The branch master has been updated via 842d61b5177bb57b7de374a3f25adc9e07e269d8 (commit) via 0df56c30f7ad1d29bac5ed2546069402d6219c15 (commit) via 4885ecffc7857a3eb4ef580763b1200cbaf9f45e (commit) via 54e1c14a29ef338a60ef180e213ffaeb3010f798 (commit) via b0f6402bf41a66ebfa13e98bb96763d01bb27d2f (commit) from c6b72390721622bad4815e912f005e7add940e92 (commit)
- Log ----------------------------------------------------------------- commit 842d61b5177bb57b7de374a3f25adc9e07e269d8 Author: Pauli <pa...@openssl.org> Date: Wed May 12 11:14:02 2021 +1000 Checksum update Reviewed-by: Shane Lontis <shane.lon...@oracle.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> commit 0df56c30f7ad1d29bac5ed2546069402d6219c15 Author: Pauli <pa...@openssl.org> Date: Mon May 10 14:13:30 2021 +1000 evp: fix return code check. The return from evp_do_md_getparams() is 0 for failure and -1 for not being a provided algorithm. The code in evp_md_cache_constants() failed to check the return code properly. In this case it was harmless but better to fix it. Reviewed-by: Shane Lontis <shane.lon...@oracle.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208) commit 4885ecffc7857a3eb4ef580763b1200cbaf9f45e Author: Pauli <pa...@openssl.org> Date: Mon May 10 10:24:13 2021 +1000 coverity: fix 1484542 dereference after null check Reviewed-by: Shane Lontis <shane.lon...@oracle.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208) commit 54e1c14a29ef338a60ef180e213ffaeb3010f798 Author: Pauli <pa...@openssl.org> Date: Mon May 10 10:18:07 2021 +1000 coverity: fix 1484540 resource leak Reviewed-by: Shane Lontis <shane.lon...@oracle.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208) commit b0f6402bf41a66ebfa13e98bb96763d01bb27d2f Author: Pauli <pa...@openssl.org> Date: Mon May 10 10:17:38 2021 +1000 coverity: fix 1484539 resource leak Reviewed-by: Shane Lontis <shane.lon...@oracle.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/15208) ----------------------------------------------------------------------- Summary of changes: apps/kdf.c | 3 ++- apps/mac.c | 3 ++- crypto/evp/digest.c | 2 +- crypto/evp/evp_lib.c | 6 ++---- providers/fips-sources.checksums | 4 ++-- providers/fips.checksum | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/kdf.c b/apps/kdf.c index 7b016051f1..c4892ed20e 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -52,13 +52,14 @@ static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, const char *name, const char *arg) { size_t len = strlen(name) + strlen(arg) + 2; - char *res = app_malloc(len, "algorithm name"); + char *res; if (*optp == NULL) *optp = sk_OPENSSL_STRING_new_null(); if (*optp == NULL) return NULL; + res = app_malloc(len, "algorithm name"); BIO_snprintf(res, len, "%s:%s", name, arg); if (sk_OPENSSL_STRING_push(*optp, res)) return res; diff --git a/apps/mac.c b/apps/mac.c index ca02a781e5..5f80ca22c7 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -56,13 +56,14 @@ static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, const char *name, const char *arg) { size_t len = strlen(name) + strlen(arg) + 2; - char *res = app_malloc(len, "algorithm name"); + char *res; if (*optp == NULL) *optp = sk_OPENSSL_STRING_new_null(); if (*optp == NULL) return NULL; + res = app_malloc(len, "algorithm name"); BIO_snprintf(res, len, "%s:%s", name, arg); if (sk_OPENSSL_STRING_push(*optp, res)) return res; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index e584bd8b2b..25ce609854 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -882,7 +882,7 @@ static int evp_md_cache_constants(EVP_MD *md) params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, &algid_absent); params[4] = OSSL_PARAM_construct_end(); - ok = evp_do_md_getparams(md, params); + ok = evp_do_md_getparams(md, params) > 0; if (mdsize > INT_MAX || blksz > INT_MAX) ok = 0; if (ok) { diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index dfc4059d76..e2ac6af895 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -358,7 +358,7 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, &multiblock); params[8] = OSSL_PARAM_construct_end(); - ok = evp_do_ciph_getparams(cipher, params); + ok = evp_do_ciph_getparams(cipher, params) > 0; if (ok) { cipher->block_size = blksz; cipher->iv_len = ivlen; @@ -372,10 +372,8 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) cipher->flags |= EVP_CIPH_FLAG_CTS; if (multiblock) cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; - /* Provided implementations may have a custom cipher_cipher */ - if (cipher->prov != NULL && cipher->ccipher != NULL) + if (cipher->ccipher != NULL) cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; - /* Provided implementations may also have custom ASN1 algorithm parameters */ if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher), OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS)) cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1; diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 72d4f9cf28..dfcfb83178 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -166,11 +166,11 @@ fa39906519062932adafb63cbf05b5dfa7563673576d421c80ec6b889d024e84 crypto/ec/ecp_ 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c 7c7f3e2a19a95d62942790e525f00cccc87e46da099a0c96d101787d68c75128 crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -e819c499207dd2ee5457cd9411c6089e13476bedf41de2aa67e10b13810ff0e5 crypto/evp/digest.c +3c8e633beeb9b79cac2f068de248b7f1ad55910d2e2ff10b2b3694daae552436 crypto/evp/digest.c 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c c146c0a8a06e3c558207c1c76039dd2a61a2160cc243e9e3de2e290bc6e1b2d0 crypto/evp/evp_enc.c 4518be2a70f28492668fe1ad6464593ff0db227ab75536bc5dc5a9c0da135800 crypto/evp/evp_fetch.c -ce97d3bbaa68d2c3aae7f2c4d8709396ec2f0f131abf2c2584e523585ec89c02 crypto/evp/evp_lib.c +1a168c88f1ee61d0f0c94ea72e220f913526a09fc09b8ba1706eb126e948699c crypto/evp/evp_lib.c af0245f7a849997921c0719df339469427656821416b402754fc1f5f5e2da291 crypto/evp/evp_rand.c c0f87865be8dab6ea909fd976e5a46e4e8343b18403090c4a59b2af90f9a1329 crypto/evp/evp_utils.c 896bc29e0009657071bd74401513bdbedfb08ca66e34bf634e824fd3f34beb0a crypto/evp/exchange.c diff --git a/providers/fips.checksum b/providers/fips.checksum index a02e185df1..2a2fc21d65 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -25ebfe80438755a6a997fd7b76a2d30725c7be0ae73b9378d0daf5e444453afa providers/fips-sources.checksums +4d519901583d7281047570278c491370463f04412f648f2862d41d04a99ad4e8 providers/fips-sources.checksums