2024 18:23:55 +0200 |
2014 | +Subject: [PATCH 29/63] Fix dasync_rsa_decrypt to call |
2015 | + EVP_PKEY_meth_get_decrypt |
2016 | + |
2017 | +Signed-off-by: Vladimirs Ambrosovs <rodriguez.twister@gmail.com> |
2018 | + |
2019 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
2020 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2021 | +(Merged from https://github.com/openssl/openssl/pull/23825) |
2022 | + |
2023 | +(cherry picked from commit c91f0ca95881d03a54aedee197bbf5ffffc02935) |
2024 | +--- |
2025 | + engines/e_dasync.c | 2 +- |
2026 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2027 | + |
2028 | +diff --git a/engines/e_dasync.c b/engines/e_dasync.c |
2029 | +index 7974106ae2..aa7b2bce2f 100644 |
2030 | +--- a/engines/e_dasync.c |
2031 | ++++ b/engines/e_dasync.c |
2032 | +@@ -985,7 +985,7 @@ static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, |
2033 | + size_t inlen); |
2034 | + |
2035 | + if (pdecrypt == NULL) |
2036 | +- EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt); |
2037 | ++ EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, NULL, &pdecrypt); |
2038 | + return pdecrypt(ctx, out, outlen, in, inlen); |
2039 | + } |
2040 | + |
2041 | +-- |
2042 | +2.40.1 |
2043 | + |
2044 | diff --git a/debian/patches/post-3.0.13/0031-SSL_add_dir_cert_subjects_to_stack-Documented-return.patch b/debian/patches/post-3.0.13/0031-SSL_add_dir_cert_subjects_to_stack-Documented-return.patch |
2045 | new file mode 100644 |
2046 | index 0000000..a620072 |
2047 | --- /dev/null |
2048 | +++ b/debian/patches/post-3.0.13/0031-SSL_add_dir_cert_subjects_to_stack-Documented-return.patch |
2049 | @@ -0,0 +1,61 @@ |
2050 | +From a58bfb7a97aa2ed8cb78417ea2bcc779f1ac9c0a Mon Sep 17 00:00:00 2001 |
2051 | +From: Shakti Shah <shaktishah33@gmail.com> |
2052 | +Date: Wed, 31 Jan 2024 00:26:32 +0530 |
2053 | +Subject: [PATCH 31/63] SSL_add_dir_cert_subjects_to_stack(): Documented return |
2054 | + values |
2055 | + |
2056 | +In the man page for SSL_add_dir_cert_subjects_to_stack(), the functions |
2057 | +returning int have undocumented return values. |
2058 | + |
2059 | +Fixes #23171 |
2060 | + |
2061 | +Signed-off-by: Shakti Shah <shaktishah33@gmail.com> |
2062 | + |
2063 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2064 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2065 | +(Merged from https://github.com/openssl/openssl/pull/23433) |
2066 | + |
2067 | +(cherry picked from commit 9f3a7ca2cfff948b21f8fdbe92069b3eea1c01fa) |
2068 | +--- |
2069 | + doc/man3/SSL_load_client_CA_file.pod | 18 +++++++++++++++++- |
2070 | + 1 file changed, 17 insertions(+), 1 deletion(-) |
2071 | + |
2072 | +diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod |
2073 | +index 988c7e8934..117f6bb1a9 100644 |
2074 | +--- a/doc/man3/SSL_load_client_CA_file.pod |
2075 | ++++ b/doc/man3/SSL_load_client_CA_file.pod |
2076 | +@@ -54,7 +54,8 @@ it is not limited to CA certificates. |
2077 | + |
2078 | + =head1 RETURN VALUES |
2079 | + |
2080 | +-The following return values can occur: |
2081 | ++The following return values can occur for SSL_load_client_CA_file_ex(), and |
2082 | ++SSL_load_client_CA_file(): |
2083 | + |
2084 | + =over 4 |
2085 | + |
2086 | +@@ -68,6 +69,21 @@ Pointer to the subject names of the successfully read certificates. |
2087 | + |
2088 | + =back |
2089 | + |
2090 | ++The following return values can occur for SSL_add_file_cert_subjects_to_stack(), |
2091 | ++SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack(): |
2092 | ++ |
2093 | ++=over 4 |
2094 | ++ |
2095 | ++=item 0 (Failure) |
2096 | ++ |
2097 | ++The operation failed. |
2098 | ++ |
2099 | ++=item 1 (Success) |
2100 | ++ |
2101 | ++The operation succeeded. |
2102 | ++ |
2103 | ++=back |
2104 | ++ |
2105 | + =head1 EXAMPLES |
2106 | + |
2107 | + Load names of CAs from file and use it as a client CA list: |
2108 | +-- |
2109 | +2.40.1 |
2110 | + |
2111 | diff --git a/debian/patches/post-3.0.13/0032-Fix-unbounded-memory-growth-when-using-no-cached-fet.patch b/debian/patches/post-3.0.13/0032-Fix-unbounded-memory-growth-when-using-no-cached-fet.patch |
2112 | new file mode 100644 |
2113 | index 0000000..7266e34 |
2114 | --- /dev/null |
2115 | +++ b/debian/patches/post-3.0.13/0032-Fix-unbounded-memory-growth-when-using-no-cached-fet.patch |
2116 | @@ -0,0 +1,78 @@ |
2117 | +From a473d59db1ce6943c010c5ba842e7c17fbe81aab Mon Sep 17 00:00:00 2001 |
2118 | +From: Matt Caswell <matt@openssl.org> |
2119 | +Date: Wed, 13 Mar 2024 15:19:43 +0000 |
2120 | +Subject: [PATCH 32/63] Fix unbounded memory growth when using no-cached-fetch |
2121 | + |
2122 | +When OpenSSL has been compiled with no-cached-fetch we do not cache |
2123 | +algorithms fetched from a provider. When we export an EVP_PKEY to a |
2124 | +provider we cache the details of that export in the operation cache for |
2125 | +that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used |
2126 | +for the export. When we come to reuse the key in the same provider that |
2127 | +we have previously exported the key to, we check the operation cache for |
2128 | +the cached key data. However because the EVP_KEYMGMT instance was not |
2129 | +cached then instance will be different every time and we were not |
2130 | +recognising that we had already exported the key to the provider. |
2131 | + |
2132 | +This causes us to re-export the key to the same provider everytime the key |
2133 | +is used. Since this consumes memory we end up with unbounded memory growth. |
2134 | + |
2135 | +The fix is to be more intelligent about recognising that we have already |
2136 | +exported key data to a given provider even if the EVP_KEYMGMT instance is |
2137 | +different. |
2138 | + |
2139 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2140 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
2141 | +Reviewed-by: Paul Dale <ppzgs1@gmail.com> |
2142 | +(Merged from https://github.com/openssl/openssl/pull/23841) |
2143 | + |
2144 | +(cherry picked from commit dc9bc6c8e1bd329ead703417a2235ab3e97557ec) |
2145 | +--- |
2146 | + crypto/evp/keymgmt_lib.c | 7 ++++++- |
2147 | + crypto/evp/p_lib.c | 10 +++++++++- |
2148 | + 2 files changed, 15 insertions(+), 2 deletions(-) |
2149 | + |
2150 | +diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c |
2151 | +index 8369d9578c..3226786bb5 100644 |
2152 | +--- a/crypto/evp/keymgmt_lib.c |
2153 | ++++ b/crypto/evp/keymgmt_lib.c |
2154 | +@@ -243,10 +243,15 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, |
2155 | + /* |
2156 | + * A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause |
2157 | + * problems when we've only a read lock. |
2158 | ++ * A keymgmt is a match if the |keymgmt| pointers are identical or if the |
2159 | ++ * provider and the name ID match |
2160 | + */ |
2161 | + for (i = 0; i < end; i++) { |
2162 | + p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); |
2163 | +- if (keymgmt == p->keymgmt && (p->selection & selection) == selection) |
2164 | ++ if ((p->selection & selection) == selection |
2165 | ++ && (keymgmt == p->keymgmt |
2166 | ++ || (keymgmt->name_id == p->keymgmt->name_id |
2167 | ++ && keymgmt->prov == p->keymgmt->prov))) |
2168 | + return p; |
2169 | + } |
2170 | + return NULL; |
2171 | +diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c |
2172 | +index 04b148a912..119d80fa00 100644 |
2173 | +--- a/crypto/evp/p_lib.c |
2174 | ++++ b/crypto/evp/p_lib.c |
2175 | +@@ -1902,7 +1902,15 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, |
2176 | + * If |tmp_keymgmt| is present in the operation cache, it means |
2177 | + * that export doesn't need to be redone. In that case, we take |
2178 | + * token copies of the cached pointers, to have token success |
2179 | +- * values to return. |
2180 | ++ * values to return. It is possible (e.g. in a no-cached-fetch |
2181 | ++ * build), for op->keymgmt to be a different pointer to tmp_keymgmt |
2182 | ++ * even though the name/provider must be the same. In other words |
2183 | ++ * the keymgmt instance may be different but still equivalent, i.e. |
2184 | ++ * same algorithm/provider instance - but we make the simplifying |
2185 | ++ * assumption that the keydata can be used with either keymgmt |
2186 | ++ * instance. Not doing so introduces significant complexity and |
2187 | ++ * probably requires refactoring - since we would have to ripple |
2188 | ++ * the change in keymgmt instance up the call chain. |
2189 | + */ |
2190 | + if (op != NULL && op->keymgmt != NULL) { |
2191 | + keydata = op->keydata; |
2192 | +-- |
2193 | +2.40.1 |
2194 | + |
2195 | diff --git a/debian/patches/post-3.0.13/0033-Update-FIPS-hmac-key-documentation.patch b/debian/patches/post-3.0.13/0033-Update-FIPS-hmac-key-documentation.patch |
2196 | new file mode 100644 |
2197 | index 0000000..1313a7e |
2198 | --- /dev/null |
2199 | +++ b/debian/patches/post-3.0.13/0033-Update-FIPS-hmac-key-documentation.patch |
2200 | @@ -0,0 +1,35 @@ |
2201 | +From b7732a85415bba3f907d3280e1671bcc26794505 Mon Sep 17 00:00:00 2001 |
2202 | +From: Matt Hauck <matt@thehaucks.xyz> |
2203 | +Date: Thu, 14 Mar 2024 18:25:11 -0700 |
2204 | +Subject: [PATCH 33/63] Update FIPS hmac key documentation |
2205 | + |
2206 | +The documentation is slightly incorrect about the FIPS hmac key. |
2207 | + |
2208 | +CLA: trivial |
2209 | + |
2210 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
2211 | +Reviewed-by: Tim Hudson <tjh@openssl.org> |
2212 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
2213 | +(Merged from https://github.com/openssl/openssl/pull/23846) |
2214 | + |
2215 | +(cherry picked from commit 53ef123f48d402aff7c27f8ec15191cb1cde4105) |
2216 | +--- |
2217 | + INSTALL.md | 2 +- |
2218 | + 1 file changed, 1 insertion(+), 1 deletion(-) |
2219 | + |
2220 | +diff --git a/INSTALL.md b/INSTALL.md |
2221 | +index 21e82b4f91..c0dae491c9 100644 |
2222 | +--- a/INSTALL.md |
2223 | ++++ b/INSTALL.md |
2224 | +@@ -480,7 +480,7 @@ Setting the FIPS HMAC key |
2225 | + |
2226 | + As part of its self-test validation, the FIPS module must verify itself |
2227 | + by performing a SHA-256 HMAC computation on itself. The default key is |
2228 | +-the SHA256 value of "the holy handgrenade of antioch" and is sufficient |
2229 | ++the SHA256 value of "holy hand grenade of antioch" and is sufficient |
2230 | + for meeting the FIPS requirements. |
2231 | + |
2232 | + To change the key to a different value, use this flag. The value should |
2233 | +-- |
2234 | +2.40.1 |
2235 | + |
2236 | diff --git a/debian/patches/post-3.0.13/0035-Fixed-a-typo-and-grammar-in-openssl-ts.pod.patch b/debian/patches/post-3.0.13/0035-Fixed-a-typo-and-grammar-in-openssl-ts.pod.patch |
2237 | new file mode 100644 |
2238 | index 0000000..a6be085 |
2239 | --- /dev/null |
2240 | +++ b/debian/patches/post-3.0.13/0035-Fixed-a-typo-and-grammar-in-openssl-ts.pod.patch |
2241 | @@ -0,0 +1,35 @@ |
2242 | +From 348832c396cecc24d25dd9de42d1c6ebe9869199 Mon Sep 17 00:00:00 2001 |
2243 | +From: olszomal <Malgorzata.Olszowka@stunnel.org> |
2244 | +Date: Thu, 21 Mar 2024 11:10:04 +0100 |
2245 | +Subject: [PATCH 35/63] Fixed a typo and grammar in openssl-ts.pod |
2246 | + |
2247 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
2248 | +Reviewed-by: Kurt Roeckx <kurt@roeckx.be> |
2249 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2250 | +(Merged from https://github.com/openssl/openssl/pull/23913) |
2251 | + |
2252 | +(cherry picked from commit f1c14f1853d2df94e339208eed1df823c2238389) |
2253 | +--- |
2254 | + doc/man1/openssl-ts.pod.in | 6 +++--- |
2255 | + 1 file changed, 3 insertions(+), 3 deletions(-) |
2256 | + |
2257 | +diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in |
2258 | +index 3e7f7c4be9..de87400dce 100644 |
2259 | +--- a/doc/man1/openssl-ts.pod.in |
2260 | ++++ b/doc/man1/openssl-ts.pod.in |
2261 | +@@ -163,9 +163,9 @@ use its own default policy. (Optional) |
2262 | + =item B<-no_nonce> |
2263 | + |
2264 | + No nonce is specified in the request if this option is |
2265 | +-given. Otherwise a 64 bit long pseudo-random none is |
2266 | +-included in the request. It is recommended to use nonce to |
2267 | +-protect against replay-attacks. (Optional) |
2268 | ++given. Otherwise, a 64-bit long pseudo-random nonce is |
2269 | ++included in the request. It is recommended to use a nonce to |
2270 | ++protect against replay attacks. (Optional) |
2271 | + |
2272 | + =item B<-cert> |
2273 | + |
2274 | +-- |
2275 | +2.40.1 |
2276 | + |
2277 | diff --git a/debian/patches/post-3.0.13/0036-Replace-unsigned-with-int.patch b/debian/patches/post-3.0.13/0036-Replace-unsigned-with-int.patch |
2278 | new file mode 100644 |
2279 | index 0000000..acbb103 |
2280 | --- /dev/null |
2281 | +++ b/debian/patches/post-3.0.13/0036-Replace-unsigned-with-int.patch |
2282 | @@ -0,0 +1,49 @@ |
2283 | +From 99a1c93efa751f8c9ee06aafe877a2d8bdbdf990 Mon Sep 17 00:00:00 2001 |
2284 | +From: Jiasheng Jiang <jiasheng@purdue.edu> |
2285 | +Date: Thu, 21 Mar 2024 19:55:34 +0000 |
2286 | +Subject: [PATCH 36/63] Replace unsigned with int |
2287 | + |
2288 | +Replace the type of "digest_length" with int to avoid implicit conversion when it is assigned by EVP_MD_get_size(). |
2289 | +Otherwise, it may pass the following check and cause the integer overflow error when EVP_MD_get_size() returns negative numbers. |
2290 | +Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> |
2291 | + |
2292 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
2293 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
2294 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2295 | +(Merged from https://github.com/openssl/openssl/pull/23922) |
2296 | + |
2297 | +(cherry picked from commit f13ddaab69def0b453b75a8f2deb80e1f1634f42) |
2298 | +--- |
2299 | + demos/digest/EVP_MD_demo.c | 2 +- |
2300 | + demos/digest/EVP_MD_stdin.c | 2 +- |
2301 | + 2 files changed, 2 insertions(+), 2 deletions(-) |
2302 | + |
2303 | +diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c |
2304 | +index 99589bd344..7cb7936b59 100644 |
2305 | +--- a/demos/digest/EVP_MD_demo.c |
2306 | ++++ b/demos/digest/EVP_MD_demo.c |
2307 | +@@ -83,7 +83,7 @@ int demonstrate_digest(void) |
2308 | + const char *option_properties = NULL; |
2309 | + EVP_MD *message_digest = NULL; |
2310 | + EVP_MD_CTX *digest_context = NULL; |
2311 | +- unsigned int digest_length; |
2312 | ++ int digest_length; |
2313 | + unsigned char *digest_value = NULL; |
2314 | + int j; |
2315 | + |
2316 | +diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c |
2317 | +index 71a3d325a3..07813acdc9 100644 |
2318 | +--- a/demos/digest/EVP_MD_stdin.c |
2319 | ++++ b/demos/digest/EVP_MD_stdin.c |
2320 | +@@ -38,7 +38,7 @@ int demonstrate_digest(BIO *input) |
2321 | + const char * option_properties = NULL; |
2322 | + EVP_MD *message_digest = NULL; |
2323 | + EVP_MD_CTX *digest_context = NULL; |
2324 | +- unsigned int digest_length; |
2325 | ++ int digest_length; |
2326 | + unsigned char *digest_value = NULL; |
2327 | + unsigned char buffer[512]; |
2328 | + int ii; |
2329 | +-- |
2330 | +2.40.1 |
2331 | + |
2332 | diff --git a/debian/patches/post-3.0.13/0037-Add-NULL-check-before-accessing-PKCS7-encrypted-algo.patch b/debian/patches/post-3.0.13/0037-Add-NULL-check-before-accessing-PKCS7-encrypted-algo.patch |
2333 | new file mode 100644 |
2334 | index 0000000..f9eedf7 |
2335 | --- /dev/null |
2336 | +++ b/debian/patches/post-3.0.13/0037-Add-NULL-check-before-accessing-PKCS7-encrypted-algo.patch |
2337 | @@ -0,0 +1,82 @@ |
2338 | +From 95dfb4244a8b6f23768714619f4f4640d51dc3ff Mon Sep 17 00:00:00 2001 |
2339 | +From: =?UTF-8?q?Viliam=20Lej=C4=8D=C3=ADk?= <lejcik@gmail.com> |
2340 | +Date: Mon, 19 Feb 2024 21:39:05 +0100 |
2341 | +Subject: [PATCH 37/63] Add NULL check before accessing PKCS7 encrypted |
2342 | + algorithm |
2343 | + |
2344 | +Printing content of an invalid test certificate causes application crash, because of NULL dereference: |
2345 | + |
2346 | +user@user:~/openssl$ openssl pkcs12 -in test/recipes/80-test_pkcs12_data/bad2.p12 -passin pass: -info |
2347 | +MAC: sha256, Iteration 2048 |
2348 | +MAC length: 32, salt length: 8 |
2349 | +PKCS7 Encrypted data: Segmentation fault (core dumped) |
2350 | + |
2351 | +Added test cases for pkcs12 bad certificates |
2352 | + |
2353 | +Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> |
2354 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2355 | +(Merged from https://github.com/openssl/openssl/pull/23632) |
2356 | + |
2357 | +(cherry picked from commit a4cbffcd8998180b98bb9f7ce6065ed37d079d8b) |
2358 | +--- |
2359 | + apps/pkcs12.c | 6 +++++- |
2360 | + test/recipes/80-test_pkcs12.t | 14 +++++++++++++- |
2361 | + 2 files changed, 18 insertions(+), 2 deletions(-) |
2362 | + |
2363 | +diff --git a/apps/pkcs12.c b/apps/pkcs12.c |
2364 | +index b442d358f8..af4f9fce04 100644 |
2365 | +--- a/apps/pkcs12.c |
2366 | ++++ b/apps/pkcs12.c |
2367 | +@@ -855,7 +855,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, |
2368 | + } else if (bagnid == NID_pkcs7_encrypted) { |
2369 | + if (options & INFO) { |
2370 | + BIO_printf(bio_err, "PKCS7 Encrypted data: "); |
2371 | +- alg_print(p7->d.encrypted->enc_data->algorithm); |
2372 | ++ if (p7->d.encrypted == NULL) { |
2373 | ++ BIO_printf(bio_err, "<no data>\n"); |
2374 | ++ } else { |
2375 | ++ alg_print(p7->d.encrypted->enc_data->algorithm); |
2376 | ++ } |
2377 | + } |
2378 | + bags = PKCS12_unpack_p7encdata(p7, pass, passlen); |
2379 | + } else { |
2380 | +diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t |
2381 | +index 4c5bb5744b..de26cbdca4 100644 |
2382 | +--- a/test/recipes/80-test_pkcs12.t |
2383 | ++++ b/test/recipes/80-test_pkcs12.t |
2384 | +@@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) { |
2385 | + } |
2386 | + $ENV{OPENSSL_WIN32_UTF8}=1; |
2387 | + |
2388 | +-plan tests => 17; |
2389 | ++plan tests => 20; |
2390 | + |
2391 | + # Test different PKCS#12 formats |
2392 | + ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); |
2393 | +@@ -162,11 +162,23 @@ with({ exit_checker => sub { return shift == 1; } }, |
2394 | + "-nomacver"])), |
2395 | + "test bad pkcs12 file 1 (nomacver)"); |
2396 | + |
2397 | ++ ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:", |
2398 | ++ "-info"])), |
2399 | ++ "test bad pkcs12 file 1 (info)"); |
2400 | ++ |
2401 | + ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])), |
2402 | + "test bad pkcs12 file 2"); |
2403 | + |
2404 | ++ ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:", |
2405 | ++ "-info"])), |
2406 | ++ "test bad pkcs12 file 2 (info)"); |
2407 | ++ |
2408 | + ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])), |
2409 | + "test bad pkcs12 file 3"); |
2410 | ++ |
2411 | ++ ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:", |
2412 | ++ "-info"])), |
2413 | ++ "test bad pkcs12 file 3 (info)"); |
2414 | + }); |
2415 | + |
2416 | + SetConsoleOutputCP($savedcp) if (defined($savedcp)); |
2417 | +-- |
2418 | +2.40.1 |
2419 | + |
2420 | diff --git a/debian/patches/post-3.0.13/0038-Explicitly-state-what-keys-does.patch b/debian/patches/post-3.0.13/0038-Explicitly-state-what-keys-does.patch |
2421 | new file mode 100644 |
2422 | index 0000000..bc71067 |
2423 | --- /dev/null |
2424 | +++ b/debian/patches/post-3.0.13/0038-Explicitly-state-what-keys-does.patch |
2425 | @@ -0,0 +1,33 @@ |
2426 | +From 6ae0220c96f78ba362ba75a93c023122ebba2bdf Mon Sep 17 00:00:00 2001 |
2427 | +From: Simo Sorce <simo@redhat.com> |
2428 | +Date: Thu, 21 Mar 2024 10:00:52 -0400 |
2429 | +Subject: [PATCH 38/63] Explicitly state what -keys does |
2430 | + |
2431 | +Signed-off-by: Simo Sorce <simo@redhat.com> |
2432 | + |
2433 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2434 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2435 | +(Merged from https://github.com/openssl/openssl/pull/23919) |
2436 | + |
2437 | +(cherry picked from commit 693c479a2ca671e0dfca8d1ad14e789169b982ff) |
2438 | +--- |
2439 | + doc/man1/openssl-storeutl.pod.in | 3 +++ |
2440 | + 1 file changed, 3 insertions(+) |
2441 | + |
2442 | +diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in |
2443 | +index 26d5ee28e6..512055c9f7 100644 |
2444 | +--- a/doc/man1/openssl-storeutl.pod.in |
2445 | ++++ b/doc/man1/openssl-storeutl.pod.in |
2446 | +@@ -79,6 +79,9 @@ returned. |
2447 | + Note that all options must be given before the I<uri> argument. |
2448 | + Otherwise they are ignored. |
2449 | + |
2450 | ++Note I<-keys> selects exclusively private keys, there is no selector for public |
2451 | ++keys only. |
2452 | ++ |
2453 | + =item B<-subject> I<arg> |
2454 | + |
2455 | + Search for an object having the subject name I<arg>. |
2456 | +-- |
2457 | +2.40.1 |
2458 | + |
2459 | diff --git a/debian/patches/post-3.0.13/0040-Fix-openssl-req-with-addext-subjectAltName-dirName.patch b/debian/patches/post-3.0.13/0040-Fix-openssl-req-with-addext-subjectAltName-dirName.patch |
2460 | new file mode 100644 |
2461 | index 0000000..32dc69b |
2462 | --- /dev/null |
2463 | +++ b/debian/patches/post-3.0.13/0040-Fix-openssl-req-with-addext-subjectAltName-dirName.patch |
2464 | @@ -0,0 +1,77 @@ |
2465 | +From 845e6824098cd0845c85af0f19afc904b8f48111 Mon Sep 17 00:00:00 2001 |
2466 | +From: Bernd Edlinger <bernd.edlinger@hotmail.de> |
2467 | +Date: Fri, 23 Feb 2024 10:32:14 +0100 |
2468 | +Subject: [PATCH 40/63] Fix openssl req with -addext subjectAltName=dirName |
2469 | + |
2470 | +The syntax check of the -addext fails because the |
2471 | +X509V3_CTX is used to lookup the referenced section, |
2472 | +but the wrong configuration file is used, where only |
2473 | +a default section with all passed in -addext lines is available. |
2474 | +Thus it was not possible to use the subjectAltName=dirName:section |
2475 | +as an -addext parameter. Probably other extensions as well. |
2476 | + |
2477 | +This change affects only the syntax check, the real extension |
2478 | +was already created with correct parameters. |
2479 | + |
2480 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2481 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2482 | +(Merged from https://github.com/openssl/openssl/pull/23669) |
2483 | + |
2484 | +(cherry picked from commit 387418893e45e588d1cbd4222549b5113437c9ab) |
2485 | +--- |
2486 | + apps/req.c | 2 +- |
2487 | + test/recipes/25-test_req.t | 3 ++- |
2488 | + test/test.cnf | 6 ++++++ |
2489 | + 3 files changed, 9 insertions(+), 2 deletions(-) |
2490 | + |
2491 | +diff --git a/apps/req.c b/apps/req.c |
2492 | +index c7d4c7822c..2fc53d4bfc 100644 |
2493 | +--- a/apps/req.c |
2494 | ++++ b/apps/req.c |
2495 | +@@ -569,7 +569,7 @@ int req_main(int argc, char **argv) |
2496 | + X509V3_CTX ctx; |
2497 | + |
2498 | + X509V3_set_ctx_test(&ctx); |
2499 | +- X509V3_set_nconf(&ctx, addext_conf); |
2500 | ++ X509V3_set_nconf(&ctx, req_conf); |
2501 | + if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { |
2502 | + BIO_printf(bio_err, "Error checking extensions defined using -addext\n"); |
2503 | + goto end; |
2504 | +diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t |
2505 | +index fe02d29c63..932635f4b2 100644 |
2506 | +--- a/test/recipes/25-test_req.t |
2507 | ++++ b/test/recipes/25-test_req.t |
2508 | +@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; |
2509 | + |
2510 | + setup("test_req"); |
2511 | + |
2512 | +-plan tests => 49; |
2513 | ++plan tests => 50; |
2514 | + |
2515 | + require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); |
2516 | + |
2517 | +@@ -53,6 +53,7 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); |
2518 | + ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); |
2519 | + ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); |
2520 | + ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); |
2521 | ++ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"]))); |
2522 | + |
2523 | + # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. |
2524 | + ok(!run(app(["openssl", "req", "-x509", |
2525 | +diff --git a/test/test.cnf b/test/test.cnf |
2526 | +index 8b2f92ad8e..8f68982a9f 100644 |
2527 | +--- a/test/test.cnf |
2528 | ++++ b/test/test.cnf |
2529 | +@@ -72,3 +72,9 @@ commonName = CN field |
2530 | + commonName_value = Eric Young |
2531 | + emailAddress = email field |
2532 | + emailAddress_value = eay@mincom.oz.au |
2533 | ++ |
2534 | ++[ dirname_sec ] |
2535 | ++C = UK |
2536 | ++O = My Organization |
2537 | ++OU = My Unit |
2538 | ++CN = My Name |
2539 | +-- |
2540 | +2.40.1 |
2541 | + |
2542 | diff --git a/debian/patches/post-3.0.13/0041-Fix-handling-of-NULL-sig-parameter-in-ECDSA_sign-and.patch b/debian/patches/post-3.0.13/0041-Fix-handling-of-NULL-sig-parameter-in-ECDSA_sign-and.patch |
2543 | new file mode 100644 |
2544 | index 0000000..a6e4bef |
2545 | --- /dev/null |
2546 | +++ b/debian/patches/post-3.0.13/0041-Fix-handling-of-NULL-sig-parameter-in-ECDSA_sign-and.patch |
2547 | @@ -0,0 +1,173 @@ |
2548 | +From 2fe6c0fbb5ae7e2279e80d7cdff99a1bd2a45733 Mon Sep 17 00:00:00 2001 |
2549 | +From: Bernd Edlinger <bernd.edlinger@hotmail.de> |
2550 | +Date: Thu, 8 Feb 2024 22:21:55 +0100 |
2551 | +Subject: [PATCH 41/63] Fix handling of NULL sig parameter in ECDSA_sign and |
2552 | + similar |
2553 | + |
2554 | +The problem is, that it almost works to pass sig=NULL to the |
2555 | +ECDSA_sign, ECDSA_sign_ex and DSA_sign, to compute the necessary |
2556 | +space for the resulting signature. |
2557 | +But since the ECDSA signature is non-deterministic |
2558 | +(except when ECDSA_sign_setup/ECDSA_sign_ex are used) |
2559 | +the resulting length may be different when the API is called again. |
2560 | +This can easily cause random memory corruption. |
2561 | +Several internal APIs had the same issue, but since they are |
2562 | +never called with sig=NULL, it is better to make them return an |
2563 | +error in that case, instead of making the code more complex. |
2564 | + |
2565 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2566 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2567 | +(Merged from https://github.com/openssl/openssl/pull/23529) |
2568 | + |
2569 | +(cherry picked from commit 1fa2bf9b1885d2e87524421fea5041d40149cffa) |
2570 | +--- |
2571 | + crypto/dsa/dsa_sign.c | 7 ++++++- |
2572 | + crypto/ec/ecdsa_ossl.c | 5 +++++ |
2573 | + crypto/sm2/sm2_sign.c | 7 ++++++- |
2574 | + test/dsatest.c | 8 ++++++-- |
2575 | + test/ecdsatest.c | 28 ++++++++++++++++++++++++++-- |
2576 | + 5 files changed, 49 insertions(+), 6 deletions(-) |
2577 | + |
2578 | +diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c |
2579 | +index ddfbfa18af..2f963af8e1 100644 |
2580 | +--- a/crypto/dsa/dsa_sign.c |
2581 | ++++ b/crypto/dsa/dsa_sign.c |
2582 | +@@ -156,6 +156,11 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, |
2583 | + { |
2584 | + DSA_SIG *s; |
2585 | + |
2586 | ++ if (sig == NULL) { |
2587 | ++ *siglen = DSA_size(dsa); |
2588 | ++ return 1; |
2589 | ++ } |
2590 | ++ |
2591 | + /* legacy case uses the method table */ |
2592 | + if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method()) |
2593 | + s = DSA_do_sign(dgst, dlen, dsa); |
2594 | +@@ -165,7 +170,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, |
2595 | + *siglen = 0; |
2596 | + return 0; |
2597 | + } |
2598 | +- *siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL); |
2599 | ++ *siglen = i2d_DSA_SIG(s, &sig); |
2600 | + DSA_SIG_free(s); |
2601 | + return 1; |
2602 | + } |
2603 | +diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c |
2604 | +index 0bf4635e2f..0bdf45e6e7 100644 |
2605 | +--- a/crypto/ec/ecdsa_ossl.c |
2606 | ++++ b/crypto/ec/ecdsa_ossl.c |
2607 | +@@ -70,6 +70,11 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, |
2608 | + { |
2609 | + ECDSA_SIG *s; |
2610 | + |
2611 | ++ if (sig == NULL && (kinv == NULL || r == NULL)) { |
2612 | ++ *siglen = ECDSA_size(eckey); |
2613 | ++ return 1; |
2614 | ++ } |
2615 | ++ |
2616 | + s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); |
2617 | + if (s == NULL) { |
2618 | + *siglen = 0; |
2619 | +diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c |
2620 | +index ff5be9b73e..09e542990b 100644 |
2621 | +--- a/crypto/sm2/sm2_sign.c |
2622 | ++++ b/crypto/sm2/sm2_sign.c |
2623 | +@@ -442,6 +442,11 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, |
2624 | + int sigleni; |
2625 | + int ret = -1; |
2626 | + |
2627 | ++ if (sig == NULL) { |
2628 | ++ ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); |
2629 | ++ goto done; |
2630 | ++ } |
2631 | ++ |
2632 | + e = BN_bin2bn(dgst, dgstlen, NULL); |
2633 | + if (e == NULL) { |
2634 | + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); |
2635 | +@@ -454,7 +459,7 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, |
2636 | + goto done; |
2637 | + } |
2638 | + |
2639 | +- sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL); |
2640 | ++ sigleni = i2d_ECDSA_SIG(s, &sig); |
2641 | + if (sigleni < 0) { |
2642 | + ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); |
2643 | + goto done; |
2644 | +diff --git a/test/dsatest.c b/test/dsatest.c |
2645 | +index 5fa83020f8..73c6827bb0 100644 |
2646 | +--- a/test/dsatest.c |
2647 | ++++ b/test/dsatest.c |
2648 | +@@ -332,6 +332,7 @@ static int test_dsa_sig_infinite_loop(void) |
2649 | + BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL; |
2650 | + BIGNUM *badq = NULL, *badpriv = NULL; |
2651 | + const unsigned char msg[] = { 0x00 }; |
2652 | ++ unsigned int signature_len0; |
2653 | + unsigned int signature_len; |
2654 | + unsigned char signature[64]; |
2655 | + |
2656 | +@@ -375,10 +376,13 @@ static int test_dsa_sig_infinite_loop(void) |
2657 | + goto err; |
2658 | + |
2659 | + /* Test passing signature as NULL */ |
2660 | +- if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len, dsa))) |
2661 | ++ if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa)) |
2662 | ++ || !TEST_int_gt(signature_len0, 0)) |
2663 | + goto err; |
2664 | + |
2665 | +- if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) |
2666 | ++ if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)) |
2667 | ++ || !TEST_int_gt(signature_len, 0) |
2668 | ++ || !TEST_int_le(signature_len, signature_len0)) |
2669 | + goto err; |
2670 | + |
2671 | + /* Test using a private key of zero fails - this causes an infinite loop without the retry test */ |
2672 | +diff --git a/test/ecdsatest.c b/test/ecdsatest.c |
2673 | +index 33a52eb1b5..ded41be5bd 100644 |
2674 | +--- a/test/ecdsatest.c |
2675 | ++++ b/test/ecdsatest.c |
2676 | +@@ -350,15 +350,39 @@ static int test_builtin_as_sm2(int n) |
2677 | + static int test_ecdsa_sig_NULL(void) |
2678 | + { |
2679 | + int ret; |
2680 | ++ unsigned int siglen0; |
2681 | + unsigned int siglen; |
2682 | + unsigned char dgst[128] = { 0 }; |
2683 | + EC_KEY *eckey = NULL; |
2684 | ++ unsigned char *sig = NULL; |
2685 | ++ BIGNUM *kinv = NULL, *rp = NULL; |
2686 | + |
2687 | + ret = TEST_ptr(eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) |
2688 | + && TEST_int_eq(EC_KEY_generate_key(eckey), 1) |
2689 | +- && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen, eckey), 1) |
2690 | +- && TEST_int_gt(siglen, 0); |
2691 | ++ && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0, |
2692 | ++ eckey), 1) |
2693 | ++ && TEST_int_gt(siglen0, 0) |
2694 | ++ && TEST_ptr(sig = OPENSSL_malloc(siglen0)) |
2695 | ++ && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen, |
2696 | ++ eckey), 1) |
2697 | ++ && TEST_int_gt(siglen, 0) |
2698 | ++ && TEST_int_le(siglen, siglen0) |
2699 | ++ && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, |
2700 | ++ eckey), 1) |
2701 | ++ && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1) |
2702 | ++ && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen, |
2703 | ++ kinv, rp, eckey), 1) |
2704 | ++ && TEST_int_gt(siglen, 0) |
2705 | ++ && TEST_int_le(siglen, siglen0) |
2706 | ++ && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0, |
2707 | ++ kinv, rp, eckey), 1) |
2708 | ++ && TEST_int_eq(siglen, siglen0) |
2709 | ++ && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, |
2710 | ++ eckey), 1); |
2711 | + EC_KEY_free(eckey); |
2712 | ++ OPENSSL_free(sig); |
2713 | ++ BN_free(kinv); |
2714 | ++ BN_free(rp); |
2715 | + return ret; |
2716 | + } |
2717 | + |
2718 | +-- |
2719 | +2.40.1 |
2720 | + |
2721 | diff --git a/debian/patches/post-3.0.13/0042-Align-openssl-req-string_mask-docs-to-how-the-softwa.patch b/debian/patches/post-3.0.13/0042-Align-openssl-req-string_mask-docs-to-how-the-softwa.patch |
2722 | new file mode 100644 |
2723 | index 0000000..a764e7c |
2724 | --- /dev/null |
2725 | +++ b/debian/patches/post-3.0.13/0042-Align-openssl-req-string_mask-docs-to-how-the-softwa.patch |
2726 | @@ -0,0 +1,62 @@ |
2727 | +From 442d861cb3cf4b7579f2cd99586c2d2aa7618edf Mon Sep 17 00:00:00 2001 |
2728 | +From: Job Snijders <job@sobornost.net> |
2729 | +Date: Tue, 27 Feb 2024 19:14:32 +0000 |
2730 | +Subject: [PATCH 42/63] Align 'openssl req' string_mask docs to how the |
2731 | + software really works |
2732 | + |
2733 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
2734 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2735 | +(Merged from https://github.com/openssl/openssl/pull/23699) |
2736 | + |
2737 | +(cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f) |
2738 | +--- |
2739 | + doc/man1/openssl-req.pod.in | 33 +++++++++++++++++++++++---------- |
2740 | + 1 file changed, 23 insertions(+), 10 deletions(-) |
2741 | + |
2742 | +diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in |
2743 | +index 31fd714187..81181bdb4e 100644 |
2744 | +--- a/doc/man1/openssl-req.pod.in |
2745 | ++++ b/doc/man1/openssl-req.pod.in |
2746 | +@@ -472,16 +472,29 @@ any digest that has been set. |
2747 | + =item B<string_mask> |
2748 | + |
2749 | + This option masks out the use of certain string types in certain |
2750 | +-fields. Most users will not need to change this option. |
2751 | +- |
2752 | +-It can be set to several values B<default> which is also the default |
2753 | +-option uses PrintableStrings, T61Strings and BMPStrings if the |
2754 | +-B<pkix> value is used then only PrintableStrings and BMPStrings will |
2755 | +-be used. This follows the PKIX recommendation in RFC2459. If the |
2756 | +-B<utf8only> option is used then only UTF8Strings will be used: this |
2757 | +-is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> |
2758 | +-option just uses PrintableStrings and T61Strings: certain software has |
2759 | +-problems with BMPStrings and UTF8Strings: in particular Netscape. |
2760 | ++fields. Most users will not need to change this option. It can be set to |
2761 | ++several values: |
2762 | ++ |
2763 | ++=over 4 |
2764 | ++ |
2765 | ++=item B<utf8only> |
2766 | ++- only UTF8Strings are used (this is the default value) |
2767 | ++ |
2768 | ++=item B<pkix> |
2769 | ++- any string type except T61Strings |
2770 | ++ |
2771 | ++=item B<nombstr> |
2772 | ++- any string type except BMPStrings and UTF8Strings |
2773 | ++ |
2774 | ++=item B<default> |
2775 | ++- any kind of string type |
2776 | ++ |
2777 | ++=back |
2778 | ++ |
2779 | ++Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the |
2780 | ++default B<string_mask>; B<default> is not the default option. The B<nombstr> |
2781 | ++value is a workaround for some software that has problems with variable-sized |
2782 | ++BMPStrings and UTF8Strings. |
2783 | + |
2784 | + =item B<req_extensions> |
2785 | + |
2786 | +-- |
2787 | +2.40.1 |
2788 | + |
2789 | diff --git a/debian/patches/post-3.0.13/0043-Add-documentation-policy-link-to-CONTRIBUTING-guide.patch b/debian/patches/post-3.0.13/0043-Add-documentation-policy-link-to-CONTRIBUTING-guide.patch |
2790 | new file mode 100644 |
2791 | index 0000000..873c397 |
2792 | --- /dev/null |
2793 | +++ b/debian/patches/post-3.0.13/0043-Add-documentation-policy-link-to-CONTRIBUTING-guide.patch |
2794 | @@ -0,0 +1,40 @@ |
2795 | +From 5405606234ede0ce8dbda24d329327bfa3c430c4 Mon Sep 17 00:00:00 2001 |
2796 | +From: slontis <shane.lontis@oracle.com> |
2797 | +Date: Mon, 18 Mar 2024 11:46:12 +1100 |
2798 | +Subject: [PATCH 43/63] Add 'documentation policy' link to CONTRIBUTING guide. |
2799 | + |
2800 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
2801 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2802 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2803 | +(Merged from https://github.com/openssl/openssl/pull/23875) |
2804 | + |
2805 | +(cherry picked from commit e817766c0f46f371fabe344fba60d13afcfc3da9) |
2806 | +--- |
2807 | + CONTRIBUTING.md | 4 +++- |
2808 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
2809 | + |
2810 | +diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md |
2811 | +index 15490fd9f6..0066e7e8ad 100644 |
2812 | +--- a/CONTRIBUTING.md |
2813 | ++++ b/CONTRIBUTING.md |
2814 | +@@ -67,7 +67,8 @@ guidelines: |
2815 | + often. We do not accept merge commits, you will have to remove them |
2816 | + (usually by rebasing) before it will be acceptable. |
2817 | + |
2818 | +- 4. Code provided should follow our [coding style] and compile without warnings. |
2819 | ++ 4. Code provided should follow our [coding style] and [documentation policy] |
2820 | ++ and compile without warnings. |
2821 | + There is a [Perl tool](util/check-format.pl) that helps |
2822 | + finding code formatting mistakes and other coding style nits. |
2823 | + Where `gcc` or `clang` is available, you should use the |
2824 | +@@ -77,6 +78,7 @@ guidelines: |
2825 | + whenever a PR is created or updated by committers. |
2826 | + |
2827 | + [coding style]: https://www.openssl.org/policies/technical/coding-style.html |
2828 | ++ [documentation policy]: https://openssl.org/policies/technical/documentation-policy.html |
2829 | + |
2830 | + 5. When at all possible, code contributions should include tests. These can |
2831 | + either be added to an existing test, or completely new. Please see |
2832 | +-- |
2833 | +2.40.1 |
2834 | + |
2835 | diff --git a/debian/patches/post-3.0.13/0045-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-z.patch b/debian/patches/post-3.0.13/0045-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-z.patch |
2836 | new file mode 100644 |
2837 | index 0000000..97d08d4 |
2838 | --- /dev/null |
2839 | +++ b/debian/patches/post-3.0.13/0045-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-z.patch |
2840 | @@ -0,0 +1,36 @@ |
2841 | +From 90fe7b2b90346c3123f139e7b6d67334856b0c5a Mon Sep 17 00:00:00 2001 |
2842 | +From: Tomas Mraz <tomas@openssl.org> |
2843 | +Date: Tue, 2 Apr 2024 16:43:27 +0200 |
2844 | +Subject: [PATCH 45/63] DEFINE_STACK_OF.pod: Fix prototypes of |
2845 | + sk_TYPE_free/zero() |
2846 | + |
2847 | +They take non-const STACK_OF(TYPE)* argument. |
2848 | + |
2849 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
2850 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
2851 | +Reviewed-by: Paul Dale <ppzgs1@gmail.com> |
2852 | +(Merged from https://github.com/openssl/openssl/pull/24023) |
2853 | + |
2854 | +(cherry picked from commit e898c367312c3ab6eb5eaac9b4be768f0d2e4b0e) |
2855 | +--- |
2856 | + doc/man3/DEFINE_STACK_OF.pod | 4 ++-- |
2857 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
2858 | + |
2859 | +diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod |
2860 | +index 0775214fb5..e29e0c8be0 100644 |
2861 | +--- a/doc/man3/DEFINE_STACK_OF.pod |
2862 | ++++ b/doc/man3/DEFINE_STACK_OF.pod |
2863 | +@@ -41,8 +41,8 @@ OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero |
2864 | + STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); |
2865 | + STACK_OF(TYPE) *sk_TYPE_new_null(void); |
2866 | + int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); |
2867 | +- void sk_TYPE_free(const STACK_OF(TYPE) *sk); |
2868 | +- void sk_TYPE_zero(const STACK_OF(TYPE) *sk); |
2869 | ++ void sk_TYPE_free(STACK_OF(TYPE) *sk); |
2870 | ++ void sk_TYPE_zero(STACK_OF(TYPE) *sk); |
2871 | + TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); |
2872 | + TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); |
2873 | + int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); |
2874 | +-- |
2875 | +2.40.1 |
2876 | + |
2877 | diff --git a/debian/patches/post-3.0.13/0046-openssl-crl-1-The-verify-option-is-implied-by-CA-opt.patch b/debian/patches/post-3.0.13/0046-openssl-crl-1-The-verify-option-is-implied-by-CA-opt.patch |
2878 | new file mode 100644 |
2879 | index 0000000..6c8cb78 |
2880 | --- /dev/null |
2881 | +++ b/debian/patches/post-3.0.13/0046-openssl-crl-1-The-verify-option-is-implied-by-CA-opt.patch |
2882 | @@ -0,0 +1,32 @@ |
2883 | +From e7b511d31878d5260e90aa009e4ee64c6ef30620 Mon Sep 17 00:00:00 2001 |
2884 | +From: Tomas Mraz <tomas@openssl.org> |
2885 | +Date: Tue, 2 Apr 2024 18:47:26 +0200 |
2886 | +Subject: [PATCH 46/63] openssl-crl(1): The -verify option is implied by -CA* |
2887 | + options |
2888 | + |
2889 | +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> |
2890 | +Reviewed-by: Todd Short <todd.short@me.com> |
2891 | +(Merged from https://github.com/openssl/openssl/pull/24024) |
2892 | + |
2893 | +(cherry picked from commit a16f2e7651b22ee992bb0c279e25164b519c1e80) |
2894 | +--- |
2895 | + doc/man1/openssl-crl.pod.in | 3 +++ |
2896 | + 1 file changed, 3 insertions(+) |
2897 | + |
2898 | +diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in |
2899 | +index 7e15f6445a..25af2483e7 100644 |
2900 | +--- a/doc/man1/openssl-crl.pod.in |
2901 | ++++ b/doc/man1/openssl-crl.pod.in |
2902 | +@@ -95,6 +95,9 @@ Print out the CRL in text form. |
2903 | + |
2904 | + Verify the signature in the CRL. |
2905 | + |
2906 | ++This option is implicitly enabled if any of B<-CApath>, B<-CAfile> |
2907 | ++or B<-CAstore> is specified. |
2908 | ++ |
2909 | + =item B<-noout> |
2910 | + |
2911 | + Don't output the encoded version of the CRL. |
2912 | +-- |
2913 | +2.40.1 |
2914 | + |
2915 | diff --git a/debian/patches/post-3.0.13/0048-Add-a-test-for-session-cache-handling.patch b/debian/patches/post-3.0.13/0048-Add-a-test-for-session-cache-handling.patch |
2916 | new file mode 100644 |
2917 | index 0000000..d3e6e00 |
2918 | --- /dev/null |
2919 | +++ b/debian/patches/post-3.0.13/0048-Add-a-test-for-session-cache-handling.patch |
2920 | @@ -0,0 +1,132 @@ |
2921 | +From 2af85c2b8fd6799924a56eb5907cc6110b450467 Mon Sep 17 00:00:00 2001 |
2922 | +From: Matt Caswell <matt@openssl.org> |
2923 | +Date: Mon, 4 Mar 2024 13:45:23 +0000 |
2924 | +Subject: [PATCH 48/63] Add a test for session cache handling |
2925 | + |
2926 | +Repeatedly create sessions to be added to the cache and ensure we never |
2927 | +exceed the expected size. |
2928 | + |
2929 | +Related to CVE-2024-2511 |
2930 | + |
2931 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
2932 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
2933 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
2934 | + |
2935 | +(cherry picked from commit 5f5b9e1ca1fad0215f623b8bd4955a2e8101f306) |
2936 | +--- |
2937 | + test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++ |
2938 | + 1 file changed, 92 insertions(+) |
2939 | + |
2940 | +diff --git a/test/sslapitest.c b/test/sslapitest.c |
2941 | +index 231f498199..56229e51b9 100644 |
2942 | +--- a/test/sslapitest.c |
2943 | ++++ b/test/sslapitest.c |
2944 | +@@ -10436,6 +10436,97 @@ end: |
2945 | + return testresult; |
2946 | + } |
2947 | + |
2948 | ++/* |
2949 | ++ * Test multiple resumptions and cache size handling |
2950 | ++ * Test 0: TLSv1.3 (max_early_data set) |
2951 | ++ * Test 1: TLSv1.3 (SSL_OP_NO_TICKET set) |
2952 | ++ * Test 2: TLSv1.3 (max_early_data and SSL_OP_NO_TICKET set) |
2953 | ++ * Test 3: TLSv1.2 |
2954 | ++ */ |
2955 | ++static int test_multi_resume(int idx) |
2956 | ++{ |
2957 | ++ SSL_CTX *sctx = NULL, *cctx = NULL; |
2958 | ++ SSL *serverssl = NULL, *clientssl = NULL; |
2959 | ++ SSL_SESSION *sess = NULL; |
2960 | ++ int max_version = TLS1_3_VERSION; |
2961 | ++ int i, testresult = 0; |
2962 | ++ |
2963 | ++ if (idx == 3) |
2964 | ++ max_version = TLS1_2_VERSION; |
2965 | ++ |
2966 | ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
2967 | ++ TLS_client_method(), TLS1_VERSION, |
2968 | ++ max_version, &sctx, &cctx, cert, |
2969 | ++ privkey))) |
2970 | ++ goto end; |
2971 | ++ |
2972 | ++ /* |
2973 | ++ * TLSv1.3 only uses a session cache if either max_early_data > 0 (used for |
2974 | ++ * replay protection), or if SSL_OP_NO_TICKET is in use |
2975 | ++ */ |
2976 | ++ if (idx == 0 || idx == 2) { |
2977 | ++ if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024))) |
2978 | ++ goto end; |
2979 | ++ } |
2980 | ++ if (idx == 1 || idx == 2) |
2981 | ++ SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); |
2982 | ++ |
2983 | ++ SSL_CTX_sess_set_cache_size(sctx, 5); |
2984 | ++ |
2985 | ++ for (i = 0; i < 30; i++) { |
2986 | ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
2987 | ++ NULL, NULL)) |
2988 | ++ || !TEST_true(SSL_set_session(clientssl, sess))) |
2989 | ++ goto end; |
2990 | ++ |
2991 | ++ /* |
2992 | ++ * Recreate a bug where dynamically changing the max_early_data value |
2993 | ++ * can cause sessions in the session cache which cannot be deleted. |
2994 | ++ */ |
2995 | ++ if ((idx == 0 || idx == 2) && (i % 3) == 2) |
2996 | ++ SSL_set_max_early_data(serverssl, 0); |
2997 | ++ |
2998 | ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) |
2999 | ++ goto end; |
3000 | ++ |
3001 | ++ if (sess == NULL || (idx == 0 && (i % 3) == 2)) { |
3002 | ++ if (!TEST_false(SSL_session_reused(clientssl))) |
3003 | ++ goto end; |
3004 | ++ } else { |
3005 | ++ if (!TEST_true(SSL_session_reused(clientssl))) |
3006 | ++ goto end; |
3007 | ++ } |
3008 | ++ SSL_SESSION_free(sess); |
3009 | ++ |
3010 | ++ /* Do a full handshake, followed by two resumptions */ |
3011 | ++ if ((i % 3) == 2) { |
3012 | ++ sess = NULL; |
3013 | ++ } else { |
3014 | ++ if (!TEST_ptr((sess = SSL_get1_session(clientssl)))) |
3015 | ++ goto end; |
3016 | ++ } |
3017 | ++ |
3018 | ++ SSL_shutdown(clientssl); |
3019 | ++ SSL_shutdown(serverssl); |
3020 | ++ SSL_free(serverssl); |
3021 | ++ SSL_free(clientssl); |
3022 | ++ serverssl = clientssl = NULL; |
3023 | ++ } |
3024 | ++ |
3025 | ++ /* We should never exceed the session cache size limit */ |
3026 | ++ if (!TEST_long_le(SSL_CTX_sess_number(sctx), 5)) |
3027 | ++ goto end; |
3028 | ++ |
3029 | ++ testresult = 1; |
3030 | ++ end: |
3031 | ++ SSL_free(serverssl); |
3032 | ++ SSL_free(clientssl); |
3033 | ++ SSL_CTX_free(sctx); |
3034 | ++ SSL_CTX_free(cctx); |
3035 | ++ SSL_SESSION_free(sess); |
3036 | ++ return testresult; |
3037 | ++} |
3038 | ++ |
3039 | + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") |
3040 | + |
3041 | + int setup_tests(void) |
3042 | +@@ -10708,6 +10799,7 @@ int setup_tests(void) |
3043 | + ADD_ALL_TESTS(test_pipelining, 7); |
3044 | + #endif |
3045 | + ADD_ALL_TESTS(test_handshake_retry, 16); |
3046 | ++ ADD_ALL_TESTS(test_multi_resume, 4); |
3047 | + return 1; |
3048 | + |
3049 | + err: |
3050 | +-- |
3051 | +2.40.1 |
3052 | + |
3053 | diff --git a/debian/patches/post-3.0.13/0049-Extend-the-multi_resume-test-for-simultaneous-resump.patch b/debian/patches/post-3.0.13/0049-Extend-the-multi_resume-test-for-simultaneous-resump.patch |
3054 | new file mode 100644 |
3055 | index 0000000..84550aa |
3056 | --- /dev/null |
3057 | +++ b/debian/patches/post-3.0.13/0049-Extend-the-multi_resume-test-for-simultaneous-resump.patch |
3058 | @@ -0,0 +1,161 @@ |
3059 | +From c1e462ee4bd61867ee391fc13110ca41e4889535 Mon Sep 17 00:00:00 2001 |
3060 | +From: Matt Caswell <matt@openssl.org> |
3061 | +Date: Tue, 5 Mar 2024 15:35:51 +0000 |
3062 | +Subject: [PATCH 49/63] Extend the multi_resume test for simultaneous |
3063 | + resumptions |
3064 | + |
3065 | +Test what happens if the same session gets resumed multiple times at the |
3066 | +same time - and one of them gets marked as not_resumable. |
3067 | + |
3068 | +Related to CVE-2024-2511 |
3069 | + |
3070 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
3071 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3072 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
3073 | + |
3074 | +(cherry picked from commit 031b11a4054c972a5e2f07dfa81ce1842453253e) |
3075 | +--- |
3076 | + test/sslapitest.c | 89 ++++++++++++++++++++++++++++++++++++++++++++--- |
3077 | + 1 file changed, 85 insertions(+), 4 deletions(-) |
3078 | + |
3079 | +diff --git a/test/sslapitest.c b/test/sslapitest.c |
3080 | +index 56229e51b9..24fb95e4b6 100644 |
3081 | +--- a/test/sslapitest.c |
3082 | ++++ b/test/sslapitest.c |
3083 | +@@ -10436,12 +10436,63 @@ end: |
3084 | + return testresult; |
3085 | + } |
3086 | + |
3087 | ++struct resume_servername_cb_data { |
3088 | ++ int i; |
3089 | ++ SSL_CTX *cctx; |
3090 | ++ SSL_CTX *sctx; |
3091 | ++ SSL_SESSION *sess; |
3092 | ++ int recurse; |
3093 | ++}; |
3094 | ++ |
3095 | ++/* |
3096 | ++ * Servername callback. We use it here to run another complete handshake using |
3097 | ++ * the same session - and mark the session as not_resuamble at the end |
3098 | ++ */ |
3099 | ++static int resume_servername_cb(SSL *s, int *ad, void *arg) |
3100 | ++{ |
3101 | ++ struct resume_servername_cb_data *cbdata = arg; |
3102 | ++ SSL *serverssl = NULL, *clientssl = NULL; |
3103 | ++ int ret = SSL_TLSEXT_ERR_ALERT_FATAL; |
3104 | ++ |
3105 | ++ if (cbdata->recurse) |
3106 | ++ return SSL_TLSEXT_ERR_ALERT_FATAL; |
3107 | ++ |
3108 | ++ if ((cbdata->i % 3) != 1) |
3109 | ++ return SSL_TLSEXT_ERR_OK; |
3110 | ++ |
3111 | ++ cbdata->recurse = 1; |
3112 | ++ |
3113 | ++ if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl, |
3114 | ++ &clientssl, NULL, NULL)) |
3115 | ++ || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) |
3116 | ++ goto end; |
3117 | ++ |
3118 | ++ ERR_set_mark(); |
3119 | ++ /* |
3120 | ++ * We expect this to fail - because the servername cb will fail. This will |
3121 | ++ * mark the session as not_resumable. |
3122 | ++ */ |
3123 | ++ if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) { |
3124 | ++ ERR_clear_last_mark(); |
3125 | ++ goto end; |
3126 | ++ } |
3127 | ++ ERR_pop_to_mark(); |
3128 | ++ |
3129 | ++ ret = SSL_TLSEXT_ERR_OK; |
3130 | ++ end: |
3131 | ++ SSL_free(serverssl); |
3132 | ++ SSL_free(clientssl); |
3133 | ++ cbdata->recurse = 0; |
3134 | ++ return ret; |
3135 | ++} |
3136 | ++ |
3137 | + /* |
3138 | + * Test multiple resumptions and cache size handling |
3139 | + * Test 0: TLSv1.3 (max_early_data set) |
3140 | + * Test 1: TLSv1.3 (SSL_OP_NO_TICKET set) |
3141 | + * Test 2: TLSv1.3 (max_early_data and SSL_OP_NO_TICKET set) |
3142 | +- * Test 3: TLSv1.2 |
3143 | ++ * Test 3: TLSv1.3 (SSL_OP_NO_TICKET, simultaneous resumes) |
3144 | ++ * Test 4: TLSv1.2 |
3145 | + */ |
3146 | + static int test_multi_resume(int idx) |
3147 | + { |
3148 | +@@ -10450,9 +10501,19 @@ static int test_multi_resume(int idx) |
3149 | + SSL_SESSION *sess = NULL; |
3150 | + int max_version = TLS1_3_VERSION; |
3151 | + int i, testresult = 0; |
3152 | ++ struct resume_servername_cb_data cbdata; |
3153 | + |
3154 | +- if (idx == 3) |
3155 | ++#if defined(OPENSSL_NO_TLS1_2) |
3156 | ++ if (idx == 4) |
3157 | ++ return TEST_skip("TLSv1.2 is disabled in this build"); |
3158 | ++#else |
3159 | ++ if (idx == 4) |
3160 | + max_version = TLS1_2_VERSION; |
3161 | ++#endif |
3162 | ++#if defined(OSSL_NO_USABLE_TLS1_3) |
3163 | ++ if (idx != 4) |
3164 | ++ return TEST_skip("No usable TLSv1.3 in this build"); |
3165 | ++#endif |
3166 | + |
3167 | + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
3168 | + TLS_client_method(), TLS1_VERSION, |
3169 | +@@ -10468,17 +10529,37 @@ static int test_multi_resume(int idx) |
3170 | + if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024))) |
3171 | + goto end; |
3172 | + } |
3173 | +- if (idx == 1 || idx == 2) |
3174 | ++ if (idx == 1 || idx == 2 || idx == 3) |
3175 | + SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); |
3176 | + |
3177 | + SSL_CTX_sess_set_cache_size(sctx, 5); |
3178 | + |
3179 | ++ if (idx == 3) { |
3180 | ++ SSL_CTX_set_tlsext_servername_callback(sctx, resume_servername_cb); |
3181 | ++ SSL_CTX_set_tlsext_servername_arg(sctx, &cbdata); |
3182 | ++ cbdata.cctx = cctx; |
3183 | ++ cbdata.sctx = sctx; |
3184 | ++ cbdata.recurse = 0; |
3185 | ++ } |
3186 | ++ |
3187 | + for (i = 0; i < 30; i++) { |
3188 | + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
3189 | + NULL, NULL)) |
3190 | + || !TEST_true(SSL_set_session(clientssl, sess))) |
3191 | + goto end; |
3192 | + |
3193 | ++ /* |
3194 | ++ * Check simultaneous resumes. We pause the connection part way through |
3195 | ++ * the handshake by (mis)using the servername_cb. The pause occurs after |
3196 | ++ * session resumption has already occurred, but before any session |
3197 | ++ * tickets have been issued. While paused we run another complete |
3198 | ++ * handshake resuming the same session. |
3199 | ++ */ |
3200 | ++ if (idx == 3) { |
3201 | ++ cbdata.i = i; |
3202 | ++ cbdata.sess = sess; |
3203 | ++ } |
3204 | ++ |
3205 | + /* |
3206 | + * Recreate a bug where dynamically changing the max_early_data value |
3207 | + * can cause sessions in the session cache which cannot be deleted. |
3208 | +@@ -10799,7 +10880,7 @@ int setup_tests(void) |
3209 | + ADD_ALL_TESTS(test_pipelining, 7); |
3210 | + #endif |
3211 | + ADD_ALL_TESTS(test_handshake_retry, 16); |
3212 | +- ADD_ALL_TESTS(test_multi_resume, 4); |
3213 | ++ ADD_ALL_TESTS(test_multi_resume, 5); |
3214 | + return 1; |
3215 | + |
3216 | + err: |
3217 | +-- |
3218 | +2.40.1 |
3219 | + |
3220 | diff --git a/debian/patches/post-3.0.13/0050-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch b/debian/patches/post-3.0.13/0050-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch |
3221 | new file mode 100644 |
3222 | index 0000000..8e151eb |
3223 | --- /dev/null |
3224 | +++ b/debian/patches/post-3.0.13/0050-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch |
3225 | @@ -0,0 +1,121 @@ |
3226 | +From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001 |
3227 | +From: Matt Caswell <matt@openssl.org> |
3228 | +Date: Tue, 5 Mar 2024 15:43:53 +0000 |
3229 | +Subject: [PATCH 50/63] Fix unconstrained session cache growth in TLSv1.3 |
3230 | + |
3231 | +In TLSv1.3 we create a new session object for each ticket that we send. |
3232 | +We do this by duplicating the original session. If SSL_OP_NO_TICKET is in |
3233 | +use then the new session will be added to the session cache. However, if |
3234 | +early data is not in use (and therefore anti-replay protection is being |
3235 | +used), then multiple threads could be resuming from the same session |
3236 | +simultaneously. If this happens and a problem occurs on one of the threads, |
3237 | +then the original session object could be marked as not_resumable. When we |
3238 | +duplicate the session object this not_resumable status gets copied into the |
3239 | +new session object. The new session object is then added to the session |
3240 | +cache even though it is not_resumable. |
3241 | + |
3242 | +Subsequently, another bug means that the session_id_length is set to 0 for |
3243 | +sessions that are marked as not_resumable - even though that session is |
3244 | +still in the cache. Once this happens the session can never be removed from |
3245 | +the cache. When that object gets to be the session cache tail object the |
3246 | +cache never shrinks again and grows indefinitely. |
3247 | + |
3248 | +CVE-2024-2511 |
3249 | + |
3250 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
3251 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3252 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
3253 | + |
3254 | +(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce) |
3255 | +--- |
3256 | + ssl/ssl_lib.c | 5 +++-- |
3257 | + ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ |
3258 | + ssl/statem/statem_srvr.c | 5 ++--- |
3259 | + 3 files changed, 27 insertions(+), 11 deletions(-) |
3260 | + |
3261 | +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c |
3262 | +index 2c8479eb5f..eed649c6fd 100644 |
3263 | +--- a/ssl/ssl_lib.c |
3264 | ++++ b/ssl/ssl_lib.c |
3265 | +@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode) |
3266 | + |
3267 | + /* |
3268 | + * If the session_id_length is 0, we are not supposed to cache it, and it |
3269 | +- * would be rather hard to do anyway :-) |
3270 | ++ * would be rather hard to do anyway :-). Also if the session has already |
3271 | ++ * been marked as not_resumable we should not cache it for later reuse. |
3272 | + */ |
3273 | +- if (s->session->session_id_length == 0) |
3274 | ++ if (s->session->session_id_length == 0 || s->session->not_resumable) |
3275 | + return; |
3276 | + |
3277 | + /* |
3278 | +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c |
3279 | +index d836b33ed0..75adbd9e52 100644 |
3280 | +--- a/ssl/ssl_sess.c |
3281 | ++++ b/ssl/ssl_sess.c |
3282 | +@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void) |
3283 | + return ss; |
3284 | + } |
3285 | + |
3286 | +-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) |
3287 | +-{ |
3288 | +- return ssl_session_dup(src, 1); |
3289 | +-} |
3290 | +- |
3291 | + /* |
3292 | + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If |
3293 | + * ticket == 0 then no ticket information is duplicated, otherwise it is. |
3294 | + */ |
3295 | +-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) |
3296 | ++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) |
3297 | + { |
3298 | + SSL_SESSION *dest; |
3299 | + |
3300 | +@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) |
3301 | + return NULL; |
3302 | + } |
3303 | + |
3304 | ++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) |
3305 | ++{ |
3306 | ++ return ssl_session_dup_intern(src, 1); |
3307 | ++} |
3308 | ++ |
3309 | ++/* |
3310 | ++ * Used internally when duplicating a session which might be already shared. |
3311 | ++ * We will have resumed the original session. Subsequently we might have marked |
3312 | ++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to |
3313 | ++ * resume from. |
3314 | ++ */ |
3315 | ++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) |
3316 | ++{ |
3317 | ++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); |
3318 | ++ |
3319 | ++ if (sess != NULL) |
3320 | ++ sess->not_resumable = 0; |
3321 | ++ |
3322 | ++ return sess; |
3323 | ++} |
3324 | ++ |
3325 | + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) |
3326 | + { |
3327 | + if (len) |
3328 | +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c |
3329 | +index a9e67f9d32..6c942e6bce 100644 |
3330 | +--- a/ssl/statem/statem_srvr.c |
3331 | ++++ b/ssl/statem/statem_srvr.c |
3332 | +@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) |
3333 | + * so the following won't overwrite an ID that we're supposed |
3334 | + * to send back. |
3335 | + */ |
3336 | +- if (s->session->not_resumable || |
3337 | +- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) |
3338 | +- && !s->hit)) |
3339 | ++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) |
3340 | ++ && !s->hit) |
3341 | + s->session->session_id_length = 0; |
3342 | + |
3343 | + if (usetls13) { |
3344 | +-- |
3345 | +2.40.1 |
3346 | + |
3347 | diff --git a/debian/patches/post-3.0.13/0051-Add-a-CHANGES.md-NEWS.md-entry-for-the-unbounded-mem.patch b/debian/patches/post-3.0.13/0051-Add-a-CHANGES.md-NEWS.md-entry-for-the-unbounded-mem.patch |
3348 | new file mode 100644 |
3349 | index 0000000..d3bbf28 |
3350 | --- /dev/null |
3351 | +++ b/debian/patches/post-3.0.13/0051-Add-a-CHANGES.md-NEWS.md-entry-for-the-unbounded-mem.patch |
3352 | @@ -0,0 +1,80 @@ |
3353 | +From daee101e39073d4b65a68faeb2f2de5ad7b05c36 Mon Sep 17 00:00:00 2001 |
3354 | +From: Matt Caswell <matt@openssl.org> |
3355 | +Date: Tue, 5 Mar 2024 16:01:20 +0000 |
3356 | +Subject: [PATCH 51/63] Add a CHANGES.md/NEWS.md entry for the unbounded memory |
3357 | + growth bug |
3358 | + |
3359 | +Related to CVE-2024-2511 |
3360 | + |
3361 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
3362 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3363 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
3364 | + |
3365 | +(cherry picked from commit e32ad41b48c28d82339de064b05d5e269e5aed97) |
3366 | +--- |
3367 | + CHANGES.md | 19 +++++++++++++++++++ |
3368 | + NEWS.md | 4 +++- |
3369 | + 2 files changed, 22 insertions(+), 1 deletion(-) |
3370 | + |
3371 | +diff --git a/CHANGES.md b/CHANGES.md |
3372 | +index b42dd83bc0..5590704670 100644 |
3373 | +--- a/CHANGES.md |
3374 | ++++ b/CHANGES.md |
3375 | +@@ -30,6 +30,24 @@ breaking changes, and mappings for the large list of deprecated functions. |
3376 | + |
3377 | + ### Changes between 3.0.13 and 3.0.14 [xx XXX xxxx] |
3378 | + |
3379 | ++ * Fixed an issue where some non-default TLS server configurations can cause |
3380 | ++ unbounded memory growth when processing TLSv1.3 sessions. An attacker may |
3381 | ++ exploit certain server configurations to trigger unbounded memory growth that |
3382 | ++ would lead to a Denial of Service |
3383 | ++ |
3384 | ++ This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option |
3385 | ++ is being used (but not if early_data is also configured and the default |
3386 | ++ anti-replay protection is in use). In this case, under certain conditions, |
3387 | ++ the session cache can get into an incorrect state and it will fail to flush |
3388 | ++ properly as it fills. The session cache will continue to grow in an unbounded |
3389 | ++ manner. A malicious client could deliberately create the scenario for this |
3390 | ++ failure to force a Denial of Service. It may also happen by accident in |
3391 | ++ normal operation. |
3392 | ++ |
3393 | ++ ([CVE-2024-2511]) |
3394 | ++ |
3395 | ++ *Matt Caswell* |
3396 | ++ |
3397 | + * New atexit configuration switch, which controls whether the OPENSSL_cleanup |
3398 | + is registered when libcrypto is unloaded. This can be used on platforms |
3399 | + where using atexit() from shared libraries causes crashes on exit. |
3400 | +@@ -19832,6 +19850,7 @@ ndif |
3401 | + |
3402 | + <!-- Links --> |
3403 | + |
3404 | ++[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 |
3405 | + [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 |
3406 | + [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 |
3407 | + [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 |
3408 | +diff --git a/NEWS.md b/NEWS.md |
3409 | +index 11fc8b10b0..a06d9694c1 100644 |
3410 | +--- a/NEWS.md |
3411 | ++++ b/NEWS.md |
3412 | +@@ -20,7 +20,8 @@ OpenSSL 3.0 |
3413 | + |
3414 | + ### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [under development] |
3415 | + |
3416 | +- * none |
3417 | ++ * Fixed unbounded memory growth with session handling in TLSv1.3 |
3418 | ++ ([CVE-2024-2511]) |
3419 | + |
3420 | + ### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024] |
3421 | + |
3422 | +@@ -1474,6 +1475,7 @@ OpenSSL 0.9.x |
3423 | + |
3424 | + <!-- Links --> |
3425 | + |
3426 | ++[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 |
3427 | + [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 |
3428 | + [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 |
3429 | + [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 |
3430 | +-- |
3431 | +2.40.1 |
3432 | + |
3433 | diff --git a/debian/patches/post-3.0.13/0052-Hardening-around-not_resumable-sessions.patch b/debian/patches/post-3.0.13/0052-Hardening-around-not_resumable-sessions.patch |
3434 | new file mode 100644 |
3435 | index 0000000..db11eaf |
3436 | --- /dev/null |
3437 | +++ b/debian/patches/post-3.0.13/0052-Hardening-around-not_resumable-sessions.patch |
3438 | @@ -0,0 +1,38 @@ |
3439 | +From cc9ece9118eeacccc3571c2ee852f8ba067d0607 Mon Sep 17 00:00:00 2001 |
3440 | +From: Matt Caswell <matt@openssl.org> |
3441 | +Date: Fri, 15 Mar 2024 17:58:42 +0000 |
3442 | +Subject: [PATCH 52/63] Hardening around not_resumable sessions |
3443 | + |
3444 | +Make sure we can't inadvertently use a not_resumable session |
3445 | + |
3446 | +Related to CVE-2024-2511 |
3447 | + |
3448 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
3449 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3450 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
3451 | + |
3452 | +(cherry picked from commit c342f4b8bd2d0b375b0e22337057c2eab47d9b96) |
3453 | +--- |
3454 | + ssl/ssl_sess.c | 6 ++++++ |
3455 | + 1 file changed, 6 insertions(+) |
3456 | + |
3457 | +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c |
3458 | +index 75adbd9e52..d0b72b7880 100644 |
3459 | +--- a/ssl/ssl_sess.c |
3460 | ++++ b/ssl/ssl_sess.c |
3461 | +@@ -531,6 +531,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, |
3462 | + ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); |
3463 | + |
3464 | + if (ret != NULL) { |
3465 | ++ if (ret->not_resumable) { |
3466 | ++ /* If its not resumable then ignore this session */ |
3467 | ++ if (!copy) |
3468 | ++ SSL_SESSION_free(ret); |
3469 | ++ return NULL; |
3470 | ++ } |
3471 | + ssl_tsan_counter(s->session_ctx, |
3472 | + &s->session_ctx->stats.sess_cb_hit); |
3473 | + |
3474 | +-- |
3475 | +2.40.1 |
3476 | + |
3477 | diff --git a/debian/patches/post-3.0.13/0053-Add-a-test-for-session-cache-overflow.patch b/debian/patches/post-3.0.13/0053-Add-a-test-for-session-cache-overflow.patch |
3478 | new file mode 100644 |
3479 | index 0000000..095c52c |
3480 | --- /dev/null |
3481 | +++ b/debian/patches/post-3.0.13/0053-Add-a-test-for-session-cache-overflow.patch |
3482 | @@ -0,0 +1,171 @@ |
3483 | +From ea821878c0cc04d292c1f8d1ff3c5e112da91f08 Mon Sep 17 00:00:00 2001 |
3484 | +From: Matt Caswell <matt@openssl.org> |
3485 | +Date: Fri, 15 Jul 2022 13:26:33 +0100 |
3486 | +Subject: [PATCH 53/63] Add a test for session cache overflow |
3487 | + |
3488 | +Test sessions behave as we expect even in the case that an overflow |
3489 | +occurs when adding a new session into the session cache. |
3490 | + |
3491 | +Related to CVE-2024-2511 |
3492 | + |
3493 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
3494 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3495 | +(Merged from https://github.com/openssl/openssl/pull/24044) |
3496 | + |
3497 | +(cherry picked from commit ddead0935d77ba9b771d632ace61b145d7153f18) |
3498 | +--- |
3499 | + test/sslapitest.c | 124 +++++++++++++++++++++++++++++++++++++++++++++- |
3500 | + 1 file changed, 123 insertions(+), 1 deletion(-) |
3501 | + |
3502 | +diff --git a/test/sslapitest.c b/test/sslapitest.c |
3503 | +index 24fb95e4b6..cb098a46f5 100644 |
3504 | +--- a/test/sslapitest.c |
3505 | ++++ b/test/sslapitest.c |
3506 | +@@ -2402,7 +2402,6 @@ static int test_session_wo_ca_names(void) |
3507 | + #endif |
3508 | + } |
3509 | + |
3510 | +- |
3511 | + #ifndef OSSL_NO_USABLE_TLS1_3 |
3512 | + static SSL_SESSION *sesscache[6]; |
3513 | + static int do_cache; |
3514 | +@@ -8954,6 +8953,126 @@ static int test_session_timeout(int test) |
3515 | + return testresult; |
3516 | + } |
3517 | + |
3518 | ++/* |
3519 | ++ * Test that a session cache overflow works as expected |
3520 | ++ * Test 0: TLSv1.3, timeout on new session later than old session |
3521 | ++ * Test 1: TLSv1.2, timeout on new session later than old session |
3522 | ++ * Test 2: TLSv1.3, timeout on new session earlier than old session |
3523 | ++ * Test 3: TLSv1.2, timeout on new session earlier than old session |
3524 | ++ */ |
3525 | ++#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) |
3526 | ++static int test_session_cache_overflow(int idx) |
3527 | ++{ |
3528 | ++ SSL_CTX *sctx = NULL, *cctx = NULL; |
3529 | ++ SSL *serverssl = NULL, *clientssl = NULL; |
3530 | ++ int testresult = 0; |
3531 | ++ SSL_SESSION *sess = NULL; |
3532 | ++ |
3533 | ++#ifdef OSSL_NO_USABLE_TLS1_3 |
3534 | ++ /* If no TLSv1.3 available then do nothing in this case */ |
3535 | ++ if (idx % 2 == 0) |
3536 | ++ return TEST_skip("No TLSv1.3 available"); |
3537 | ++#endif |
3538 | ++#ifdef OPENSSL_NO_TLS1_2 |
3539 | ++ /* If no TLSv1.2 available then do nothing in this case */ |
3540 | ++ if (idx % 2 == 1) |
3541 | ++ return TEST_skip("No TLSv1.2 available"); |
3542 | ++#endif |
3543 | ++ |
3544 | ++ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), |
3545 | ++ TLS_client_method(), TLS1_VERSION, |
3546 | ++ (idx % 2 == 0) ? TLS1_3_VERSION |
3547 | ++ : TLS1_2_VERSION, |
3548 | ++ &sctx, &cctx, cert, privkey)) |
3549 | ++ || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))) |
3550 | ++ goto end; |
3551 | ++ |
3552 | ++ SSL_CTX_sess_set_get_cb(sctx, get_session_cb); |
3553 | ++ get_sess_val = NULL; |
3554 | ++ |
3555 | ++ SSL_CTX_sess_set_cache_size(sctx, 1); |
3556 | ++ |
3557 | ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
3558 | ++ NULL, NULL))) |
3559 | ++ goto end; |
3560 | ++ |
3561 | ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) |
3562 | ++ goto end; |
3563 | ++ |
3564 | ++ if (idx > 1) { |
3565 | ++ sess = SSL_get_session(serverssl); |
3566 | ++ if (!TEST_ptr(sess)) |
3567 | ++ goto end; |
3568 | ++ |
3569 | ++ /* |
3570 | ++ * Cause this session to have a longer timeout than the next session to |
3571 | ++ * be added. |
3572 | ++ */ |
3573 | ++ if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX / 2))) { |
3574 | ++ sess = NULL; |
3575 | ++ goto end; |
3576 | ++ } |
3577 | ++ sess = NULL; |
3578 | ++ } |
3579 | ++ |
3580 | ++ SSL_shutdown(serverssl); |
3581 | ++ SSL_shutdown(clientssl); |
3582 | ++ SSL_free(serverssl); |
3583 | ++ SSL_free(clientssl); |
3584 | ++ serverssl = clientssl = NULL; |
3585 | ++ |
3586 | ++ /* |
3587 | ++ * Session cache size is 1 and we already populated the cache with a session |
3588 | ++ * so the next connection should cause an overflow. |
3589 | ++ */ |
3590 | ++ |
3591 | ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
3592 | ++ NULL, NULL))) |
3593 | ++ goto end; |
3594 | ++ |
3595 | ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) |
3596 | ++ goto end; |
3597 | ++ |
3598 | ++ /* |
3599 | ++ * The session we just negotiated may have been already removed from the |
3600 | ++ * internal cache - but we will return it anyway from our external cache. |
3601 | ++ */ |
3602 | ++ get_sess_val = SSL_get_session(serverssl); |
3603 | ++ if (!TEST_ptr(get_sess_val)) |
3604 | ++ goto end; |
3605 | ++ sess = SSL_get1_session(clientssl); |
3606 | ++ if (!TEST_ptr(sess)) |
3607 | ++ goto end; |
3608 | ++ |
3609 | ++ SSL_shutdown(serverssl); |
3610 | ++ SSL_shutdown(clientssl); |
3611 | ++ SSL_free(serverssl); |
3612 | ++ SSL_free(clientssl); |
3613 | ++ serverssl = clientssl = NULL; |
3614 | ++ |
3615 | ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
3616 | ++ NULL, NULL))) |
3617 | ++ goto end; |
3618 | ++ |
3619 | ++ if (!TEST_true(SSL_set_session(clientssl, sess))) |
3620 | ++ goto end; |
3621 | ++ |
3622 | ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) |
3623 | ++ goto end; |
3624 | ++ |
3625 | ++ testresult = 1; |
3626 | ++ |
3627 | ++ end: |
3628 | ++ SSL_free(serverssl); |
3629 | ++ SSL_free(clientssl); |
3630 | ++ SSL_CTX_free(sctx); |
3631 | ++ SSL_CTX_free(cctx); |
3632 | ++ SSL_SESSION_free(sess); |
3633 | ++ |
3634 | ++ return testresult; |
3635 | ++} |
3636 | ++#endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ |
3637 | ++ |
3638 | + /* |
3639 | + * Test 0: Client sets servername and server acknowledges it (TLSv1.2) |
3640 | + * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2) |
3641 | +@@ -10872,6 +10991,9 @@ int setup_tests(void) |
3642 | + ADD_TEST(test_set_verify_cert_store_ssl_ctx); |
3643 | + ADD_TEST(test_set_verify_cert_store_ssl); |
3644 | + ADD_ALL_TESTS(test_session_timeout, 1); |
3645 | ++#if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) |
3646 | ++ ADD_ALL_TESTS(test_session_cache_overflow, 4); |
3647 | ++#endif |
3648 | + ADD_TEST(test_load_dhfile); |
3649 | + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) |
3650 | + ADD_ALL_TESTS(test_serverinfo_custom, 4); |
3651 | +-- |
3652 | +2.40.1 |
3653 | + |
3654 | diff --git a/debian/patches/post-3.0.13/0054-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch b/debian/patches/post-3.0.13/0054-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch |
3655 | new file mode 100644 |
3656 | index 0000000..360ba6d |
3657 | --- /dev/null |
3658 | +++ b/debian/patches/post-3.0.13/0054-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch |
3659 | @@ -0,0 +1,309 @@ |
3660 | +From 4953ab1aefd14db7038e28d62c0e3efb22ddb199 Mon Sep 17 00:00:00 2001 |
3661 | +From: Todd Short <todd.short@me.com> |
3662 | +Date: Thu, 1 Feb 2024 23:09:38 -0500 |
3663 | +Subject: [PATCH 54/63] Fix EVP_PKEY_CTX_add1_hkdf_info() behavior |
3664 | + |
3665 | +Fix #23448 |
3666 | + |
3667 | +`EVP_PKEY_CTX_add1_hkdf_info()` behaves like a `set1` function. |
3668 | + |
3669 | +Fix the setting of the parameter in the params code. |
3670 | +Update the TLS_PRF code to also use the params code. |
3671 | +Add tests. |
3672 | + |
3673 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
3674 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
3675 | +(Merged from https://github.com/openssl/openssl/pull/23456) |
3676 | + |
3677 | +(cherry picked from commit 6b566687b58fde08b28e3331377f050768fad89b) |
3678 | +--- |
3679 | + crypto/evp/pmeth_lib.c | 65 ++++++++++++++++++- |
3680 | + providers/implementations/exchange/kdf_exch.c | 42 ++++++++++++ |
3681 | + providers/implementations/kdfs/hkdf.c | 8 +++ |
3682 | + test/pkey_meth_kdf_test.c | 53 +++++++++++---- |
3683 | + 4 files changed, 156 insertions(+), 12 deletions(-) |
3684 | + |
3685 | +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c |
3686 | +index ba1971ce46..d0eeaf7137 100644 |
3687 | +--- a/crypto/evp/pmeth_lib.c |
3688 | ++++ b/crypto/evp/pmeth_lib.c |
3689 | +@@ -1028,6 +1028,69 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, |
3690 | + return EVP_PKEY_CTX_set_params(ctx, octet_string_params); |
3691 | + } |
3692 | + |
3693 | ++static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, |
3694 | ++ const char *param, int op, int ctrl, |
3695 | ++ const unsigned char *data, |
3696 | ++ int datalen) |
3697 | ++{ |
3698 | ++ OSSL_PARAM os_params[2]; |
3699 | ++ unsigned char *info = NULL; |
3700 | ++ size_t info_len = 0; |
3701 | ++ size_t info_alloc = 0; |
3702 | ++ int ret = 0; |
3703 | ++ |
3704 | ++ if (ctx == NULL || (ctx->operation & op) == 0) { |
3705 | ++ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
3706 | ++ /* Uses the same return values as EVP_PKEY_CTX_ctrl */ |
3707 | ++ return -2; |
3708 | ++ } |
3709 | ++ |
3710 | ++ /* Code below to be removed when legacy support is dropped. */ |
3711 | ++ if (fallback) |
3712 | ++ return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); |
3713 | ++ /* end of legacy support */ |
3714 | ++ |
3715 | ++ if (datalen < 0) { |
3716 | ++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); |
3717 | ++ return 0; |
3718 | ++ } |
3719 | ++ |
3720 | ++ /* Get the original value length */ |
3721 | ++ os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); |
3722 | ++ os_params[1] = OSSL_PARAM_construct_end(); |
3723 | ++ |
3724 | ++ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) |
3725 | ++ return 0; |
3726 | ++ |
3727 | ++ /* Older provider that doesn't support getting this parameter */ |
3728 | ++ if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED) |
3729 | ++ return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen); |
3730 | ++ |
3731 | ++ info_alloc = os_params[0].return_size + datalen; |
3732 | ++ if (info_alloc == 0) |
3733 | ++ return 0; |
3734 | ++ info = OPENSSL_zalloc(info_alloc); |
3735 | ++ if (info == NULL) |
3736 | ++ return 0; |
3737 | ++ info_len = os_params[0].return_size; |
3738 | ++ |
3739 | ++ os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc); |
3740 | ++ |
3741 | ++ /* if we have data, then go get it */ |
3742 | ++ if (info_len > 0) { |
3743 | ++ if (!EVP_PKEY_CTX_get_params(ctx, os_params)) |
3744 | ++ goto error; |
3745 | ++ } |
3746 | ++ |
3747 | ++ /* Copy the input data */ |
3748 | ++ memcpy(&info[info_len], data, datalen); |
3749 | ++ ret = EVP_PKEY_CTX_set_params(ctx, os_params); |
3750 | ++ |
3751 | ++ error: |
3752 | ++ OPENSSL_clear_free(info, info_alloc); |
3753 | ++ return ret; |
3754 | ++} |
3755 | ++ |
3756 | + int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, |
3757 | + const unsigned char *sec, int seclen) |
3758 | + { |
3759 | +@@ -1078,7 +1141,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, |
3760 | + int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, |
3761 | + const unsigned char *info, int infolen) |
3762 | + { |
3763 | +- return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, |
3764 | ++ return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL, |
3765 | + OSSL_KDF_PARAM_INFO, |
3766 | + EVP_PKEY_OP_DERIVE, |
3767 | + EVP_PKEY_CTRL_HKDF_INFO, |
3768 | +diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c |
3769 | +index 527a866c3d..4bc81026b2 100644 |
3770 | +--- a/providers/implementations/exchange/kdf_exch.c |
3771 | ++++ b/providers/implementations/exchange/kdf_exch.c |
3772 | +@@ -28,9 +28,13 @@ static OSSL_FUNC_keyexch_derive_fn kdf_derive; |
3773 | + static OSSL_FUNC_keyexch_freectx_fn kdf_freectx; |
3774 | + static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx; |
3775 | + static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params; |
3776 | ++static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params; |
3777 | + static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; |
3778 | + static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; |
3779 | + static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; |
3780 | ++static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params; |
3781 | ++static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; |
3782 | ++static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params; |
3783 | + |
3784 | + typedef struct { |
3785 | + void *provctx; |
3786 | +@@ -169,6 +173,13 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) |
3787 | + return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); |
3788 | + } |
3789 | + |
3790 | ++static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[]) |
3791 | ++{ |
3792 | ++ PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
3793 | ++ |
3794 | ++ return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params); |
3795 | ++} |
3796 | ++ |
3797 | + static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, |
3798 | + void *provctx, |
3799 | + const char *kdfname) |
3800 | +@@ -197,6 +208,34 @@ KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") |
3801 | + KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") |
3802 | + KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") |
3803 | + |
3804 | ++static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx, |
3805 | ++ void *provctx, |
3806 | ++ const char *kdfname) |
3807 | ++{ |
3808 | ++ EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, |
3809 | ++ NULL); |
3810 | ++ const OSSL_PARAM *params; |
3811 | ++ |
3812 | ++ if (kdf == NULL) |
3813 | ++ return NULL; |
3814 | ++ |
3815 | ++ params = EVP_KDF_gettable_ctx_params(kdf); |
3816 | ++ EVP_KDF_free(kdf); |
3817 | ++ |
3818 | ++ return params; |
3819 | ++} |
3820 | ++ |
3821 | ++#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ |
3822 | ++ static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \ |
3823 | ++ void *provctx) \ |
3824 | ++ { \ |
3825 | ++ return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ |
3826 | ++ } |
3827 | ++ |
3828 | ++KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") |
3829 | ++KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF") |
3830 | ++KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT") |
3831 | ++ |
3832 | + #define KDF_KEYEXCH_FUNCTIONS(funcname) \ |
3833 | + const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ |
3834 | + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ |
3835 | +@@ -205,8 +244,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") |
3836 | + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ |
3837 | + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ |
3838 | + { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \ |
3839 | ++ { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \ |
3840 | + { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ |
3841 | + (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ |
3842 | ++ { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ |
3843 | ++ (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ |
3844 | + { 0, NULL } \ |
3845 | + }; |
3846 | + |
3847 | +diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c |
3848 | +index 25819ea239..2b22de2fa7 100644 |
3849 | +--- a/providers/implementations/kdfs/hkdf.c |
3850 | ++++ b/providers/implementations/kdfs/hkdf.c |
3851 | +@@ -340,6 +340,13 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) |
3852 | + return 0; |
3853 | + return OSSL_PARAM_set_size_t(p, sz); |
3854 | + } |
3855 | ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) { |
3856 | ++ if (ctx->info == NULL || ctx->info_len == 0) { |
3857 | ++ p->return_size = 0; |
3858 | ++ return 1; |
3859 | ++ } |
3860 | ++ return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len); |
3861 | ++ } |
3862 | + return -2; |
3863 | + } |
3864 | + |
3865 | +@@ -348,6 +355,7 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx, |
3866 | + { |
3867 | + static const OSSL_PARAM known_gettable_ctx_params[] = { |
3868 | + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), |
3869 | ++ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), |
3870 | + OSSL_PARAM_END |
3871 | + }; |
3872 | + return known_gettable_ctx_params; |
3873 | +diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c |
3874 | +index f816d24fb5..c09e2f3830 100644 |
3875 | +--- a/test/pkey_meth_kdf_test.c |
3876 | ++++ b/test/pkey_meth_kdf_test.c |
3877 | +@@ -16,7 +16,7 @@ |
3878 | + #include <openssl/kdf.h> |
3879 | + #include "testutil.h" |
3880 | + |
3881 | +-static int test_kdf_tls1_prf(void) |
3882 | ++static int test_kdf_tls1_prf(int index) |
3883 | + { |
3884 | + int ret = 0; |
3885 | + EVP_PKEY_CTX *pctx; |
3886 | +@@ -40,10 +40,23 @@ static int test_kdf_tls1_prf(void) |
3887 | + TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); |
3888 | + goto err; |
3889 | + } |
3890 | +- if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, |
3891 | +- (unsigned char *)"seed", 4) <= 0) { |
3892 | +- TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); |
3893 | +- goto err; |
3894 | ++ if (index == 0) { |
3895 | ++ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, |
3896 | ++ (unsigned char *)"seed", 4) <= 0) { |
3897 | ++ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); |
3898 | ++ goto err; |
3899 | ++ } |
3900 | ++ } else { |
3901 | ++ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, |
3902 | ++ (unsigned char *)"se", 2) <= 0) { |
3903 | ++ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); |
3904 | ++ goto err; |
3905 | ++ } |
3906 | ++ if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, |
3907 | ++ (unsigned char *)"ed", 2) <= 0) { |
3908 | ++ TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); |
3909 | ++ goto err; |
3910 | ++ } |
3911 | + } |
3912 | + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { |
3913 | + TEST_error("EVP_PKEY_derive"); |
3914 | +@@ -65,7 +78,7 @@ err: |
3915 | + return ret; |
3916 | + } |
3917 | + |
3918 | +-static int test_kdf_hkdf(void) |
3919 | ++static int test_kdf_hkdf(int index) |
3920 | + { |
3921 | + int ret = 0; |
3922 | + EVP_PKEY_CTX *pctx; |
3923 | +@@ -94,10 +107,23 @@ static int test_kdf_hkdf(void) |
3924 | + TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); |
3925 | + goto err; |
3926 | + } |
3927 | +- if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) |
3928 | ++ if (index == 0) { |
3929 | ++ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) |
3930 | + <= 0) { |
3931 | +- TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); |
3932 | +- goto err; |
3933 | ++ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); |
3934 | ++ goto err; |
3935 | ++ } |
3936 | ++ } else { |
3937 | ++ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) |
3938 | ++ <= 0) { |
3939 | ++ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); |
3940 | ++ goto err; |
3941 | ++ } |
3942 | ++ if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) |
3943 | ++ <= 0) { |
3944 | ++ TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); |
3945 | ++ goto err; |
3946 | ++ } |
3947 | + } |
3948 | + if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { |
3949 | + TEST_error("EVP_PKEY_derive"); |
3950 | +@@ -195,8 +221,13 @@ err: |
3951 | + |
3952 | + int setup_tests(void) |
3953 | + { |
3954 | +- ADD_TEST(test_kdf_tls1_prf); |
3955 | +- ADD_TEST(test_kdf_hkdf); |
3956 | ++ int tests = 1; |
3957 | ++ |
3958 | ++ if (fips_provider_version_ge(NULL, 3, 3, 1)) |
3959 | ++ tests = 2; |
3960 | ++ |
3961 | ++ ADD_ALL_TESTS(test_kdf_tls1_prf, tests); |
3962 | ++ ADD_ALL_TESTS(test_kdf_hkdf, tests); |
3963 | + #ifndef OPENSSL_NO_SCRYPT |
3964 | + ADD_TEST(test_kdf_scrypt); |
3965 | + #endif |
3966 | +-- |
3967 | +2.40.1 |
3968 | + |
3969 | diff --git a/debian/patches/post-3.0.13/0055-Fix-Error-finalizing-cipher-loop-when-running-openss.patch b/debian/patches/post-3.0.13/0055-Fix-Error-finalizing-cipher-loop-when-running-openss.patch |
3970 | new file mode 100644 |
3971 | index 0000000..f2d6a23 |
3972 | --- /dev/null |
3973 | +++ b/debian/patches/post-3.0.13/0055-Fix-Error-finalizing-cipher-loop-when-running-openss.patch |
3974 | @@ -0,0 +1,59 @@ |
3975 | +From 3aa6b409b021c388c87096d2aca2758e954f8358 Mon Sep 17 00:00:00 2001 |
3976 | +From: Tom Cosgrove <tom.cosgrove@arm.com> |
3977 | +Date: Mon, 26 Feb 2024 17:14:48 +0000 |
3978 | +Subject: [PATCH 55/63] Fix "Error finalizing cipher loop" when running openssl |
3979 | + speed -evp -decrypt |
3980 | + |
3981 | +When using CCM, openssl speed uses the loop function EVP_Update_loop_ccm() which |
3982 | +sets a (fake) tag when decrypting. When using -aead (which benchmarks a different |
3983 | +sequence than normal, to be comparable to TLS operation), the loop function |
3984 | +EVP_Update_loop_aead() is used, which also sets a tag when decrypting. |
3985 | + |
3986 | +However, when using defaults, the loop function EVP_Update_loop() is used, which |
3987 | +does not set a tag on decryption, leading to "Error finalizing cipher loop". |
3988 | + |
3989 | +To fix this, set a fake tag value if we're doing decryption on an AEAD cipher in |
3990 | +EVP_Update_loop(). We don't check the return value: this shouldn't really be able |
3991 | +to fail, and if it does, the following EVP_DecryptUpdate() is almost certain to |
3992 | +fail, so that can catch it. |
3993 | + |
3994 | +The decryption is certain to fail (well, almost certain, but with a very low |
3995 | +probability of success), but this is no worse than at present. This minimal |
3996 | +change means that future benchmarking data should be comparable to previous |
3997 | +benchmarking data. |
3998 | + |
3999 | +(This is benchmarking code: don't write real apps like this!) |
4000 | + |
4001 | +Fixes #23657 |
4002 | + |
4003 | +Change-Id: Id581cf30503c1eb766464e315b1f33914040dcf7 |
4004 | + |
4005 | +Reviewed-by: Paul Yang <kaishen.yy@antfin.com> |
4006 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
4007 | +(Merged from https://github.com/openssl/openssl/pull/23757) |
4008 | + |
4009 | +(cherry picked from commit b3be6cc89e4dcfafe8f8be97e9519c26af2d19f5) |
4010 | +--- |
4011 | + apps/speed.c | 4 ++++ |
4012 | + 1 file changed, 4 insertions(+) |
4013 | + |
4014 | +diff --git a/apps/speed.c b/apps/speed.c |
4015 | +index 1113d775b8..6b3befa60d 100644 |
4016 | +--- a/apps/speed.c |
4017 | ++++ b/apps/speed.c |
4018 | +@@ -727,8 +727,12 @@ static int EVP_Update_loop(void *args) |
4019 | + unsigned char *buf = tempargs->buf; |
4020 | + EVP_CIPHER_CTX *ctx = tempargs->ctx; |
4021 | + int outl, count, rc; |
4022 | ++ unsigned char faketag[16] = { 0xcc }; |
4023 | + |
4024 | + if (decrypt) { |
4025 | ++ if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) { |
4026 | ++ (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag); |
4027 | ++ } |
4028 | + for (count = 0; COND(c[D_EVP][testnum]); count++) { |
4029 | + rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); |
4030 | + if (rc != 1) { |
4031 | +-- |
4032 | +2.40.1 |
4033 | + |
4034 | diff --git a/debian/patches/post-3.0.13/0056-APPS-Add-missing-OPENSSL_free-and-combine-the-error-.patch b/debian/patches/post-3.0.13/0056-APPS-Add-missing-OPENSSL_free-and-combine-the-error-.patch |
4035 | new file mode 100644 |
4036 | index 0000000..9cf3bff |
4037 | --- /dev/null |
4038 | +++ b/debian/patches/post-3.0.13/0056-APPS-Add-missing-OPENSSL_free-and-combine-the-error-.patch |
4039 | @@ -0,0 +1,60 @@ |
4040 | +From 4394a70b8f1a6a6a5cd84b662effe72caedab5cf Mon Sep 17 00:00:00 2001 |
4041 | +From: Jiasheng Jiang <jiasheng@purdue.edu> |
4042 | +Date: Sat, 16 Mar 2024 21:27:14 +0000 |
4043 | +Subject: [PATCH 56/63] APPS: Add missing OPENSSL_free() and combine the error |
4044 | + handler |
4045 | + |
4046 | +Add the OPENSSL_free() in the error handler to release the "*md_value" |
4047 | +allocated by app_malloc(). To make the code clear and avoid possible |
4048 | +future errors, combine the error handler in the "err" tag. |
4049 | +Then, we only need to use "goto err" instead of releasing the memory |
4050 | +separately. |
4051 | + |
4052 | +Since the EVP_MD_get_size() may return negative numbers when an error occurs, |
4053 | +create_query() may fail to catch the error since it only considers 0 as an |
4054 | +error code. |
4055 | + |
4056 | +Therefore, unifying the error codes of create_digest() from non-positive |
4057 | +numbers to 0 is better, which also benefits future programming. |
4058 | + |
4059 | +Fixes: c7235be ("RFC 3161 compliant time stamp request creation, response generation and response verification.") |
4060 | +Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> |
4061 | + |
4062 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
4063 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
4064 | +(Merged from https://github.com/openssl/openssl/pull/23873) |
4065 | + |
4066 | +(cherry picked from commit beb82177ddcd4b536544ceec92bb53f4d85d8e91) |
4067 | +--- |
4068 | + apps/ts.c | 9 ++++++--- |
4069 | + 1 file changed, 6 insertions(+), 3 deletions(-) |
4070 | + |
4071 | +diff --git a/apps/ts.c b/apps/ts.c |
4072 | +index 57292e187c..96d16d4bd5 100644 |
4073 | +--- a/apps/ts.c |
4074 | ++++ b/apps/ts.c |
4075 | +@@ -535,15 +535,18 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, |
4076 | + |
4077 | + *md_value = OPENSSL_hexstr2buf(digest, &digest_len); |
4078 | + if (*md_value == NULL || md_value_len != digest_len) { |
4079 | +- OPENSSL_free(*md_value); |
4080 | +- *md_value = NULL; |
4081 | + BIO_printf(bio_err, "bad digest, %d bytes " |
4082 | + "must be specified\n", md_value_len); |
4083 | +- return 0; |
4084 | ++ goto err; |
4085 | + } |
4086 | + } |
4087 | + rv = md_value_len; |
4088 | + err: |
4089 | ++ if (rv <= 0) { |
4090 | ++ OPENSSL_free(*md_value); |
4091 | ++ *md_value = NULL; |
4092 | ++ rv = 0; |
4093 | ++ } |
4094 | + EVP_MD_CTX_free(md_ctx); |
4095 | + return rv; |
4096 | + } |
4097 | +-- |
4098 | +2.40.1 |
4099 | + |
4100 | diff --git a/debian/patches/post-3.0.13/0057-man-EVP_PKEY_CTX_set_params-document-params-is-a-lis.patch b/debian/patches/post-3.0.13/0057-man-EVP_PKEY_CTX_set_params-document-params-is-a-lis.patch |
4101 | new file mode 100644 |
4102 | index 0000000..43b0b6b |
4103 | --- /dev/null |
4104 | +++ b/debian/patches/post-3.0.13/0057-man-EVP_PKEY_CTX_set_params-document-params-is-a-lis.patch |
4105 | @@ -0,0 +1,34 @@ |
4106 | +From e1b8d911b47f256d973fffccdf421a6368c2b87d Mon Sep 17 00:00:00 2001 |
4107 | +From: Hubert Kario <hkario@redhat.com> |
4108 | +Date: Wed, 27 Mar 2024 17:44:42 +0100 |
4109 | +Subject: [PATCH 57/63] man EVP_PKEY_CTX_set_params: document params is a list |
4110 | + |
4111 | +Signed-off-by: Hubert Kario <hkario@redhat.com> |
4112 | + |
4113 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
4114 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
4115 | +(Merged from https://github.com/openssl/openssl/pull/23986) |
4116 | + |
4117 | +(cherry picked from commit 9b87c5a3ffa1ca233be96dd0bce812c04bad53fe) |
4118 | +--- |
4119 | + doc/man3/EVP_PKEY_CTX_set_params.pod | 4 +++- |
4120 | + 1 file changed, 3 insertions(+), 1 deletion(-) |
4121 | + |
4122 | +diff --git a/doc/man3/EVP_PKEY_CTX_set_params.pod b/doc/man3/EVP_PKEY_CTX_set_params.pod |
4123 | +index c02151654c..2cc6846b1d 100644 |
4124 | +--- a/doc/man3/EVP_PKEY_CTX_set_params.pod |
4125 | ++++ b/doc/man3/EVP_PKEY_CTX_set_params.pod |
4126 | +@@ -23,7 +23,9 @@ The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions allow |
4127 | + transfer of arbitrary key parameters to and from providers. |
4128 | + Not all parameters may be supported by all providers. |
4129 | + See L<OSSL_PROVIDER(3)> for more information on providers. |
4130 | +-See L<OSSL_PARAM(3)> for more information on parameters. |
4131 | ++The I<params> field is a pointer to a list of B<OSSL_PARAM> structures, |
4132 | ++terminated with a L<OSSL_PARAM_END(3)> struct. |
4133 | ++See L<OSSL_PARAM(3)> for information about passing parameters. |
4134 | + These functions must only be called after the EVP_PKEY_CTX has been initialised |
4135 | + for use in an operation. |
4136 | + These methods replace the EVP_PKEY_CTX_ctrl() mechanism. (EVP_PKEY_CTX_ctrl now |
4137 | +-- |
4138 | +2.40.1 |
4139 | + |
4140 | diff --git a/debian/patches/post-3.0.13/0058-Fix-socket-descriptor-checks-on-Windows.patch b/debian/patches/post-3.0.13/0058-Fix-socket-descriptor-checks-on-Windows.patch |
4141 | new file mode 100644 |
4142 | index 0000000..9da0813 |
4143 | --- /dev/null |
4144 | +++ b/debian/patches/post-3.0.13/0058-Fix-socket-descriptor-checks-on-Windows.patch |
4145 | @@ -0,0 +1,53 @@ |
4146 | +From b32efb6f018e660281c8648f8a20cd1f53b0b7de Mon Sep 17 00:00:00 2001 |
4147 | +From: olszomal <Malgorzata.Olszowka@stunnel.org> |
4148 | +Date: Thu, 4 Apr 2024 11:34:33 +0200 |
4149 | +Subject: [PATCH 58/63] Fix socket descriptor checks on Windows |
4150 | + |
4151 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
4152 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
4153 | +(Merged from https://github.com/openssl/openssl/pull/24035) |
4154 | + |
4155 | +(cherry picked from commit c89baf871030c811ba316ccbdcea26c294f605ae) |
4156 | +--- |
4157 | + crypto/bio/bio_lib.c | 8 ++++++-- |
4158 | + crypto/bio/bio_sock.c | 4 ++++ |
4159 | + 2 files changed, 10 insertions(+), 2 deletions(-) |
4160 | + |
4161 | +diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c |
4162 | +index c86b9ac198..10278496c1 100644 |
4163 | +--- a/crypto/bio/bio_lib.c |
4164 | ++++ b/crypto/bio/bio_lib.c |
4165 | +@@ -869,8 +869,12 @@ static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) |
4166 | + return 1; |
4167 | + |
4168 | + #ifndef OPENSSL_NO_SOCK |
4169 | +- if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE) |
4170 | +- return BIO_socket_wait(fd, BIO_should_read(bio), max_time); |
4171 | ++ if (BIO_get_fd(bio, &fd) > 0) { |
4172 | ++ int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time); |
4173 | ++ |
4174 | ++ if (ret != -1) |
4175 | ++ return ret; |
4176 | ++ } |
4177 | + #endif |
4178 | + /* fall back to polling since no sockets are available */ |
4179 | + |
4180 | +diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c |
4181 | +index 476cbcc5ce..6537a5062f 100644 |
4182 | +--- a/crypto/bio/bio_sock.c |
4183 | ++++ b/crypto/bio/bio_sock.c |
4184 | +@@ -396,7 +396,11 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time) |
4185 | + struct timeval tv; |
4186 | + time_t now; |
4187 | + |
4188 | ++#ifdef _WIN32 |
4189 | ++ if ((SOCKET)fd == INVALID_SOCKET) |
4190 | ++#else |
4191 | + if (fd < 0 || fd >= FD_SETSIZE) |
4192 | ++#endif |
4193 | + return -1; |
4194 | + if (max_time == 0) |
4195 | + return 1; |
4196 | +-- |
4197 | +2.40.1 |
4198 | + |
4199 | diff --git a/debian/patches/post-3.0.13/0059-Document-that-private-and-pairwise-checks-are-not-bo.patch b/debian/patches/post-3.0.13/0059-Document-that-private-and-pairwise-checks-are-not-bo.patch |
4200 | new file mode 100644 |
4201 | index 0000000..74f4903 |
4202 | --- /dev/null |
4203 | +++ b/debian/patches/post-3.0.13/0059-Document-that-private-and-pairwise-checks-are-not-bo.patch |
4204 | @@ -0,0 +1,34 @@ |
4205 | +From 2be64a7dc14e11a8b546e739a7ef3ad16590b803 Mon Sep 17 00:00:00 2001 |
4206 | +From: Tomas Mraz <tomas@openssl.org> |
4207 | +Date: Fri, 5 Apr 2024 16:31:05 +0200 |
4208 | +Subject: [PATCH 59/63] Document that private and pairwise checks are not |
4209 | + bounded by key size |
4210 | + |
4211 | +Reviewed-by: Neil Horman <nhorman@openssl.org> |
4212 | +Reviewed-by: Shane Lontis <shane.lontis@oracle.com> |
4213 | +(Merged from https://github.com/openssl/openssl/pull/24049) |
4214 | + |
4215 | +(cherry picked from commit 27005cecc75ec7a22a673d57fc35a11dea30ac0a) |
4216 | +--- |
4217 | + doc/man3/EVP_PKEY_check.pod | 5 +++++ |
4218 | + 1 file changed, 5 insertions(+) |
4219 | + |
4220 | +diff --git a/doc/man3/EVP_PKEY_check.pod b/doc/man3/EVP_PKEY_check.pod |
4221 | +index a16fdbbd50..198a0923c5 100644 |
4222 | +--- a/doc/man3/EVP_PKEY_check.pod |
4223 | ++++ b/doc/man3/EVP_PKEY_check.pod |
4224 | +@@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke |
4225 | + generation method, but may be required for assurance purposes when receiving |
4226 | + keys from a third party. |
4227 | + |
4228 | ++The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded |
4229 | ++by any key size limits as private keys are not expected to be supplied by |
4230 | ++attackers. For that reason they might take an unbounded time if run on |
4231 | ++arbitrarily large keys. |
4232 | ++ |
4233 | + =head1 RETURN VALUES |
4234 | + |
4235 | + All functions return 1 for success or others for failure. |
4236 | +-- |
4237 | +2.40.1 |
4238 | + |
4239 | diff --git a/debian/patches/post-3.0.13/0060-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch b/debian/patches/post-3.0.13/0060-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch |
4240 | new file mode 100644 |
4241 | index 0000000..f234b12 |
4242 | --- /dev/null |
4243 | +++ b/debian/patches/post-3.0.13/0060-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch |
4244 | @@ -0,0 +1,37 @@ |
4245 | +From 0f7276865c54af41e99d1cc9f38b52a72b081b27 Mon Sep 17 00:00:00 2001 |
4246 | +From: Tomas Mraz <tomas@openssl.org> |
4247 | +Date: Thu, 11 Apr 2024 09:40:18 +0200 |
4248 | +Subject: [PATCH 60/63] make_addressPrefix(): Fix a memory leak in error case |
4249 | + |
4250 | +Fixes #24098 |
4251 | + |
4252 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
4253 | +Reviewed-by: Richard Levitte <levitte@openssl.org> |
4254 | +(Merged from https://github.com/openssl/openssl/pull/24102) |
4255 | + |
4256 | +(cherry picked from commit 682ed1b86ebe97036ab37897d528343d0e4def69) |
4257 | +--- |
4258 | + crypto/x509/v3_addr.c | 4 ++-- |
4259 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
4260 | + |
4261 | +diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c |
4262 | +index 4930f33124..20f3d2ba70 100644 |
4263 | +--- a/crypto/x509/v3_addr.c |
4264 | ++++ b/crypto/x509/v3_addr.c |
4265 | +@@ -397,11 +397,11 @@ static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, |
4266 | + const int prefixlen, const int afilen) |
4267 | + { |
4268 | + int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; |
4269 | +- IPAddressOrRange *aor = IPAddressOrRange_new(); |
4270 | ++ IPAddressOrRange *aor; |
4271 | + |
4272 | + if (prefixlen < 0 || prefixlen > (afilen * 8)) |
4273 | + return 0; |
4274 | +- if (aor == NULL) |
4275 | ++ if ((aor = IPAddressOrRange_new()) == NULL) |
4276 | + return 0; |
4277 | + aor->type = IPAddressOrRange_addressPrefix; |
4278 | + if (aor->u.addressPrefix == NULL && |
4279 | +-- |
4280 | +2.40.1 |
4281 | + |
4282 | diff --git a/debian/patches/post-3.0.13/0061-list_provider_info-Fix-leak-on-error.patch b/debian/patches/post-3.0.13/0061-list_provider_info-Fix-leak-on-error.patch |
4283 | new file mode 100644 |
4284 | index 0000000..979abfb |
4285 | --- /dev/null |
4286 | +++ b/debian/patches/post-3.0.13/0061-list_provider_info-Fix-leak-on-error.patch |
4287 | @@ -0,0 +1,31 @@ |
4288 | +From 5e63050602e00640a3ff114b9cfddbc2189ff166 Mon Sep 17 00:00:00 2001 |
4289 | +From: Tomas Mraz <tomas@openssl.org> |
4290 | +Date: Thu, 11 Apr 2024 17:49:53 +0200 |
4291 | +Subject: [PATCH 61/63] list_provider_info(): Fix leak on error |
4292 | + |
4293 | +Fixes #24110 |
4294 | + |
4295 | +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> |
4296 | +Reviewed-by: Paul Dale <ppzgs1@gmail.com> |
4297 | +(Merged from https://github.com/openssl/openssl/pull/24117) |
4298 | + |
4299 | +(cherry picked from commit 993c2407d04956ffdf9b32cf0a7e4938ace816dc) |
4300 | +--- |
4301 | + apps/list.c | 1 + |
4302 | + 1 file changed, 1 insertion(+) |
4303 | + |
4304 | +diff --git a/apps/list.c b/apps/list.c |
4305 | +index 0fcbcbb083..ad5f45742c 100644 |
4306 | +--- a/apps/list.c |
4307 | ++++ b/apps/list.c |
4308 | +@@ -1230,6 +1230,7 @@ static void list_provider_info(void) |
4309 | + } |
4310 | + |
4311 | + if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) { |
4312 | ++ sk_OSSL_PROVIDER_free(providers); |
4313 | + BIO_printf(bio_err, "ERROR: Memory allocation\n"); |
4314 | + return; |
4315 | + } |
4316 | +-- |
4317 | +2.40.1 |
4318 | + |
4319 | diff --git a/debian/patches/post-3.0.13/0062-doc-fingerprints.txt-Add-the-future-OpenSSL-release-.patch b/debian/patches/post-3.0.13/0062-doc-fingerprints.txt-Add-the-future-OpenSSL-release-.patch |
4320 | new file mode 100644 |
4321 | index 0000000..1d1bed1 |
4322 | --- /dev/null |
4323 | +++ b/debian/patches/post-3.0.13/0062-doc-fingerprints.txt-Add-the-future-OpenSSL-release-.patch |
4324 | @@ -0,0 +1,34 @@ |
4325 | +From 5fbb133d6a7bbbcb1f904e4ba229dc2abed6f0c8 Mon Sep 17 00:00:00 2001 |
4326 | +From: Richard Levitte <levitte@openssl.org> |
4327 | +Date: Mon, 8 Apr 2024 15:14:40 +0200 |
4328 | +Subject: [PATCH 62/63] doc/fingerprints.txt: Add the future OpenSSL release |
4329 | + key |
4330 | + |
4331 | +This will be used for future releases |
4332 | + |
4333 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
4334 | +Reviewed-by: Matt Caswell <matt@openssl.org> |
4335 | +(Merged from https://github.com/openssl/openssl/pull/24063) |
4336 | + |
4337 | +(cherry picked from commit 4ffef97d3755a0425d5d72680daebfa07383b05c) |
4338 | +--- |
4339 | + doc/fingerprints.txt | 3 +++ |
4340 | + 1 file changed, 3 insertions(+) |
4341 | + |
4342 | +diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt |
4343 | +index 9a26f7c667..9613cbac98 100644 |
4344 | +--- a/doc/fingerprints.txt |
4345 | ++++ b/doc/fingerprints.txt |
4346 | +@@ -15,6 +15,9 @@ currently in use to sign OpenSSL distributions: |
4347 | + OpenSSL OMC: |
4348 | + EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 |
4349 | + |
4350 | ++OpenSSL: |
4351 | ++BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF |
4352 | ++ |
4353 | + Richard Levitte: |
4354 | + 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C |
4355 | + |
4356 | +-- |
4357 | +2.40.1 |
4358 | + |
4359 | diff --git a/debian/patches/post-3.0.13/0063-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch b/debian/patches/post-3.0.13/0063-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch |
4360 | new file mode 100644 |
4361 | index 0000000..4de0940 |
4362 | --- /dev/null |
4363 | +++ b/debian/patches/post-3.0.13/0063-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch |
4364 | @@ -0,0 +1,94 @@ |
4365 | +From 45c2a82041a2ed9f732b0c9c9d7c3bf07cd00835 Mon Sep 17 00:00:00 2001 |
4366 | +From: trinity-1686a <trinity@deuxfleurs.fr> |
4367 | +Date: Mon, 15 Apr 2024 11:13:14 +0200 |
4368 | +Subject: [PATCH 63/63] Handle empty param in EVP_PKEY_CTX_add1_hkdf_info |
4369 | + |
4370 | +Fixes #24130 |
4371 | +The regression was introduced in PR #23456. |
4372 | + |
4373 | +Reviewed-by: Paul Dale <ppzgs1@gmail.com> |
4374 | +Reviewed-by: Tomas Mraz <tomas@openssl.org> |
4375 | +(Merged from https://github.com/openssl/openssl/pull/24141) |
4376 | + |
4377 | +(cherry picked from commit 299996fb1fcd76eeadfd547958de2a1b822f37f5) |
4378 | +--- |
4379 | + crypto/evp/pmeth_lib.c | 2 ++ |
4380 | + test/evp_extra_test.c | 42 ++++++++++++++++++++++++++++++++++++++++++ |
4381 | + 2 files changed, 44 insertions(+) |
4382 | + |
4383 | +diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c |
4384 | +index d0eeaf7137..bce1ebc84e 100644 |
4385 | +--- a/crypto/evp/pmeth_lib.c |
4386 | ++++ b/crypto/evp/pmeth_lib.c |
4387 | +@@ -1053,6 +1053,8 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, |
4388 | + if (datalen < 0) { |
4389 | + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); |
4390 | + return 0; |
4391 | ++ } else if (datalen == 0) { |
4392 | ++ return 1; |
4393 | + } |
4394 | + |
4395 | + /* Get the original value length */ |
4396 | +diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c |
4397 | +index e7b813493f..7e97e2d34d 100644 |
4398 | +--- a/test/evp_extra_test.c |
4399 | ++++ b/test/evp_extra_test.c |
4400 | +@@ -2587,6 +2587,47 @@ static int test_emptyikm_HKDF(void) |
4401 | + return ret; |
4402 | + } |
4403 | + |
4404 | ++static int test_empty_salt_info_HKDF(void) |
4405 | ++{ |
4406 | ++ EVP_PKEY_CTX *pctx; |
4407 | ++ unsigned char out[20]; |
4408 | ++ size_t outlen; |
4409 | ++ int ret = 0; |
4410 | ++ unsigned char salt[] = ""; |
4411 | ++ unsigned char key[] = "012345678901234567890123456789"; |
4412 | ++ unsigned char info[] = ""; |
4413 | ++ const unsigned char expected[] = { |
4414 | ++ 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, |
4415 | ++ 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, |
4416 | ++ }; |
4417 | ++ size_t expectedlen = sizeof(expected); |
4418 | ++ |
4419 | ++ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) |
4420 | ++ goto done; |
4421 | ++ |
4422 | ++ outlen = sizeof(out); |
4423 | ++ memset(out, 0, outlen); |
4424 | ++ |
4425 | ++ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) |
4426 | ++ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) |
4427 | ++ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, |
4428 | ++ sizeof(salt) - 1), 0) |
4429 | ++ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, |
4430 | ++ sizeof(key) - 1), 0) |
4431 | ++ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, |
4432 | ++ sizeof(info) - 1), 0) |
4433 | ++ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) |
4434 | ++ || !TEST_mem_eq(out, outlen, expected, expectedlen)) |
4435 | ++ goto done; |
4436 | ++ |
4437 | ++ ret = 1; |
4438 | ++ |
4439 | ++ done: |
4440 | ++ EVP_PKEY_CTX_free(pctx); |
4441 | ++ |
4442 | ++ return ret; |
4443 | ++} |
4444 | ++ |
4445 | + #ifndef OPENSSL_NO_EC |
4446 | + static int test_X509_PUBKEY_inplace(void) |
4447 | + { |
4448 | +@@ -5385,6 +5426,7 @@ int setup_tests(void) |
4449 | + #endif |
4450 | + ADD_TEST(test_HKDF); |
4451 | + ADD_TEST(test_emptyikm_HKDF); |
4452 | ++ ADD_TEST(test_empty_salt_info_HKDF); |
4453 | + #ifndef OPENSSL_NO_EC |
4454 | + ADD_TEST(test_X509_PUBKEY_inplace); |
4455 | + ADD_TEST(test_X509_PUBKEY_dup); |
4456 | +-- |
4457 | +2.40.1 |
4458 | + |
4459 | diff --git a/debian/patches/series b/debian/patches/series |
4460 | index 14e11b9..cc341e8 100644 |
4461 | --- a/debian/patches/series |
4462 | +++ b/debian/patches/series |
4463 | @@ -24,3 +24,62 @@ fips/crypto-Automatically-use-the-FIPS-provider-when-the-kerne.patch |
4464 | fips/apps-speed-Omit-unavailable-algorithms-in-FIPS-mode.patch |
4465 | fips/apps-pass-propquery-arg-to-the-libctx-DRBG-fetches.patch |
4466 | fips/test-Ensure-encoding-runs-with-the-correct-context-during.patch |
4467 | + |
4468 | +# Patches after 3.0.13, not yet released as part of 3.0.14 |
4469 | +# |
4470 | +post-3.0.13/0001-Prepare-for-3.0.14.patch |
4471 | +post-3.0.13/0002-fix-missing-null-check-in-kdf_test_ctrl.patch |
4472 | +post-3.0.13/0003-Fix-a-possible-memleak-in-bind_afalg.patch |
4473 | +post-3.0.13/0004-Fix-error-reporting-in-EVP_PKEY_-sign-verify-verify_.patch |
4474 | +post-3.0.13/0005-Revert-Improved-detection-of-engine-provided-private.patch |
4475 | +post-3.0.13/0006-Document-the-implications-of-setting-engine-based-lo.patch |
4476 | +post-3.0.13/0008-Fix-a-few-incorrect-paths-in-some-build.info-files.patch |
4477 | +post-3.0.13/0009-Make-IV-buf-in-prov_cipher_ctx_st-aligned.patch |
4478 | +post-3.0.13/0010-Fix-testcases-to-run-on-duplicated-keys.patch |
4479 | +post-3.0.13/0011-Rearrange-terms-in-gf_mul-to-prevent-segfault.patch |
4480 | +post-3.0.13/0012-Fix-memory-leaks-on-error-cases-during-drbg-initiali.patch |
4481 | +post-3.0.13/0013-Fix-typos-found-by-codespell-in-openssl-3.0.patch |
4482 | +post-3.0.13/0014-KDF_CTX_new-API-has-incorrect-signature-const-should.patch |
4483 | +post-3.0.13/0015-Check-for-NULL-cleanup-function-before-using-it-in-e.patch |
4484 | +post-3.0.13/0016-Fixed-Visual-Studio-2008-compiler-errors.patch |
4485 | +post-3.0.13/0017-Correct-the-defined-name-of-the-parameter-micalg-in-.patch |
4486 | +post-3.0.13/0018-Don-t-print-excessively-long-ASN1-items-in-fuzzer.patch |
4487 | +post-3.0.13/0019-Add-atexit-configuration-option-to-using-atexit-in-l.patch |
4488 | +post-3.0.13/0020-Minor-wording-fixes-related-to-no-atexit.patch |
4489 | +post-3.0.13/0021-s_cb.c-Add-missing-return-value-checks.patch |
4490 | +post-3.0.13/0022-SSL_set1_groups_list-Fix-memory-corruption-with-40-g.patch |
4491 | +post-3.0.13/0023-Ensure-MAKE-commands-and-CFLAGS-are-appropriately-qu.patch |
4492 | +post-3.0.13/0024-Fix-off-by-one-issue-in-buf2hexstr_sep.patch |
4493 | +post-3.0.13/0026-Try-to-fix-intermittent-CI-failures-in-sslapitest.patch |
4494 | +post-3.0.13/0027-FAQ.md-should-be-removed.patch |
4495 | +post-3.0.13/0028-Doc-fix-style.patch |
4496 | +post-3.0.13/0029-Fix-dasync_rsa_decrypt-to-call-EVP_PKEY_meth_get_dec.patch |
4497 | +post-3.0.13/0031-SSL_add_dir_cert_subjects_to_stack-Documented-return.patch |
4498 | +post-3.0.13/0032-Fix-unbounded-memory-growth-when-using-no-cached-fet.patch |
4499 | +post-3.0.13/0033-Update-FIPS-hmac-key-documentation.patch |
4500 | +post-3.0.13/0035-Fixed-a-typo-and-grammar-in-openssl-ts.pod.patch |
4501 | +post-3.0.13/0036-Replace-unsigned-with-int.patch |
4502 | +post-3.0.13/0037-Add-NULL-check-before-accessing-PKCS7-encrypted-algo.patch |
4503 | +post-3.0.13/0038-Explicitly-state-what-keys-does.patch |
4504 | +post-3.0.13/0040-Fix-openssl-req-with-addext-subjectAltName-dirName.patch |
4505 | +post-3.0.13/0041-Fix-handling-of-NULL-sig-parameter-in-ECDSA_sign-and.patch |
4506 | +post-3.0.13/0042-Align-openssl-req-string_mask-docs-to-how-the-softwa.patch |
4507 | +post-3.0.13/0043-Add-documentation-policy-link-to-CONTRIBUTING-guide.patch |
4508 | +post-3.0.13/0045-DEFINE_STACK_OF.pod-Fix-prototypes-of-sk_TYPE_free-z.patch |
4509 | +post-3.0.13/0046-openssl-crl-1-The-verify-option-is-implied-by-CA-opt.patch |
4510 | +post-3.0.13/0048-Add-a-test-for-session-cache-handling.patch |
4511 | +post-3.0.13/0049-Extend-the-multi_resume-test-for-simultaneous-resump.patch |
4512 | +post-3.0.13/0050-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch |
4513 | +post-3.0.13/0051-Add-a-CHANGES.md-NEWS.md-entry-for-the-unbounded-mem.patch |
4514 | +post-3.0.13/0052-Hardening-around-not_resumable-sessions.patch |
4515 | +post-3.0.13/0053-Add-a-test-for-session-cache-overflow.patch |
4516 | +post-3.0.13/0054-Fix-EVP_PKEY_CTX_add1_hkdf_info-behavior.patch |
4517 | +post-3.0.13/0055-Fix-Error-finalizing-cipher-loop-when-running-openss.patch |
4518 | +post-3.0.13/0056-APPS-Add-missing-OPENSSL_free-and-combine-the-error-.patch |
4519 | +post-3.0.13/0057-man-EVP_PKEY_CTX_set_params-document-params-is-a-lis.patch |
4520 | +post-3.0.13/0058-Fix-socket-descriptor-checks-on-Windows.patch |
4521 | +post-3.0.13/0059-Document-that-private-and-pairwise-checks-are-not-bo.patch |
4522 | +post-3.0.13/0060-make_addressPrefix-Fix-a-memory-leak-in-error-case.patch |
4523 | +post-3.0.13/0061-list_provider_info-Fix-leak-on-error.patch |
4524 | +post-3.0.13/0062-doc-fingerprints.txt-Add-the-future-OpenSSL-release-.patch |
4525 | +post-3.0.13/0063-Handle-empty-param-in-EVP_PKEY_CTX_add1_hkdf_info.patch |