- 25 5月, 2020 1 次提交
-
-
由 Nicola Tuveri 提交于
This should fix 2 issues detected by Coverity and introduced with https://github.com/openssl/openssl/pull/11807 - CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) - CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) In practice the tests seem to show that they both aren't real issues, yet I believe this small change should appease the scanner and at the same time improve clarity for the reader. Here is the original report: ``` ** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) /crypto/ec/ec_lib.c: 1123 in EC_POINT_mul() 1117 1118 if (group->meth->mul != NULL) 1119 ret = group->meth->mul(group, r, g_scalar, point != NULL 1120 && p_scalar != NULL, &point, &p_scalar, ctx); 1121 else 1122 /* use default */ CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL 1124 && p_scalar != NULL, &point, &p_scalar, ctx); 1125 1126 #ifndef FIPS_MODULE 1127 BN_CTX_free(new_ctx); 1128 #endif ``` Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11919)
-
- 24 5月, 2020 3 次提交
-
-
由 Dr. David von Oheimb 提交于
fixes #11818 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11911)
-
由 Richard Levitte 提交于
EVP_PKEYs with provider side internal keys got the key type EVP_PKEY_NONE. This turned out to be too disruptive, so we try instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever EVP_PKEY type it uses. To make internal coding easier, we introduce a few internal macros to distinguish what can be expected from a EVP_PKEY: - evp_pkey_is_blank(), to detect an unassigned EVP_PKEY. - evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a type, which may be an old style type number or a EVP_KEYMGMT method. - evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned an key value. - evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an EVP_PKEY_METHOD. - evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is a provider side one, i.e. will be handdled via an EVP_KEYMGMT and other provider methods. This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY contains a provider side key for which there are no known EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be handled via EVP_KEYMGMT and other provider methods. Fixes #11823 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11913)
-
由 Dmitry Belyavskiy 提交于
[extended tests] Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11792)
-
- 23 5月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
This fixes a strict aliasing issue in ui_dup_method_data. The parameter type of CRYPTO_EX_dup's from_d parameter is in fact void **, since it points to a pointer. This function is rarely used, therefore fix the param type although that may be considered an API breaking change. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2986)
-
- 22 5月, 2020 6 次提交
-
-
由 Nicola Tuveri 提交于
This fixes warnings detected by -Wstringop-truncation. Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11878)
-
由 Tomas Mraz 提交于
If buggy application calls engine functions after cleanup of engines already happened the global_engine_lock will be used although already freed. See for example: https://bugzilla.redhat.com/show_bug.cgi?id=1831086Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11896)
-
由 Pauli 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892)
-
由 Pauli 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892)
-
由 Pauli 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892)
-
由 Pauli 提交于
Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11892)
-
- 21 5月, 2020 5 次提交
-
-
由 mettacrawler 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11876)
-
由 Richard Levitte 提交于
This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11872)
-
由 Richard Levitte 提交于
In the FIPS module, the code as written generate an unconditional error. Fixes #11865 Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11869)
-
由 Richard Levitte 提交于
This splits up all the providers/common/der/*.c.in so the generated portion is on its own and all related DER writing routines are in their own files. This also ensures that the DIGEST consstants aren't reproduced in several files (resulting in symbol clashes). Finally, the production of OID macros is moved to the generated header files, allowing other similar macros, or DER constant arrays, to be built on top of them. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11868)
-
由 Billy Brumley 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11874)
-
- 20 5月, 2020 9 次提交
-
-
由 Tomas Mraz 提交于
[extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857)
-
由 Tomas Mraz 提交于
Although there are platforms where int is 64 bit, 2GiB large BIGNUMs instead of 4GiB should be "big enough for everybody". Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857)
-
由 Tomas Mraz 提交于
This is needed to avoid automatic promotion to signed int. Fixes #11853 [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11857)
-
由 Bernd Edlinger 提交于
./config --with-rand-seed=egd need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD) ./config --with-rand-seed=devrandom does not work since wait_random_seeded works under the assumption that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well, that is usually the case, but not when only devrandom is enabled. Skip the wait code in this special case. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11848)
-
由 Richard Levitte 提交于
This allows applications to iterate over all loaded providers. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11858)
-
由 raja-ashok 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816)
-
由 raja-ashok 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11816)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735)
-
由 Dmitry Belyavskiy 提交于
Partially fixes #11209. Before OpenSSL 3.0 in case when peer does not send close_notify, the behaviour was to set SSL_ERROR_SYSCALL error with errno 0. This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores the old behaviour for compatibility's sake. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11735)
-
- 19 5月, 2020 12 次提交
-
-
由 Rich Salz 提交于
As the documentation points out, these fipsmodule.cnf fields are a MAC, not a digest or checksum. Rename them to be correct. Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369)
-
由 Rich Salz 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11369)
-
由 Norm Green 提交于
The missing symbol caused a linker failure on solaris x86_64. Fixes #11796 Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11798)
-
由 Billy Brumley 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11851)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
-
由 Dmitry Belyavskiy 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
-
由 Richard Levitte 提交于
When a desired algorithm wasn't available, we didn't register anywhere that an attempt had been made, with the result that next time the same attempt was made, the whole process would be done again. To avoid this churn, we register a bit for each operation that has been queried in the libcrypto provider object, and test it before trying the same query and method construction loop again. If course, if the provider has told us not to cache, we don't register this bit. Fixes #11814 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11842)
-
由 Marc 提交于
Fix build error on some platforms Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757)
-
由 Marc 提交于
Add certificate validity period (v) and public key & signature algorithms (a) to the "Certificate Chain" output. Eg: Certificate chain 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = www.google.com i:C = US, O = Google Trust Services, CN = GTS CA 1O1 a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 3 14:49:26 2019 GMT; NotAfter: Feb 25 14:49:26 2020 GMT 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1 i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 15 00:00:42 2017 GMT; NotAfter: Dec 15 00:00:42 2021 GMT Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10757)
-
- 18 5月, 2020 3 次提交
-
-
由 Bernd Edlinger 提交于
without error handling. This takes up the ball from #11278 without trying to solve everything at once. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/11850)
-
由 Maxim Zakharov 提交于
Signed-off-by: NMaxim Zakharov <5158255+Maxime2@users.noreply.github.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11767)
-
由 Matt Caswell 提交于
This was added before the changes to the sslap/ssl_new/ssl_old tests which run those tests with a non-default library context. It no longer adds anything that those tests don't already do, so it can be deleted. This also fixes a number of run-checker build failures which were failing in this test if TLSv1.2 was disabled. Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11832)
-