From 56eae1b760adf10835560a9ee595549a1f10410f Mon Sep 17 00:00:00 2001 From: Jung-uk Kim Date: Tue, 14 Dec 2021 13:30:54 -0500 Subject: [PATCH] Import OpenSSL 1.1.1m. --- CHANGES | 20 +++++ Configure | 3 + NEWS | 4 + README | 2 +- apps/ciphers.c | 3 +- apps/dgst.c | 6 +- apps/s_cb.c | 4 +- apps/s_client.c | 4 +- apps/s_server.c | 10 +-- apps/speed.c | 10 ++- crypto/armcap.c | 15 ++-- crypto/asn1/a_print.c | 9 +- crypto/asn1/asn1_lib.c | 11 ++- crypto/bio/bss_dgram.c | 6 +- crypto/bio/bss_mem.c | 4 +- crypto/bn/asm/mips.pl | 6 +- crypto/cms/cms_env.c | 3 +- crypto/dh/dh_ameth.c | 13 +-- crypto/ec/curve448/field.h | 4 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 29 +++++- crypto/engine/eng_dyn.c | 6 +- crypto/engine/eng_lib.c | 4 +- crypto/engine/eng_list.c | 89 ++++++++++++++++++- crypto/engine/eng_local.h | 11 ++- crypto/err/err.c | 3 +- crypto/evp/evp_enc.c | 12 +-- crypto/evp/p_lib.c | 13 ++- crypto/objects/o_names.c | 16 ++-- crypto/pem/pem_lib.c | 25 +++--- crypto/rand/rand_unix.c | 5 +- crypto/ts/ts_verify_ctx.c | 1 + crypto/uid.c | 2 +- crypto/x509/x509_vfy.c | 62 +++++++------ crypto/x509/x_name.c | 6 +- crypto/x509v3/v3_ncons.c | 3 + doc/man1/passwd.pod | 4 +- doc/man1/pkeyutl.pod | 10 +++ doc/man3/BIO_f_ssl.pod | 17 ++-- doc/man3/BIO_push.pod | 53 ++++++----- doc/man3/BN_rand.pod | 4 +- doc/man3/ENGINE_add.pod | 7 +- doc/man3/ERR_load_strings.pod | 6 +- doc/man3/EVP_EncryptInit.pod | 16 ++-- doc/man3/OBJ_nid2obj.pod | 30 +++---- doc/man3/SSL_CTX_set_num_tickets.pod | 10 +-- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 4 +- doc/man3/SSL_get_session.pod | 9 +- doc/man3/SSL_set_fd.pod | 13 ++- doc/man3/d2i_X509.pod | 6 +- doc/man7/ossl_store.pod | 4 +- engines/e_afalg.c | 9 +- engines/e_dasync.c | 30 ++++++- include/crypto/rand.h | 12 ++- include/openssl/ec.h | 17 ++-- include/openssl/opensslv.h | 4 +- ssl/bio_ssl.c | 7 +- ssl/record/ssl3_record.c | 2 +- ssl/s3_cbc.c | 4 +- ssl/ssl_asn1.c | 4 +- ssl/ssl_ciph.c | 3 +- ssl/ssl_lib.c | 2 + ssl/ssl_local.h | 2 +- ssl/statem/README | 2 +- ssl/statem/extensions_clnt.c | 5 +- ssl/statem/extensions_cust.c | 13 +-- ssl/statem/statem_lib.c | 4 +- 67 files changed, 511 insertions(+), 228 deletions(-) diff --git a/CHANGES b/CHANGES index 824f421b8d33..9d58cb0c58d9 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,26 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1l and 1.1.1m [14 Dec 2021] + + *) Avoid loading of a dynamic engine twice. + + [Bernd Edlinger] + + *) Fixed building on Debian with kfreebsd kernels + + [Mattias Ellert] + + *) Prioritise DANE TLSA issuer certs over peer certs + + [Viktor Dukhovni] + + *) Fixed random API for MacOS prior to 10.12 + + These MacOS versions don't support the CommonCrypto APIs + + [Lenny Primak] + Changes between 1.1.1k and 1.1.1l [24 Aug 2021] *) Fixed an SM2 Decryption Buffer Overflow. diff --git a/Configure b/Configure index b286dd0678bb..faf57b155a1c 100755 --- a/Configure +++ b/Configure @@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) { unless ($disabled{asan}) { push @{$config{cflags}}, "-fsanitize=address"; + push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } unless ($disabled{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX}; } unless ($disabled{msan}) { push @{$config{cflags}}, "-fsanitize=memory"; + push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} diff --git a/NEWS b/NEWS index 5a1207c66ed4..0769464fefa2 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,10 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] + + o None + Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711) diff --git a/README b/README index 7dc4e6790c34..50345c3c28eb 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1l 24 Aug 2021 + OpenSSL 1.1.1m 14 Dec 2021 Copyright (c) 1998-2021 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/ciphers.c b/apps/ciphers.c index 0bb33a4aca4b..aade3fbf5671 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -172,6 +172,7 @@ int ciphers_main(int argc, char **argv) if (convert != NULL) { BIO_printf(bio_out, "OpenSSL cipher name: %s\n", OPENSSL_cipher_name(convert)); + ret = 0; goto end; } diff --git a/apps/dgst.c b/apps/dgst.c index e595f7d8186f..f9b184be4cc1 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -316,7 +316,7 @@ int dgst_main(int argc, char **argv) EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; int r; - if (!BIO_get_md_ctx(bmd, &mctx)) { + if (BIO_get_md_ctx(bmd, &mctx) <= 0) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; @@ -345,7 +345,7 @@ int dgst_main(int argc, char **argv) /* we use md as a filter, reading from 'in' */ else { EVP_MD_CTX *mctx = NULL; - if (!BIO_get_md_ctx(bmd, &mctx)) { + if (BIO_get_md_ctx(bmd, &mctx) <= 0) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; diff --git a/apps/s_cb.c b/apps/s_cb.c index dee1b2e5b4f6..d066a423dee8 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, { unsigned int temp; int res = generate_cookie_callback(ssl, cookie, &temp); - *cookie_len = temp; + + if (res != 0) + *cookie_len = temp; return res; } diff --git a/apps/s_client.c b/apps/s_client.c index 83b3fc9c7f13..121cd1444fe6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -3151,6 +3151,8 @@ int s_client_main(int argc, char **argv) #endif OPENSSL_free(connectstr); OPENSSL_free(bindstr); + OPENSSL_free(bindhost); + OPENSSL_free(bindport); OPENSSL_free(host); OPENSSL_free(port); X509_VERIFY_PARAM_free(vpm); diff --git a/apps/s_server.c b/apps/s_server.c index 938e244222d8..64d53e68d0ee 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -134,12 +134,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); - if (SSL_version(ssl) >= TLS1_3_VERSION) { + if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) { /* - * This callback is designed for use in TLSv1.2. It is possible to use - * a single callback for all protocol versions - but it is preferred to - * use a dedicated callback for TLSv1.3. For TLSv1.3 we have - * psk_find_session_cb. + * This callback is designed for use in (D)TLSv1.2 (or below). It is + * possible to use a single callback for all protocol versions - but it + * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we + * have psk_find_session_cb. */ return 0; } diff --git a/apps/speed.c b/apps/speed.c index d4ae7ab7bfde..89bf18480fa1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1590,6 +1590,10 @@ int speed_main(int argc, char **argv) case OPT_MULTI: #ifndef NO_FORK multi = atoi(opt_arg()); + if (multi >= INT_MAX / (int)sizeof(int)) { + BIO_printf(bio_err, "%s: multi argument too large\n", prog); + return 0; + } #endif break; case OPT_ASYNCJOBS: @@ -3490,7 +3494,7 @@ static int do_multi(int multi, int size_num) close(fd[1]); mr = 1; usertime = 0; - free(fds); + OPENSSL_free(fds); return 0; } printf("Forked child %d\n", n); @@ -3603,7 +3607,7 @@ static int do_multi(int multi, int size_num) fclose(f); } - free(fds); + OPENSSL_free(fds); return 1; } #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index c5685bde5891..48c5d4d64e32 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -106,20 +106,23 @@ static unsigned long getauxval(unsigned long key) * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas * AArch64 used AT_HWCAP. */ +# ifndef AT_HWCAP +# define AT_HWCAP 16 +# endif +# ifndef AT_HWCAP2 +# define AT_HWCAP2 26 +# endif # if defined(__arm__) || defined (__arm) -# define HWCAP 16 - /* AT_HWCAP */ +# define HWCAP AT_HWCAP # define HWCAP_NEON (1 << 12) -# define HWCAP_CE 26 - /* AT_HWCAP2 */ +# define HWCAP_CE AT_HWCAP2 # define HWCAP_CE_AES (1 << 0) # define HWCAP_CE_PMULL (1 << 1) # define HWCAP_CE_SHA1 (1 << 2) # define HWCAP_CE_SHA256 (1 << 3) # elif defined(__aarch64__) -# define HWCAP 16 - /* AT_HWCAP */ +# define HWCAP AT_HWCAP # define HWCAP_NEON (1 << 1) # define HWCAP_CE HWCAP diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 85a631a27aa7..3790e82bb13a 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) int ia5 = 0; int t61 = 0; - if (len <= 0) - len = -1; if (s == NULL) return V_ASN1_PRINTABLESTRING; - while ((*s) && (len-- != 0)) { + if (len < 0) + len = strlen((const char *)s); + + while (len-- > 0) { c = *(s++); if (!ossl_isasn1print(c)) ia5 = 1; diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 3d99d1383d42..b9b7ad8e9e02 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -294,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) c = str->data; #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* No NUL terminator in fuzzing builds */ - str->data = OPENSSL_realloc(c, len); + str->data = OPENSSL_realloc(c, len != 0 ? len : 1); #else str->data = OPENSSL_realloc(c, len + 1); #endif @@ -307,7 +307,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->length = len; if (data != NULL) { memcpy(str->data, data, len); -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Set the unused byte to something non NUL and printable. */ + if (len == 0) + str->data[len] = '~'; +#else /* * Add a NUL terminator. This should not be necessary - but we add it as * a safety precaution @@ -375,7 +379,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) i = (a->length - b->length); if (i == 0) { - i = memcmp(a->data, b->data, a->length); + if (a->length != 0) + i = memcmp(a->data, b->data, a->length); if (i == 0) return a->type - b->type; else diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 942fd8b514be..c87ba4d26508 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include #include diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 7cb4a57813fd..2420b26553e0 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -280,7 +280,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; - *pptr = (char *)&(bm->data[0]); + *pptr = (char *)bm->data; } break; case BIO_C_SET_BUF_MEM: diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 8ad715bda4d4..76fe82334f88 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1984,6 +1984,8 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at mflo ($t_1,$a_2,$a_0) mfhi ($t_2,$a_2,$a_0) ___ @@ -2194,6 +2196,8 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at mflo ($t_1,$a_2,$a_0) mfhi ($t_2,$a_2,$a_0) ___ diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 04940146fd25..962a0137542a 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -737,6 +737,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, goto err; } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index d53004080d5e..576409ccb51b 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -629,16 +629,18 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, goto err; pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (!pk) - goto err; - if (pk->type != EVP_PKEY_DHX) + if (pk == NULL || pk->type != EVP_PKEY_DHX) goto err; + /* Get parameters from parent key */ dhpeer = DHparams_dup(pk->pkey.dh); + if (dhpeer == NULL) + goto err; + /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); p = ASN1_STRING_get0_data(pubkey); - if (!p || !plen) + if (p == NULL || plen == 0) goto err; if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { @@ -655,6 +657,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, pkpeer = EVP_PKEY_new(); if (pkpeer == NULL) goto err; + EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); dhpeer = NULL; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h index ccd04482d205..4e4eda664f78 100644 --- a/crypto/ec/curve448/field.h +++ b/crypto/ec/curve448/field.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -62,7 +62,7 @@ mask_t gf_eq(const gf x, const gf y); mask_t gf_lobit(const gf x); mask_t gf_hibit(const gf x); -void gf_serialize(uint8_t *serial, const gf x, int with_highbit); +void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_highbit); mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, uint8_t hi_nmask); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c8ee1e6f1762..4335b3da1a54 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -548,7 +548,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPARAMETERS_free(ret->value.parameters); } - if (EC_GROUP_get_asn1_flag(group)) { + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { /* * use the asn1 OID to describe the elliptic curve parameters */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8de486cbd763..b4c14e91e175 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,6 +12,7 @@ #include "ec_local.h" #include #include +#include #include #include "internal/nelem.h" @@ -3097,6 +3098,32 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) goto err; } } + + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { + /* + * Some curves don't have an associated OID: for those we should not + * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and + * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. + * + * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on + * `EC_GROUP_new()`, when we don't have enough elements to determine if + * an OID for the curve name actually exists. + * We could implement this check on `EC_GROUP_set_curve_name()` but + * overloading the simple setter with this lookup could have a negative + * performance impact and unexpected consequences. + */ + ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); + + if (asn1obj == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_OBJ_LIB); + goto err; + } + if (OBJ_length(asn1obj) == 0) + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + + ASN1_OBJECT_free(asn1obj); + } + ok = 1; err: if (!ok) { diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 06e677290a70..87c762edb8a0 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -477,7 +477,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ - if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { + if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) + || !ctx->bind_engine(e, ctx->engine_id, &fns)) { + engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 5bd584c5999a..fb727b787747 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,7 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; + e->dynamic_id = NULL; } int engine_free_util(ENGINE *e, int not_locked) @@ -92,6 +93,7 @@ int engine_free_util(ENGINE *e, int not_locked) */ if (e->destroy) e->destroy(e); + engine_remove_dynamic_id(e, not_locked); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 1352fb7c961d..e2e91d297bd6 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -24,6 +24,12 @@ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; +/* + * The linked list of currently loaded dynamic engines. + */ +static ENGINE *engine_dyn_list_head = NULL; +static ENGINE *engine_dyn_list_tail = NULL; + /* * This cleanup function is only needed internally. If it should be called, * we register it with the "engine_cleanup_int()" stack to be called during @@ -126,6 +132,85 @@ static int engine_list_remove(ENGINE *e) return 1; } +/* Add engine to dynamic engine list. */ +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked) +{ + int result = 0; + ENGINE *iterator = NULL; + + if (e == NULL) + return 0; + + if (e->dynamic_id == NULL && dynamic_id == NULL) + return 0; + + if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) + return 0; + + if (dynamic_id != NULL) { + iterator = engine_dyn_list_head; + while (iterator != NULL) { + if (iterator->dynamic_id == dynamic_id) + goto err; + iterator = iterator->next; + } + if (e->dynamic_id != NULL) + goto err; + e->dynamic_id = dynamic_id; + } + + if (engine_dyn_list_head == NULL) { + /* We are adding to an empty list. */ + if (engine_dyn_list_tail != NULL) + goto err; + engine_dyn_list_head = e; + e->prev_dyn = NULL; + } else { + /* We are adding to the tail of an existing list. */ + if (engine_dyn_list_tail == NULL + || engine_dyn_list_tail->next_dyn != NULL) + goto err; + engine_dyn_list_tail->next_dyn = e; + e->prev_dyn = engine_dyn_list_tail; + } + + engine_dyn_list_tail = e; + e->next_dyn = NULL; + result = 1; + + err: + if (not_locked) + CRYPTO_THREAD_unlock(global_engine_lock); + return result; +} + +/* Remove engine from dynamic engine list. */ +void engine_remove_dynamic_id(ENGINE *e, int not_locked) +{ + if (e == NULL || e->dynamic_id == NULL) + return; + + if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) + return; + + e->dynamic_id = NULL; + + /* un-link e from the chain. */ + if (e->next_dyn != NULL) + e->next_dyn->prev_dyn = e->prev_dyn; + if (e->prev_dyn != NULL) + e->prev_dyn->next_dyn = e->next_dyn; + /* Correct our head/tail if necessary. */ + if (engine_dyn_list_head == e) + engine_dyn_list_head = e->next_dyn; + if (engine_dyn_list_tail == e) + engine_dyn_list_tail = e->prev_dyn; + + if (not_locked) + CRYPTO_THREAD_unlock(global_engine_lock); +} + /* Get the first/last "ENGINE" type available. */ ENGINE *ENGINE_get_first(void) { @@ -272,6 +357,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->load_pubkey = src->load_pubkey; dest->cmd_defns = src->cmd_defns; dest->flags = src->flags; + dest->dynamic_id = src->dynamic_id; + engine_add_dynamic_id(dest, NULL, 0); } ENGINE *ENGINE_by_id(const char *id) diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h index 8ef7172b9f45..e271222d76a8 100644 --- a/crypto/engine/eng_local.h +++ b/crypto/engine/eng_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -118,6 +118,11 @@ void engine_pkey_asn1_meths_free(ENGINE *e); extern CRYPTO_ONCE engine_lock_init; DECLARE_RUN_ONCE(do_engine_lock_init) +typedef void (*ENGINE_DYNAMIC_ID)(void); +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked); +void engine_remove_dynamic_id(ENGINE *e, int not_locked); + /* * This is a structure for storing implementations of various crypto * algorithms and functions. @@ -162,6 +167,10 @@ struct engine_st { /* Used to maintain the linked-list of engines. */ struct engine_st *prev; struct engine_st *next; + /* Used to maintain the linked-list of dynamic engines. */ + struct engine_st *prev_dyn; + struct engine_st *next_dyn; + ENGINE_DYNAMIC_ID dynamic_id; }; typedef struct st_engine_pile ENGINE_PILE; diff --git a/crypto/err/err.c b/crypto/err/err.c index 1372d52f80ee..bd116e249acb 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -129,6 +129,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_INTERNAL_ERROR, "internal error"}, {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, {ERR_R_INIT_FAIL, "init fail"}, + {ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument"}, {ERR_R_OPERATION_FAIL, "operation fail"}, {0, NULL}, diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e3c165d48e08..d835968f253c 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -85,7 +85,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * previous check attempted to avoid this if the same ENGINE and * EVP_CIPHER could be used). */ - if (ctx->cipher) { + if (ctx->cipher +#ifndef OPENSSL_NO_ENGINE + || ctx->engine +#endif + || ctx->cipher_data) { unsigned long flags = ctx->flags; EVP_CIPHER_CTX_reset(ctx); /* Restore encrypt and flags */ @@ -105,11 +109,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); if (!c) { - /* - * One positive side-effect of US's export control history, - * is that we should at least be able to avoid using US - * misspellings of "initialisation"? - */ + ENGINE_finish(impl); EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9f1a485a5b83..1f36cb2164fc 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -212,10 +212,15 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, } if (pkey) { pkey->ameth = ameth; - pkey->engine = e; - pkey->type = pkey->ameth->pkey_id; pkey->save_type = type; +# ifndef OPENSSL_NO_ENGINE + if (eptr == NULL && e != NULL && !ENGINE_init(e)) { + EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR); + return 0; + } +# endif + pkey->engine = e; } return 1; } @@ -520,7 +525,7 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); return NULL; } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 979d83577c22..872676ba2277 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,8 +67,14 @@ static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); + names_lh = NULL; obj_lock = CRYPTO_THREAD_lock_new(); + if (obj_lock != NULL) + names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); + if (names_lh == NULL) { + CRYPTO_THREAD_lock_free(obj_lock); + obj_lock = NULL; + } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return names_lh != NULL && obj_lock != NULL; } @@ -217,10 +223,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data) type &= ~OBJ_NAME_ALIAS; onp = OPENSSL_malloc(sizeof(*onp)); - if (onp == NULL) { - /* ERROR */ - goto unlock; - } + if (onp == NULL) + return 0; onp->name = name; onp->alias = alias; diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a26322119aa7..2de093595d0d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -899,18 +899,13 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, unsigned char **data, long *len_out, unsigned int flags) { - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + EVP_ENCODE_CTX *ctx = NULL; const BIO_METHOD *bmeth; BIO *headerB = NULL, *dataB = NULL; char *name = NULL; int len, taillen, headerlen, ret = 0; BUF_MEM * buf_mem; - if (ctx == NULL) { - PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); - return 0; - } - *len_out = 0; *name_out = *header = NULL; *data = NULL; @@ -933,9 +928,20 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, if (!get_header_and_data(bp, &headerB, &dataB, name, flags)) goto end; - EVP_DecodeInit(ctx); BIO_get_mem_ptr(dataB, &buf_mem); len = buf_mem->length; + + /* There was no data in the PEM file */ + if (len == 0) + goto end; + + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) { + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); + goto end; + } + + EVP_DecodeInit(ctx); if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, (unsigned char*)buf_mem->data, len) < 0 || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), @@ -946,9 +952,6 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, len += taillen; buf_mem->length = len; - /* There was no data in the PEM file; avoid malloc(0). */ - if (len == 0) - goto end; headerlen = BIO_get_mem_data(headerB, NULL); *header = pem_malloc(headerlen + 1, flags); *data = pem_malloc(len, flags); diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 43f1069d151d..0f4525106af7 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -34,9 +34,6 @@ #if defined(__OpenBSD__) # include #endif -#if defined(__APPLE__) -# include -#endif #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include @@ -381,7 +378,7 @@ static ssize_t syscall_random(void *buf, size_t buflen) if (errno != ENOSYS) return -1; } -# elif defined(__APPLE__) +# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) return (ssize_t)buflen; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 32cd2f542bb7..b504649a415f 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -70,6 +70,7 @@ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len) { + OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; ctx->imprint_len = len; return ctx->imprint; diff --git a/crypto/uid.c b/crypto/uid.c index 5e3315eeb2e3..a9eae36818ca 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -17,7 +17,7 @@ int OPENSSL_issetugid(void) return 0; } -#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) +#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) # include OPENSSL_UNISTD diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 20a36e763c5d..e404fcc602df 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2924,6 +2924,26 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) return ok; } +static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr) +{ + if (src) { + STACK_OF(X509) *dst; + int i; + + if (*dstPtr == NULL) + return ((*dstPtr = sk_X509_dup(src)) != NULL); + + for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) { + if (!sk_X509_push(dst, sk_X509_value(src, i))) { + sk_X509_free(dst); + *dstPtr = NULL; + return 0; + } + } + } + return 1; +} + static int build_chain(X509_STORE_CTX *ctx) { SSL_DANE *dane = ctx->dane; @@ -2967,18 +2987,7 @@ static int build_chain(X509_STORE_CTX *ctx) } /* - * Shallow-copy the stack of untrusted certificates (with TLS, this is - * typically the content of the peer's certificate message) so can make - * multiple passes over it, while free to remove elements as we go. - */ - if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - - /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend* * them to our working copy of the untrusted certificate stack. Since the * caller of X509_STORE_CTX_init() may have provided only a leaf cert with * no corresponding stack of untrusted certificates, we may need to create @@ -2987,20 +2996,21 @@ static int build_chain(X509_STORE_CTX *ctx) * containing at least the leaf certificate, but we must be prepared for * this to change. ] */ - if (DANETLS_ENABLED(dane) && dane->certs != NULL) { - if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - for (i = 0; i < sk_X509_num(dane->certs); ++i) { - if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { - sk_X509_free(sktmp); - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - } + if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, &sktmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + return 0; + } + + /* + * Shallow-copy the stack of untrusted certificates (with TLS, this is + * typically the content of the peer's certificate message) so can make + * multiple passes over it, while free to remove elements as we go. + */ + if (!augment_stack(ctx->untrusted, &sktmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + return 0; } /* diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index aa7f4722b6b9..59ac6895bc26 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -217,8 +217,8 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, if (ret < 0) return ret; ret = x509_name_canon(a); - if (ret < 0) - return ret; + if (!ret) + return -1; } ret = a->bytes->length; if (out != NULL) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index d985aa91dacd..60cb4ceaa8f8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; + if (memchr(baseptr, 0, baseat - baseptr) || + memchr(emlptr, 0, emlat - emlptr)) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; diff --git a/doc/man1/passwd.pod b/doc/man1/passwd.pod index c5760fe76eae..26eb2ad35eaf 100644 --- a/doc/man1/passwd.pod +++ b/doc/man1/passwd.pod @@ -31,8 +31,6 @@ The B command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for option B<-stdin>, or from the command line, or from the terminal otherwise. -The Unix standard algorithm B and the MD5-based BSD password -algorithm B<1>, its Apache variant B, and its AIX variant are available. =head1 OPTIONS @@ -122,7 +120,7 @@ This can be used with a subsequent B<-rand> flag. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index 3b350efadd4f..f6fd48d5b579 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -246,6 +246,11 @@ B block structure. For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not explicitly set in PSS mode then the signing digest is used. +=item BI + +Sets the digest used for the OAEP hash function. If not explicitly set then +SHA1 is used. + =back =head1 RSA-PSS ALGORITHM @@ -319,6 +324,11 @@ seed consisting of the single byte 0xFF: openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \ -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump +Decrypt some data using a private key with OAEP padding using SHA256: + + openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \ + -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 + =head1 SEE ALSO L, L, L diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 641ee2329efc..8866785cfe1d 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -54,26 +54,26 @@ The SSL BIO is then reset to the initial accept or connect state. If the close flag is set when an SSL BIO is freed then the internal SSL structure is also freed using SSL_free(). -BIO_set_ssl() sets the internal SSL pointer of BIO B to B using +BIO_set_ssl() sets the internal SSL pointer of SSL BIO B to B using the close flag B. -BIO_get_ssl() retrieves the SSL pointer of BIO B, it can then be +BIO_get_ssl() retrieves the SSL pointer of SSL BIO B, it can then be manipulated using the standard SSL library functions. BIO_set_ssl_mode() sets the SSL BIO mode to B. If B is 1 client mode is set. If B is 0 server mode is set. -BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count +BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count of SSL BIO B to B. When set after every B bytes of I/O (read and write) the SSL session is automatically renegotiated. B must be at least 512 bytes. -BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to -B. When the renegotiate timeout elapses the session is -automatically renegotiated. +BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout of SSL BIO B +to B. +When the renegotiate timeout elapses the session is automatically renegotiated. BIO_get_num_renegotiates() returns the total number of session -renegotiations due to I/O or timeout. +renegotiations due to I/O or timeout of SSL BIO B. BIO_new_ssl() allocates an SSL BIO using SSL_CTX B and using client mode if B is non zero. @@ -82,8 +82,7 @@ BIO_new_ssl_connect() creates a new BIO chain consisting of an SSL BIO (using B) followed by a connect BIO. BIO_new_buffer_ssl_connect() creates a new BIO chain consisting -of a buffering BIO, an SSL BIO (using B) and a connect -BIO. +of a buffering BIO, an SSL BIO (using B), and a connect BIO. BIO_ssl_copy_session_id() copies an SSL session id between BIO chains B and B. It does this by locating the diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index 8b98bee49885..e16daafe8822 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -8,22 +8,27 @@ BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain #include - BIO *BIO_push(BIO *b, BIO *append); + BIO *BIO_push(BIO *b, BIO *next); BIO *BIO_pop(BIO *b); void BIO_set_next(BIO *b, BIO *next); =head1 DESCRIPTION -The BIO_push() function appends the BIO B to B, it returns -B. +BIO_push() pushes I on I. +If I is NULL the function does nothing and returns I. +Otherwise it prepends I, which may be a single BIO or a chain of BIOs, +to I (unless I is NULL). +It then makes a control call on I and returns I. -BIO_pop() removes the BIO B from a chain and returns the next BIO -in the chain, or NULL if there is no next BIO. The removed BIO then -becomes a single BIO with no association with the original chain, -it can thus be freed or attached to a different chain. +BIO_pop() removes the BIO I from any chain is is part of. +If I is NULL the function does nothing and returns NULL. +Otherwise it makes a control call on I and +returns the next BIO in the chain, or NULL if there is no next BIO. +The removed BIO becomes a single BIO with no association with +the original chain, it can thus be freed or be made part of a different chain. BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to -by B. The new chain may include some of the same BIOs from the old chain +by I. The new chain may include some of the same BIOs from the old chain or it may be completely different. =head1 NOTES @@ -33,41 +38,45 @@ joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, the deleted BIO does not need to be at the end of a chain. The process of calling BIO_push() and BIO_pop() on a BIO may have additional -consequences (a control call is made to the affected BIOs) any effects will -be noted in the descriptions of individual BIOs. +consequences (a control call is made to the affected BIOs). +Any effects will be noted in the descriptions of individual BIOs. =head1 RETURN VALUES -BIO_push() returns the end of the chain, B. +BIO_push() returns the head of the chain, +which usually is I, or I if I is NULL. -BIO_pop() returns the next BIO in the chain, or NULL if there is no next -BIO. +BIO_pop() returns the next BIO in the chain, +or NULL if there is no next BIO. =head1 EXAMPLES -For these examples suppose B and B are digest BIOs, B is -a base64 BIO and B is a file BIO. +For these examples suppose I and I are digest BIOs, +I is a base64 BIO and I is a file BIO. If the call: BIO_push(b64, f); -is made then the new chain will be B. After making the calls +is made then the new chain will be I. After making the calls BIO_push(md2, b64); BIO_push(md1, md2); -the new chain is B. Data written to B will be digested -by B and B, B encoded and written to B. +the new chain is I. Data written to I will be digested +by I and I, base64 encoded, and finally written to I. It should be noted that reading causes data to pass in the reverse -direction, that is data is read from B, B decoded and digested -by B and B. If the call: +direction, that is data is read from I, base64 decoded, +and digested by I and then I. + +The call: BIO_pop(md2); -The call will return B and the new chain will be B data can -be written to B as before. +will return I and the new chain will be I. +Data can be written to and read from I as before, +except that I will no more be applied. =head1 SEE ALSO diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index d57348e62b8c..5ed14a926fcc 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -38,7 +38,7 @@ the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is B, the number will be odd; if it is B it can be odd or even. -If B is 1 then B cannot also be B. +If B is 1 then B cannot also be B. BN_rand_range() generates a cryptographically strong pseudo-random number B in the range 0 E= B E B. @@ -89,7 +89,7 @@ BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index 369900c248c5..34a640d20553 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -597,8 +597,7 @@ B implementations. All ENGINE_register_TYPE() functions return 1 on success or 0 on error. -ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success -or 0 on error. +ENGINE_register_complete() and ENGINE_register_all_complete() always return 1. ENGINE_ctrl() returns a positive value on success or others on error. @@ -609,7 +608,7 @@ ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error ENGINE_new() returns a valid B structure on success or NULL if an error occurred. -ENGINE_free() returns 1 on success or 0 on error. +ENGINE_free() always returns 1. ENGINE_up_ref() returns 1 on success or 0 on error. @@ -657,7 +656,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_load_strings.pod b/doc/man3/ERR_load_strings.pod index 3167f2715052..2b21a3bc6d96 100644 --- a/doc/man3/ERR_load_strings.pod +++ b/doc/man3/ERR_load_strings.pod @@ -9,7 +9,7 @@ arbitrary error strings #include - void ERR_load_strings(int lib, ERR_STRING_DATA str[]); + int ERR_load_strings(int lib, ERR_STRING_DATA *str); int ERR_get_next_error_library(void); @@ -38,7 +38,7 @@ to user libraries at runtime. =head1 RETURN VALUES -ERR_load_strings() returns no value. ERR_PACK() return the error code. +ERR_load_strings() returns 1 for success and 0 for failure. ERR_PACK() returns the error code. ERR_get_next_error_library() returns zero on failure, otherwise a new library number. @@ -48,7 +48,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 0d8a780bb794..392ce5dbc579 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -380,18 +380,20 @@ B. =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) -Sets the expected tag to C bytes from C. -The tag length can only be set before specifying an IV. +When decrypting, this call sets the expected tag to C bytes from C. C must be between 1 and 16 inclusive. +The tag must be set prior to any call to EVP_DecryptFinal() or +EVP_DecryptFinal_ex(). For GCM, this call is only valid when decrypting data. For OCB, this call is valid when decrypting data to set the expected tag, -and before encryption to set the desired tag length. +and when encrypting to set the desired tag length. -In OCB mode, calling this before encryption with C set to C sets the -tag length. If this is not called prior to encryption, a default tag length is -used. +In OCB mode, calling this when encrypting with C set to C sets the +tag length. The tag length can only be set before specifying an IV. If this is +not called prior to setting the IV during encryption, then a default tag length +is used. For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB. @@ -659,7 +661,7 @@ EVP_CIPHER_CTX_reset(). =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index f84d5b1eb384..74379ad817da 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -46,26 +46,26 @@ Deprecated: The ASN1 object utility functions process ASN1_OBJECT structures which are a representation of the ASN1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric -identifiers, or Bs. OpenSSL has an internal table of OIDs that +identifiers, or Is. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values -- OIDs, NIDs, or names -- as constants. -OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B to +OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID I to an ASN1_OBJECT structure, its long name and its short name respectively, or B if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID -for the object B, the long name or the short name respectively +for the object I, the long name or the short name respectively or NID_undef if an error occurred. -OBJ_txt2nid() returns NID corresponding to text string . B can be +OBJ_txt2nid() returns NID corresponding to text string I. I can be a long name, a short name or the numerical representation of an object. -OBJ_txt2obj() converts the text string B into an ASN1_OBJECT structure. -If B is 0 then long names and short names will be interpreted -as well as numerical forms. If B is 1 only the numerical form +OBJ_txt2obj() converts the text string I into an ASN1_OBJECT structure. +If I is 0 then long names and short names will be interpreted +as well as numerical forms. If I is 1 only the numerical form is acceptable. OBJ_obj2txt() converts the B B into a textual representation. @@ -76,20 +76,20 @@ if the object has a long or short name then that will be used, otherwise the numerical form will be used. If B is 1 then the numerical form will always be used. -i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the B set to zero. +i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the I set to zero. -OBJ_cmp() compares B to B. If the two are identical 0 is returned. +OBJ_cmp() compares I to I. If the two are identical 0 is returned. -OBJ_dup() returns a copy of B. +OBJ_dup() returns a copy of I. -OBJ_create() adds a new object to the internal table. B is the -numerical form of the object, B the short name and B the +OBJ_create() adds a new object to the internal table. I is the +numerical form of the object, I the short name and I the long name. A new NID is returned for the created object in case of success and NID_undef in case of failure. -OBJ_length() returns the size of the content octets of B. +OBJ_length() returns the size of the content octets of I. -OBJ_get0_data() returns a pointer to the content octets of B. +OBJ_get0_data() returns a pointer to the content octets of I. The returned pointer is an internal pointer which B be freed. OBJ_cleanup() releases any resources allocated by creating new objects. @@ -181,7 +181,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index ad13ed15f406..bc031008f2f4 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -25,10 +25,10 @@ the client after a full handshake. Set the desired value (which could be 0) in the B argument. Typically these functions should be called before the start of the handshake. -The default number of tickets is 2; the default number of tickets sent following -a resumption handshake is 1 but this cannot be changed using these functions. -The number of tickets following a resumption handshake can be reduced to 0 using -custom session ticket callbacks (see L). +The default number of tickets is 2. Following a resumption the number of tickets +issued will never be more than 1 regardless of the value set via +SSL_set_num_tickets() or SSL_CTX_set_num_tickets(). If B is set to +0 then no tickets will be issued for either a normal connection or a resumption. Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using @@ -58,7 +58,7 @@ These functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index b2637efc1a72..15642f48f1e5 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -123,7 +123,7 @@ enable an attacker to obtain the session keys. =head1 RETURN VALUES -returns 0 to indicate the callback function was set. +Returns 1 to indicate the callback function was set and 0 otherwise. =head1 EXAMPLES @@ -193,7 +193,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 7c04570635da..b7472bd6082a 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -37,8 +37,11 @@ L for information on how to determine whether an SSL_SESSION object can be used for resumption or not. Additionally, in TLSv1.3, a server can send multiple messages that establish a -session for a single connection. In that case the above functions will only -return information on the last session that was received. +session for a single connection. In that case, on the client side, the above +functions will only return information on the last session that was received. On +the server side they will only return information on the last session that was +sent, or if no session tickets were sent then the session for the current +connection. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L. @@ -100,7 +103,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_fd.pod b/doc/man3/SSL_set_fd.pod index 6780d515f91f..3195a4ece937 100644 --- a/doc/man3/SSL_set_fd.pod +++ b/doc/man3/SSL_set_fd.pod @@ -45,6 +45,17 @@ The operation succeeded. =back +=head1 NOTES + +On Windows, a socket handle is a 64-bit data type (UINT_PTR), which leads to a +compiler warning (conversion from 'SOCKET' to 'int', possible loss of data) when +passing the socket handle to SSL_set_*fd(). For the time being, this warning can +safely be ignored, because although the Microsoft documentation claims that the +upper limit is INVALID_SOCKET-1 (2^64 - 2), in practice the current socket() +implementation returns an index into the kernel handle table, the size of which +is limited to 2^24. + + =head1 SEE ALSO L, L, @@ -53,7 +64,7 @@ L, L , L =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index e42049d2baec..30b419c512d6 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -158,6 +158,8 @@ d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, +d2i_X509_bio, +d2i_X509_fp, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, @@ -338,6 +340,8 @@ i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, +i2d_X509_bio, +i2d_X509_fp, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, @@ -612,7 +616,7 @@ efficiency reasons. =head1 COPYRIGHT -Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index b70619685103..19e15a65f82b 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -58,7 +58,7 @@ other encoding is undefined. * here just one example */ switch (OSSL_STORE_INFO_get_type(info)) { - case OSSL_STORE_INFO_X509: + case OSSL_STORE_INFO_CERT: /* Print the X.509 certificate text */ X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); /* Print the X.509 certificate PEM output */ @@ -77,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 4b1722846133..2d16c1383442 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -624,11 +624,8 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) } actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); - if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) { - ALG_WARN("%s afalg ctx passed\n", - ctx == NULL ? "NULL" : "Uninitialised"); - return 0; - } + if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) + return 1; close(actx->sfd); close(actx->bfd); diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 5cdacb66a043..9ad043b1bd1a 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -182,8 +182,8 @@ static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); static int dasync_cipher_nids[] = { - NID_aes_128_cbc, NID_aes_128_cbc_hmac_sha1, + NID_aes_128_cbc, 0 }; @@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, dasync_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, @@ -264,12 +265,14 @@ static int bind_dasync(ENGINE *e) 16 /* block size */, 16 /* key len */); if (_hidden_aes_128_cbc_hmac_sha1 == NULL + || EVP_aes_128_cbc_hmac_sha1() == NULL || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, @@ -371,6 +374,10 @@ static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, int ok = 1; if (cipher == NULL) { /* We are returning a list of supported nids */ + if (dasync_aes_128_cbc_hmac_sha1() == NULL) { + *nids = dasync_cipher_nids + 1; + return 1; + } *nids = dasync_cipher_nids; return (sizeof(dasync_cipher_nids) - 1) / sizeof(dasync_cipher_nids[0]); @@ -624,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, } } + case EVP_CTRL_COPY: + { + const EVP_CIPHER *cipher = aeadcapable + ? EVP_aes_128_cbc_hmac_sha1() + : EVP_aes_128_cbc(); + size_t data_size = EVP_CIPHER_impl_ctx_size(cipher); + void *cipher_data = OPENSSL_malloc(data_size); + + if (cipher_data == NULL) + return 0; + memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size); + pipe_ctx->inner_cipher_data = cipher_data; + return 1; + } + default: return 0; } diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 5350d3a93119..9e02bb0e504b 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,16 @@ # include +# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) +# include +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \ + (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) +# define OPENSSL_APPLE_CRYPTO_RANDOM 1 +# include +# include +# endif +# endif + /* forward declaration */ typedef struct rand_pool_st RAND_POOL; diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 44cc139966ef..24baf53c34d6 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -793,12 +793,15 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); -# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) -# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) -# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ - (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) -# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ - (unsigned char *)(x)) +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); # ifndef OPENSSL_NO_STDIO diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index cbbfab12b3f3..261d7cb326cb 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010cfL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021" +# define OPENSSL_VERSION_NUMBER 0x101010dfL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1m 14 Dec 2021" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index c4239345b633..67097d5cca41 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -76,13 +76,12 @@ static int ssl_free(BIO *a) if (a == NULL) return 0; bs = BIO_get_data(a); - if (bs->ssl != NULL) - SSL_shutdown(bs->ssl); if (BIO_get_shutdown(a)) { + if (bs->ssl != NULL) + SSL_shutdown(bs->ssl); if (BIO_get_init(a)) SSL_free(bs->ssl); - /* Clear all flags */ - BIO_clear_flags(a, ~0); + BIO_clear_flags(a, ~0); /* Clear all flags */ BIO_set_init(a, 0); } OPENSSL_free(bs); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index e6a8bbd71073..f158544789bb 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1039,7 +1039,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ - unsigned char dtlsseq[9], *p = dtlsseq; + unsigned char dtlsseq[8], *p = dtlsseq; s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index aa7d63f84a9f..c95dcd9fdec1 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -128,7 +128,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 799fee771ba5..926436410050 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -225,7 +225,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, ASN1_OCTET_STRING *src, size_t maxlen) { - if (src == NULL) { + if (src == NULL || src->length == 0) { *pdstlen = 0; return 1; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 735a483c6448..55f919fcd58a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1601,6 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { if (!sk_SSL_CIPHER_push(cipherstack, sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { + OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); return NULL; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ffd0a0bc6d17..9c411a329396 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1684,6 +1684,8 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, if (s->waitctx == NULL) return -1; } + + s->rwstate = SSL_NOTHING; switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, sizeof(struct ssl_async_args))) { case ASYNC_ERR: diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index f92472117a1b..9f346e30e8f4 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2622,7 +2622,7 @@ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, diff --git a/ssl/statem/README b/ssl/statem/README index 86cc06637291..bafe33060c92 100644 --- a/ssl/statem/README +++ b/ssl/statem/README @@ -55,7 +55,7 @@ Conceptually the state machine component is designed as follows: | | | | ____________V_______V________ ________V______V_______________ | | | | - | statem_both.c | | statem_dtls.c | + | statem_lib.c | | statem_dtls.c | | | | | | Non core functions common | | Non core functions common to | | to both servers and clients | | both DTLS servers and clients | diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ce8a75794c3a..9d38ac23b5f0 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1741,7 +1741,9 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) + && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12) s->ext.use_etm = 1; return 1; @@ -1872,6 +1874,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); + EVP_PKEY_free(skey); return 0; } if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index a0ba18efa704..1fe226f9f264 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,11 +146,12 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, } /* - * Extensions received in the ClientHello are marked with the - * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent - * extensions in the ServerHello/EncryptedExtensions message + * Extensions received in the ClientHello or CertificateRequest are marked + * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent + * extensions in the response messages */ - if ((context & SSL_EXT_CLIENT_HELLO) != 0) + if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)) + != 0) meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ @@ -192,7 +193,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { - /* Only send extensions present in ClientHello. */ + /* Only send extensions present in ClientHello/CertificateRequest */ if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) continue; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c3b6f8f4569a..695caab3d628 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -2410,6 +2410,8 @@ int tls13_save_handshake_digest_for_pha(SSL *s) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, ERR_R_INTERNAL_ERROR); + EVP_MD_CTX_free(s->pha_dgst); + s->pha_dgst = NULL; return 0; } }