[openssl] OpenSSL_1_1_1-stable update
Matt Caswell
matt at openssl.org
Tue Feb 16 15:54:14 UTC 2021
The branch OpenSSL_1_1_1-stable has been updated
via 97149c8219189c1bb61d36bfcd511956caeb4771 (commit)
via 52c587d60be67c337364b830dd3fdc15404a2f04 (commit)
via 2b2e3106fc57b810d91221aef4c4c39a8afd97c3 (commit)
via 8b02603cedc8fbdf9901aa2cc71877c28adbcaf2 (commit)
via 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (commit)
via 481a88f13c44996a008195791ea0dc076b968774 (commit)
via 901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (commit)
via 16c15c7a5484b341c6647f9f7b4ff3f9dadb5701 (commit)
via df1defb809df14bf7ff7aab8532f6e4a7a5235cf (commit)
via 122a19ab48091c657f7cb1fb3af9fc07bd557bbf (commit)
from c8c6e7438c03b2fc24e7ead460feeaef04911fb4 (commit)
- Log -----------------------------------------------------------------
commit 97149c8219189c1bb61d36bfcd511956caeb4771
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 16 15:24:11 2021 +0000
Prepare for 1.1.1k-dev
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 52c587d60be67c337364b830dd3fdc15404a2f04
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 16 15:24:01 2021 +0000
Prepare for 1.1.1j release
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 2b2e3106fc57b810d91221aef4c4c39a8afd97c3
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 16 15:04:45 2021 +0000
Update copyright year
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 8b02603cedc8fbdf9901aa2cc71877c28adbcaf2
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 16 12:17:04 2021 +0000
Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
Author: Matt Caswell <matt at openssl.org>
Date: Tue Feb 2 17:17:23 2021 +0000
Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840
Reviewed-by: Paul Dale <pauli at openssl.org>
commit 481a88f13c44996a008195791ea0dc076b968774
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 22 16:50:11 2021 +0000
Fix rsa_test to properly test RSA_SSLV23_PADDING
We test all three cases:
- An SSLv2 only client talking to a TLS capable server
- A TLS capable client talking to an SSLv2 only server
- A TLS capable client talking to a TLS capable server (should fail due
to detecting a rollback attack)
Reviewed-by: Paul Dale <pauli at openssl.org>
commit 901f1ef7dacb6b3bde63233a1f623e1fa2f0f058
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 22 16:38:50 2021 +0000
Fix the RSA_SSLV23_PADDING padding type
This also fixes the public function RSA_padding_check_SSLv23.
Commit 6555a89 changed the padding check logic in RSA_padding_check_SSLv23
so that padding is rejected if the nul delimiter byte is not immediately
preceded by at least 8 bytes containing 0x03. Prior to that commit the
padding is rejected if it *is* preceded by at least 8 bytes containing 0x03.
Presumably this change was made to be consistent with what it says in
appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the
original behaviour was correct. This is fixed in later errata issued for
that RFC.
This has no impact on libssl for modern versions of OpenSSL because
there is no protocol support for SSLv2 in these versions. However
applications that call RSA_paddin_check_SSLv23 directly, or use the
RSA_SSLV23_PADDING mode may still be impacted. The effect of the original
error is that an RSA message encrypted by an SSLv2 only client will fail to
be decrypted properly by a TLS capable server, or a message encrypted by a
TLS capable client will fail to decrypt on an SSLv2 only server. Most
significantly an RSA message encrypted by a TLS capable client will be
successfully decrypted by a TLS capable server. This last case should fail
due to a rollback being detected.
Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting
this issue.
CVE-2021-23839
Reviewed-by: Paul Dale <pauli at openssl.org>
commit 16c15c7a5484b341c6647f9f7b4ff3f9dadb5701
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jan 22 15:49:31 2021 +0000
Refactor rsa_test
Reduce code copying by factoring out common code into a separate function.
Reviewed-by: Paul Dale <pauli at openssl.org>
commit df1defb809df14bf7ff7aab8532f6e4a7a5235cf
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 16:36:57 2021 +0000
Test that X509_issuer_and_serial_hash doesn't crash
Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(cherry picked from commit 55869f594f052561b11a2db6a7c42690051868de)
commit 122a19ab48091c657f7cb1fb3af9fc07bd557bbf
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 16:10:36 2021 +0000
Fix Null pointer deref in X509_issuer_and_serial_hash()
The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed). This may
subsequently result in a NULL pointer deref and a crash leading to a
potential denial of service attack.
The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.
CVE-2021-23841
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 33 ++++++-
Configure | 2 +-
NEWS | 12 ++-
README | 2 +-
apps/ca.c | 2 +-
crypto/armcap.c | 2 +-
crypto/conf/conf_def.c | 2 +-
crypto/dh/dh_key.c | 2 +-
crypto/err/openssl.txt | 3 +-
crypto/evp/evp_enc.c | 27 ++++++
crypto/evp/evp_err.c | 4 +-
crypto/poly1305/asm/poly1305-armv4.pl | 2 +-
crypto/ppccap.c | 2 +-
crypto/rsa/rsa_ssl.c | 10 +-
crypto/srp/srp_lib.c | 2 +-
crypto/x509/x509_cmp.c | 4 +-
crypto/x509/x509_vfy.c | 2 +-
crypto/x509/x_all.c | 2 +-
crypto/x509v3/v3_purp.c | 2 +-
doc/man1/ca.pod | 2 +-
doc/man1/cms.pod | 2 +-
doc/man1/crl2pkcs7.pod | 2 +-
doc/man1/dgst.pod | 2 +-
doc/man1/dsa.pod | 2 +-
doc/man1/ec.pod | 2 +-
doc/man1/enc.pod | 2 +-
doc/man1/genpkey.pod | 2 +-
doc/man1/genrsa.pod | 2 +-
doc/man1/pkcs12.pod | 2 +-
doc/man1/pkcs8.pod | 2 +-
doc/man1/pkey.pod | 2 +-
doc/man1/pkeyutl.pod | 2 +-
doc/man1/req.pod | 2 +-
doc/man1/rsa.pod | 2 +-
doc/man1/s_client.pod | 2 +-
doc/man1/s_server.pod | 2 +-
doc/man1/smime.pod | 2 +-
doc/man1/spkac.pod | 2 +-
doc/man1/storeutl.pod | 2 +-
doc/man1/ts.pod | 2 +-
doc/man1/x509.pod | 2 +-
doc/man3/DH_generate_key.pod | 2 +-
doc/man3/X509_get_extension_flags.pod | 2 +-
.../x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76 | Bin 0 -> 356852 bytes
fuzz/x509.c | 2 +
include/openssl/evperr.h | 7 +-
include/openssl/opensslv.h | 4 +-
include/openssl/x509v3.h | 2 +-
ssl/d1_lib.c | 2 +-
ssl/record/rec_layer_d1.c | 2 +-
ssl/ssl_local.h | 2 +-
ssl/statem/extensions.c | 2 +-
ssl/statem/statem_clnt.c | 2 +-
test/certs/mkcert.sh | 2 +-
test/recipes/25-test_verify.t | 2 +-
test/recipes/70-test_verify_extra.t | 2 +-
test/recipes/80-test_x509aux.t | 2 +-
test/rsa_test.c | 105 +++++++++------------
test/verify_extra_test.c | 2 +-
test/x509aux.c | 2 +-
60 files changed, 187 insertions(+), 120 deletions(-)
create mode 100644 fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76
diff --git a/CHANGES b/CHANGES
index ba224c45cd..8c2b701311 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,9 +7,38 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
- Changes between 1.1.1i and 1.1.1j [xx XXX xxxx]
+ Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]
- *) Fixed SRP_Calc_client_key so that it uses constant time. The previous
+ *)
+
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+ create a unique hash value based on the issuer and serial number data
+ contained within an X509 certificate. However it was failing to correctly
+ handle any errors that may occur while parsing the issuer field (which might
+ occur if the issuer field is maliciously constructed). This may subsequently
+ result in a NULL pointer deref and a crash leading to a potential denial of
+ service attack.
+ (CVE-2021-23841)
+ [Matt Caswell]
+
+ *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks. This is considered a
+ bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+ CVE-2021-23839.
+ [Matt Caswell]
+
+ *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+ functions. Previously they could overflow the output length argument in some
+ cases where the input length is close to the maximum permissable length for
+ an integer on the platform. In such cases the return value from the function
+ call would be 1 (indicating success), but the output length value would be
+ negative. This could cause applications to behave incorrectly or crash.
+ (CVE-2021-23840)
+ [Matt Caswell]
+
+ *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
could be exploited in a side channel attack to recover the password. Since
the attack is local host only this is outside of the current OpenSSL
diff --git a/Configure b/Configure
index 3173503b76..b286dd0678 100755
--- a/Configure
+++ b/Configure
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/NEWS b/NEWS
index 55ffce8ea3..7e1cdf94e0 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,20 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [under development]
+ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development]
o
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
diff --git a/README b/README
index d52dcf1bc5..98ad8a356a 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1j-dev
+ OpenSSL 1.1.1k-dev
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/apps/ca.c b/apps/ca.c
index 3346042aa8..390ac37493 100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 53c2855883..8bf96f1021 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index c097ec1286..31c02cc49e 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ccf51b3546..117f2fa883 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 815460b24f..7e1776375d 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b9b6490fe0..0843caf4f0 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 05481d827f..32ac0125de 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+ "output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl
index 0a4fe55d98..70f46cd140 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index 1d62226965..e51156468a 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 1f155be175..ecdb3cee1f 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
/*
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
- * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
* preserves error code reporting for backward compatibility.
*/
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSA_R_NULL_BEFORE_BLOCK_MISSING);
mask = ~good;
- good &= constant_time_ge(threes_in_row, 8);
+ /*
+ * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note
+ * that RFC5246 incorrectly states this the other way around, i.e. reject
+ * if it is not preceded by 8 consecutive 0x03 bytes. However this is
+ * corrected in subsequent errata for that RFC.
+ */
+ good &= constant_time_lt(threes_in_row, 8);
err = constant_time_select_int(mask | good, err,
RSA_R_SSLV3_ROLLBACK_ATTACK);
mask = ~good;
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 0cefbfa910..ce3504825c 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index c9d8933640..1d8d2d7b28 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+ if (f == NULL)
+ goto err;
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 883c6d7118..0c71b2e8b4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index bec850af57..a4e9cdaee8 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 3f5ce5c91c..a1aeb4e4c6 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index 39726b7ae6..4380d869ea 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -759,7 +759,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index e9c35cb2d1..2caf3ef4d1 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -735,7 +735,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b.
=head1 COPYRIGHT
-Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/crl2pkcs7.pod b/doc/man1/crl2pkcs7.pod
index 681145e77d..3fcb737b70 100644
--- a/doc/man1/crl2pkcs7.pod
+++ b/doc/man1/crl2pkcs7.pod
@@ -96,7 +96,7 @@ L<pkcs7(1)>
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 155c971081..8d48c9aed6 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -241,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod
index 39c2dbd122..752c22063e 100644
--- a/doc/man1/dsa.pod
+++ b/doc/man1/dsa.pod
@@ -172,7 +172,7 @@ L<genrsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod
index 776fbc7359..41ffc6cb63 100644
--- a/doc/man1/ec.pod
+++ b/doc/man1/ec.pod
@@ -193,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
=head1 COPYRIGHT
-Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 621ad4b1b2..3c7b6c42ea 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index 3a2b46f2b9..6a681ef3d2 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -325,7 +325,7 @@ The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod
index 023081ce8b..8bd3799ea9 100644
--- a/doc/man1/genrsa.pod
+++ b/doc/man1/genrsa.pod
@@ -118,7 +118,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index c1a3cee050..ac0397a945 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -379,7 +379,7 @@ L<pkcs8(1)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod
index ff7dfe4c09..dba75fc8d4 100644
--- a/doc/man1/pkcs8.pod
+++ b/doc/man1/pkcs8.pod
@@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkey.pod b/doc/man1/pkey.pod
index 762811be0a..1c29092793 100644
--- a/doc/man1/pkey.pod
+++ b/doc/man1/pkey.pod
@@ -158,7 +158,7 @@ L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 6a26838fc6..3b350efadd 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -327,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index dc2db3db3c..539b843803 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -695,7 +695,7 @@ L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod
index 089e0080b4..fddd828b9f 100644
--- a/doc/man1/rsa.pod
+++ b/doc/man1/rsa.pod
@@ -195,7 +195,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 0224541d74..743b2db2ba 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index 968d0eac03..9fdac49190 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -845,7 +845,7 @@ The
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/smime.pod b/doc/man1/smime.pod
index dead874286..bf40d04cae 100644
--- a/doc/man1/smime.pod
+++ b/doc/man1/smime.pod
@@ -514,7 +514,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod
index 2cc2089ff3..87e1b4bbca 100644
--- a/doc/man1/spkac.pod
+++ b/doc/man1/spkac.pod
@@ -145,7 +145,7 @@ L<ca(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/storeutl.pod b/doc/man1/storeutl.pod
index bbd14928b5..3d2cb60bdc 100644
--- a/doc/man1/storeutl.pod
+++ b/doc/man1/storeutl.pod
@@ -123,7 +123,7 @@ The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
index b7038adfc1..9e1ffd5d08 100644
--- a/doc/man1/ts.pod
+++ b/doc/man1/ts.pod
@@ -665,7 +665,7 @@ L<config(5)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 12b1243739..3c9b2f2263 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -932,7 +932,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index fab14d77e8..72726661a1 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -61,7 +61,7 @@ DH_compute_key_padded() was added in OpenSSL 1.0.2.
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod
index cca72c71fc..d958b22a48 100644
--- a/doc/man3/X509_get_extension_flags.pod
+++ b/doc/man3/X509_get_extension_flags.pod
@@ -199,7 +199,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76 b/fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76
new file mode 100644
index 0000000000..439c50b013
Binary files /dev/null and b/fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76 differ
diff --git a/fuzz/x509.c b/fuzz/x509.c
index 926287da48..1a20ca21db 100644
--- a/fuzz/x509.c
+++ b/fuzz/x509.c
@@ -37,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
X509_print(bio, x509);
BIO_free(bio);
+ X509_issuer_and_serial_hash(x509);
+
i2d_X509(x509, &der);
OPENSSL_free(der);
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index d2b26ea582..b4ea90ae9d 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_EVPERR_H
# define HEADER_EVPERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -179,6 +177,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index e91b43bffe..48c54fe673 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x101010a0L
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j-dev xx XXX xxxx"
+# define OPENSSL_VERSION_NUMBER 0x101010b0L
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-dev xx XXX xxxx"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index b9a8943273..90fa3592ce 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 8874bed353..afbf015216 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index d0cb72d757..78d29594c6 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 3f02751dde..8c3542a542 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index e24b1b0e4d..9f51a6eb28 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d68cd1f9d7..d84cc0460f 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 2126c4fcfe..d8e7042391 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -1,6 +1,6 @@
#! /bin/bash
#
-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2016 Viktor Dukhovni <openssl-users at dukhovni.org>.
# All rights reserved.
#
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 070c8e2245..96b559e5c9 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t
index e3bdcbaaf9..8c7c9576ce 100644
--- a/test/recipes/70-test_verify_extra.t
+++ b/test/recipes/70-test_verify_extra.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/test/recipes/80-test_x509aux.t b/test/recipes/80-test_x509aux.t
index 30adf25257..4c3cefc45c 100644
--- a/test/recipes/80-test_x509aux.t
+++ b/test/recipes/80-test_x509aux.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
diff --git a/test/rsa_test.c b/test/rsa_test.c
index 84d62f00d5..11e373cceb 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -42,7 +42,8 @@ int setup_tests(void)
BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \
BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \
BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
- memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+ if (c != NULL) \
+ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
return sizeof(ctext_ex) - 1;
static int key1(RSA *key, unsigned char *c)
@@ -211,16 +212,7 @@ static int key3(RSA *key, unsigned char *c)
SetKey;
}
-static int pad_unknown(void)
-{
- unsigned long l;
- while ((l = ERR_get_error()) != 0)
- if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
- return 1;
- return 0;
-}
-
-static int rsa_setkey(RSA** key, unsigned char* ctext, int idx)
+static int rsa_setkey(RSA** key, unsigned char *ctext, int idx)
{
int clen = 0;
@@ -240,63 +232,72 @@ static int rsa_setkey(RSA** key, unsigned char* ctext, int idx)
return clen;
}
-static int test_rsa_pkcs1(int idx)
+static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type,
+ int success, unsigned char *ctext_ex, int *clen,
+ RSA **retkey)
{
int ret = 0;
RSA *key;
unsigned char ptext[256];
unsigned char ctext[256];
static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
- unsigned char ctext_ex[256];
int plen;
- int clen = 0;
+ int clentmp = 0;
int num;
plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
+ clentmp = rsa_setkey(&key, ctext_ex, idx);
+ if (clen != NULL)
+ *clen = clentmp;
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_PADDING);
- if (!TEST_int_eq(num, clen))
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type);
+ if (!TEST_int_eq(num, clentmp))
goto err;
- num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type);
+ if (success) {
+ if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen))
+ goto err;
+ } else {
+ if (!TEST_int_lt(num, 0))
+ goto err;
+ }
ret = 1;
+ if (retkey != NULL) {
+ *retkey = key;
+ key = NULL;
+ }
err:
RSA_free(key);
return ret;
}
+static int test_rsa_pkcs1(int idx)
+{
+ return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL,
+ NULL, NULL);
+}
+
static int test_rsa_sslv23(int idx)
{
- int ret = 0;
- RSA *key;
- unsigned char ptext[256];
- unsigned char ctext[256];
- static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
- unsigned char ctext_ex[256];
- int plen;
- int clen = 0;
- int num;
+ int ret;
- plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
+ /* Simulate an SSLv2 only client talking to a TLS capable server */
+ ret = test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_SSLV23_PADDING, 1, NULL,
+ NULL, NULL);
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_SSLV23_PADDING);
- if (!TEST_int_eq(num, clen))
- goto err;
+ /* Simulate a TLS capable client talking to an SSLv2 only server */
+ ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_PKCS1_PADDING, 1, NULL,
+ NULL, NULL);
- num = RSA_private_decrypt(num, ctext, ptext, key, RSA_SSLV23_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ /*
+ * Simulate a TLS capable client talking to a TLS capable server. Should
+ * fail due to detecting a rollback attack.
+ */
+ ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_SSLV23_PADDING, 0, NULL,
+ NULL, NULL);
- ret = 1;
-err:
- RSA_free(key);
return ret;
}
@@ -313,28 +314,16 @@ static int test_rsa_oaep(int idx)
int num;
int n;
- plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
-
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (num == -1 && pad_unknown()) {
- TEST_info("Skipping: No OAEP support");
- ret = 1;
- goto err;
- }
- if (!TEST_int_eq(num, clen))
+ if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1,
+ ctext_ex, &clen, &key))
goto err;
- num = RSA_private_decrypt(num, ctext, ptext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ plen = sizeof(ptext_ex) - 1;
/* Different ciphertexts. Try decrypting ctext_ex */
num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
+ if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen))
goto err;
/* Try decrypting corrupted ciphertexts. */
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 18f785ab8b..010403e74a 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/test/x509aux.c b/test/x509aux.c
index 78013f23ae..dee1b40e8c 100644
--- a/test/x509aux.c
+++ b/test/x509aux.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
More information about the openssl-commits
mailing list