Merge branch 'main' into bssl-cherry-pick-b0ef87e5

Author: sgmenda

.github/docker_images/cmake_build_versions/cmake_build.sh

@@ -15,15 +15,8 @@ NUM_CPU_THREADS=$(grep -c ^processor /proc/cpuinfo)
 # For older versions, we use CMake's bundled curl instead of the system curl.
 CONFIGURE_OPTS="--prefix=/opt/cmake --system-libarchive"
 
-if [[ "${CMAKE_VERSION}" =~ ^[0-3]\. ]]; then
-    # CMake versions 3.x and earlier: use bundled curl to avoid compatibility issues
-    echo "Using bundled curl for CMake ${CMAKE_VERSION}"
-else
-    # CMake 4.0 and later: safe to use system curl
-    echo "Using system curl for CMake ${CMAKE_VERSION}"
-    CONFIGURE_OPTS="${CONFIGURE_OPTS} --system-curl"
-fi
+echo "Using bundled curl for CMake ${CMAKE_VERSION}"
 
 ./configure ${CONFIGURE_OPTS}
 make -j"${NUM_CPU_THREADS}"
-make install
+make install

crypto/evp_extra/p_dh_asn1.c

@@ -20,6 +20,12 @@
 #include "internal.h"
 
 static int dh_pub_encode(CBB *out, const EVP_PKEY *key) {
+  const DH *dh = key->pkey.dh;
+  if (dh == NULL || dh->pub_key == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
+    return 0;
+  }
+
   CBB spki, algorithm, oid, key_bitstring;
   if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
@@ -54,7 +60,7 @@ static int dh_pub_decode(EVP_PKEY *out, CBS *oid, CBS *params, CBS *key) {
   }
 
   pubkey = BN_new();
-  if (pubkey == NULL || !BN_parse_asn1_unsigned(key, pubkey)) {
+  if (pubkey == NULL || !BN_parse_asn1_unsigned(key, pubkey) || CBS_len(key) != 0) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     goto err;
   }
@@ -65,6 +71,7 @@ static int dh_pub_decode(EVP_PKEY *out, CBS *oid, CBS *params, CBS *key) {
     goto err;
   }
   dh->pub_key = pubkey;
+  pubkey = NULL;
 
   if (!EVP_PKEY_assign_DH(out, dh)) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
@@ -99,6 +106,14 @@ static int dh_param_copy(EVP_PKEY *to, const EVP_PKEY *from) {
     return 0;
   }
 
+  // Ensure the target has an allocated DH structure.
+  if (to->pkey.dh == NULL) {
+    to->pkey.dh = DH_new();
+    if (to->pkey.dh == NULL) {
+      return 0;
+    }
+  }
+
   const DH *dh = from->pkey.dh;
   const BIGNUM *q_old = DH_get0_q(dh);
   BIGNUM *p = BN_dup(DH_get0_p(dh));

crypto/fipsmodule/cipher/e_aesccm.c

@@ -629,7 +629,7 @@ static int cipher_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
       return -1;
     }
     // Validate the tag and invalidate the output if it doesn't match.
-    if (OPENSSL_memcmp(cipher_ctx->tag, computed_tag, cipher_ctx->M)) {
+    if (CRYPTO_memcmp(cipher_ctx->tag, computed_tag, cipher_ctx->M)) {
       OPENSSL_cleanse(out, len);
       return -1;
     }

crypto/fipsmodule/fips_shared_support.c

@@ -12,10 +12,9 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
+#if defined(BORINGSSL_FIPS) && defined(BORINGSSL_SHARED_LIBRARY)
 #include <stdint.h>
 
-
-#if defined(BORINGSSL_FIPS) && defined(BORINGSSL_SHARED_LIBRARY)
 // BORINGSSL_bcm_text_hash is is default hash value for the FIPS integrity check
 // that must be replaced with the real value during the build process. This
 // value need only be distinct, i.e. so that we can safely search-and-replace it
@@ -25,4 +24,9 @@ const uint8_t BORINGSSL_bcm_text_hash[32] = {
     0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f,
     0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80,
 };
+#else
+// C requires a translation unit to contain at least one declaration. Since
+// BORINGSSL_FIPS or BORINGSSL_SHARED_LIBRARY is not defined, this file is
+// otherwise empty. This typedef prevents MSVC warning C4206.
+typedef int fips_shared_support_dummy;
 #endif  // FIPS && SHARED_LIBRARY

crypto/fipsmodule/kem/kem.c

@@ -272,6 +272,7 @@ const KEM *KEM_KEY_get0_kem(KEM_KEY* key) {
 }
 
 int KEM_KEY_set_raw_public_key(KEM_KEY *key, const uint8_t *in) {
+  OPENSSL_free(key->public_key);
   key->public_key = OPENSSL_memdup(in, key->kem->public_key_len);
   if (key->public_key == NULL) {
     return 0;
@@ -281,6 +282,7 @@ int KEM_KEY_set_raw_public_key(KEM_KEY *key, const uint8_t *in) {
 }
 
 int KEM_KEY_set_raw_secret_key(KEM_KEY *key, const uint8_t *in) {
+  OPENSSL_free(key->secret_key);
   key->secret_key = OPENSSL_memdup(in, key->kem->secret_key_len);
   if (key->secret_key == NULL) {
     return 0;
@@ -291,6 +293,8 @@ int KEM_KEY_set_raw_secret_key(KEM_KEY *key, const uint8_t *in) {
 
 int KEM_KEY_set_raw_key(KEM_KEY *key, const uint8_t *in_public,
                                       const uint8_t *in_secret) {
+  OPENSSL_free(key->public_key);
+  OPENSSL_free(key->secret_key);
   key->public_key = OPENSSL_memdup(in_public, key->kem->public_key_len);
   key->secret_key = OPENSSL_memdup(in_secret, key->kem->secret_key_len);
   if (key->public_key == NULL || key->secret_key == NULL) {

crypto/fipsmodule/rand/entropy/entropy_sources.c

@@ -14,22 +14,32 @@ DEFINE_BSS_GET(const struct entropy_source_methods *, entropy_source_methods_ove
 DEFINE_BSS_GET(int, allow_entropy_source_methods_override)
 DEFINE_STATIC_MUTEX(global_entropy_source_lock)
 
-static int entropy_get_prediction_resistance(
-  const struct entropy_source_t *entropy_source,
-  uint8_t pred_resistance[RAND_PRED_RESISTANCE_LEN]) {
+static int entropy_cpu_get_entropy(uint8_t *entropy, size_t entropy_len) {
 #if defined(OPENSSL_X86_64)
-  if (rdrand_multiple8(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) {
+  if (rdrand_multiple8(entropy, entropy_len) == 1) {
     return 1;
   }
 #elif defined(OPENSSL_AARCH64)
-  if (rndr_multiple8(pred_resistance, RAND_PRED_RESISTANCE_LEN) == 1) {
+  if (rndr_multiple8(entropy, entropy_len) == 1) {
     return 1;
   }
 #endif
   return 0;
 }
 
-static int entropy_get_extra_entropy(
+static int entropy_cpu_get_prediction_resistance(
+  const struct entropy_source_t *entropy_source,
+  uint8_t pred_resistance[RAND_PRED_RESISTANCE_LEN]) {
+  return entropy_cpu_get_entropy(pred_resistance, RAND_PRED_RESISTANCE_LEN);
+}
+
+static int entropy_cpu_get_extra_entropy(
+  const struct entropy_source_t *entropy_source,
+  uint8_t extra_entropy[CTR_DRBG_ENTROPY_LEN]) {
+  return entropy_cpu_get_entropy(extra_entropy, CTR_DRBG_ENTROPY_LEN);
+}
+
+static int entropy_os_get_extra_entropy(
   const struct entropy_source_t *entropy_source,
   uint8_t extra_entropy[CTR_DRBG_ENTROPY_LEN]) {
   CRYPTO_sysrand(extra_entropy, CTR_DRBG_ENTROPY_LEN);
@@ -47,10 +57,10 @@ DEFINE_LOCAL_DATA(struct entropy_source_methods, tree_jitter_entropy_source_meth
   out->zeroize_thread = tree_jitter_zeroize_thread_drbg;
   out->free_thread = tree_jitter_free_thread_drbg;
   out->get_seed = tree_jitter_get_seed;
-  out->get_extra_entropy = entropy_get_extra_entropy;
+  out->get_extra_entropy = entropy_os_get_extra_entropy;
   if (have_hw_rng_x86_64() == 1 ||
       have_hw_rng_aarch64() == 1) {
-    out->get_prediction_resistance = entropy_get_prediction_resistance;
+    out->get_prediction_resistance = entropy_cpu_get_prediction_resistance;
   } else {
     out->get_prediction_resistance = NULL;
   }
@@ -103,7 +113,7 @@ DEFINE_LOCAL_DATA(struct entropy_source_methods, opt_out_cpu_jitter_entropy_sour
   out->get_seed = opt_out_cpu_jitter_get_seed_wrap;
   if (have_hw_rng_x86_64() == 1 ||
       have_hw_rng_aarch64() == 1) {
-    out->get_extra_entropy = entropy_get_prediction_resistance;
+    out->get_extra_entropy = entropy_cpu_get_extra_entropy;
   } else {
     // Fall back to seed source because a second source must always be present.
     out->get_extra_entropy = opt_out_cpu_jitter_get_seed_wrap;

crypto/pkcs7/pkcs7.c

@@ -1620,7 +1620,6 @@ static int pkcs7_signature_verify(BIO *in_bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                              ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
     if (alen <= 0 || abuf == NULL) {
       OPENSSL_PUT_ERROR(PKCS7, ERR_R_ASN1_LIB);
-      ret = -1;
       goto out;
     }
     if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) {
@@ -1703,14 +1702,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
         goto out;
       }
       X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
-    }
-    // NOTE: unlike most of our functions, |X509_verify_cert| can return <= 0
-    if (X509_verify_cert(cert_ctx) <= 0) {
+      // NOTE: unlike most of our functions, |X509_verify_cert| can return <= 0
+      if (X509_verify_cert(cert_ctx) <= 0) {
 #if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-      // For fuzz testing, we do not want to bail out early.
-      OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-      goto out;
+        // For fuzz testing, we do not want to bail out early.
+        OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+        goto out;
 #endif
+      }
     }
   }
 
@@ -1725,7 +1724,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
   for (size_t ii = 0; ii < sk_PKCS7_SIGNER_INFO_num(sinfos); ii++) {
     PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sinfos, ii);
     X509 *signer = sk_X509_value(signers, ii);
-    if (!pkcs7_signature_verify(p7bio, p7, si, signer)) {
+    if (pkcs7_signature_verify(p7bio, p7, si, signer) != 1) {
 #if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
       // For fuzz testing, we do not want to bail out early.
       OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_SIGNATURE_FAILURE);