Updates CHANGES.md and NEWS.md for new 1.1.1 release

Reviewed-by: Richard Levitte <levitte@openssl.org>

Check the plaintext buffer is large enough when decrypting SM2

Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we s

Check the plaintext buffer is large enough when decrypting SM2

Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

show more ...

Extend tests for SM2 decryption

Check the case where C1y < 32 bytes in length (i.e. short overhead), and
also the case with longer plaintext and C1x and C1y > 32 bytes in length
(i.e

Extend tests for SM2 decryption

Check the case where C1y < 32 bytes in length (i.e. short overhead), and
also the case with longer plaintext and C1x and C1y > 32 bytes in length
(i.e. long overhead)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

show more ...

Correctly calculate the length of SM2 plaintext given the ciphertext

Previously the length of the SM2 plaintext could be incorrectly calculated.
The plaintext length was calculated by ta

Correctly calculate the length of SM2 plaintext given the ciphertext

Previously the length of the SM2 plaintext could be incorrectly calculated.
The plaintext length was calculated by taking the ciphertext length and
taking off an "overhead" value.

The overhead value was assumed to have a "fixed" element of 10 bytes.
This is incorrect since in some circumstances it can be more than 10 bytes.
Additionally the overhead included the length of two integers C1x and C1y,
which were assumed to be the same length as the field size (32 bytes for
the SM2 curve). However in some cases these integers can have an additional
padding byte when the msb is set, to disambiguate them from negative
integers. Additionally the integers can also be less than 32 bytes in
length in some cases.

If the calculated overhead is incorrect and larger than the actual value
this can result in the calculated plaintext length being too small.
Applications are likely to allocate buffer sizes based on this and therefore
a buffer overrun can occur.

CVE-2021-3711

Issue reported by John Ouyang.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>

show more ...

Fix the error handling in i2v_AUTHORITY_KEYID

Previously if an error path is entered a leak could result.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dal

Fix the error handling in i2v_AUTHORITY_KEYID

Previously if an error path is entered a leak could result.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Allow fuzz builds to detect string overruns

If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we a

Allow fuzz builds to detect string overruns

If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix EC_GROUP_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Vi

Fix EC_GROUP_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to
read it.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukh

Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix append_ia5 function to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <vik

Fix append_ia5 function to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix test code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openss

Fix test code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix CMP code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl

Fix CMP code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix the name constraints code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovn

Fix the name constraints code to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Vi

Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix GENERAL_NAME_print to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <vikt

Fix GENERAL_NAME_print to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix POLICYINFO printing to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <vik

Fix POLICYINFO printing to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Fix i2v_GENERAL_NAME to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor

Fix i2v_GENERAL_NAME to not assume NUL terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

CVE-2021-3712

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>

show more ...

Add a clarification to NOTES-UNIX.md

I just wasted almost 2 hours troubleshooting, because lowercase L
and 1 look too similar, this should help some people save time.

CLA: trivi

Add a clarification to NOTES-UNIX.md

I just wasted almost 2 hours troubleshooting, because lowercase L
and 1 look too similar, this should help some people save time.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16295)

show more ...

Get rid of warn_binary

Current implementation of warn_binary introduces a regression
when the content is passed in /dev/stdin as an explicit file name
and reads the file to be proces

Get rid of warn_binary

Current implementation of warn_binary introduces a regression
when the content is passed in /dev/stdin as an explicit file name
and reads the file to be processed twice otherwise.

I suggest to reimplement this functionality after 3.0 if necessary.

Fixes #16359

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16367)

show more ...

Fix documentation referring to 'function code'

ERR_GET_FUNC was removed, so remove references to 'function code' as
well from docs.

CLA: trivial

Reviewed-by: Richard Le

Fix documentation referring to 'function code'

ERR_GET_FUNC was removed, so remove references to 'function code' as
well from docs.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16353)

show more ...

doc: fix a mistyped "=item" perldoc marker

Searching didn't reveal any other similar cases.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by:

doc: fix a mistyped "=item" perldoc marker

Searching didn't reveal any other similar cases.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16354)

show more ...

Replace CONFIG_NOWAIT env var with -w option

And document the -w option

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged

Replace CONFIG_NOWAIT env var with -w option

And document the -w option

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)

show more ...

Set KERNEL_BITS, add CONFIG_NOWAIT

Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment varia

Set KERNEL_BITS, add CONFIG_NOWAIT

Avoid perl "undefined variable in regexp" message.
Not all uses were changed because I wasn't sure.
Add support for CONFIG_NOWAIT environment variable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)

show more ...

Minor doc enhancements to INSTALL.md

Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BI

Minor doc enhancements to INSTALL.md

Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BITS.
Add new variable CONFIG_NOWAIT.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)

show more ...

util/add-depends.pl: Rebuild the build file after reconfiguration

Reconfiguration is assumed if any dependency (.d) file is older than
configdata.pm.

Fixes #16364

Revie

util/add-depends.pl: Rebuild the build file after reconfiguration

Reconfiguration is assumed if any dependency (.d) file is older than
configdata.pm.

Fixes #16364

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16365)

show more ...

util/add-depends.pl: Only add dependencies on existing or generated headers

Headers that fulfill neither of those conditions are skipped.

This avoids build breaks when development h

util/add-depends.pl: Only add dependencies on existing or generated headers

Headers that fulfill neither of those conditions are skipped.

This avoids build breaks when development has removed a previously
existing header.

Fixes #16360

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16361)

show more ...