[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit)
from b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit)
- Log -
commit fc27d9f3af95aa33e5028c6cef8d56d1c7f17436
Author: Pauli
Date: Wed Feb 9 11:17:57 2022 +1100
Change condition to avoid spurious compiler complaints.
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both
are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).
Fixes #17665
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17668)
(cherry picked from commit b84c6e86dd8ca88444207080808d1d598856041f)
---
Summary of changes:
crypto/x509/x509_trust.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index ff578aee73..0888e16c15 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST
*, X509 *, int),
/* Get existing entry if any */
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
-if (idx == -1) {
+if (idx < 0) {
if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return 0;
[openssl] master update
The branch master has been updated
via b84c6e86dd8ca88444207080808d1d598856041f (commit)
from 378c50f63dceb3a85bb4937a3499283b10d295b6 (commit)
- Log -
commit b84c6e86dd8ca88444207080808d1d598856041f
Author: Pauli
Date: Wed Feb 9 11:17:57 2022 +1100
Change condition to avoid spurious compiler complaints.
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both
are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).
Fixes #17665
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17668)
---
Summary of changes:
crypto/x509/x509_trust.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index e71db0c9a1..bf674737f8 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST
*, X509 *, int),
/* Get existing entry if any */
idx = X509_TRUST_get_by_id(id);
/* Need a new entry */
-if (idx == -1) {
+if (idx < 0) {
if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return 0;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit)
from 09ade84a4a9e082c785cb51a9db2e85a45097cbd (commit)
- Log -
commit b32b2167155cafc4ac133f49d9cd04a249e443c8
Author: Kevin K Biju
Date: Sat Feb 5 18:09:45 2022 +0530
Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17646)
(cherry picked from commit 4b3777c9ad4a2058a9b87afb26289039ebf4a6c1)
---
Summary of changes:
apps/speed.c | 8 ++--
doc/man1/openssl-speed.pod.in | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 9be01bb4b2..b730a5c2b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -452,7 +452,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = {
static double sm2_results[SM2_NUM][2];/* 2 ops: sign then verify */
#endif /* OPENSSL_NO_SM2 */
-#define COND(unused_cond) (run && count < 0x7fff)
+#define COND(unused_cond) (run && count < INT_MAX)
#define COUNT(d) (count)
typedef struct loopargs_st {
@@ -1775,6 +1775,10 @@ int speed_main(int argc, char **argv)
buflen = lengths[size_num - 1];
if (buflen < 36)/* size of random vector in RSA benchmark */
buflen = 36;
+if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
+BIO_printf(bio_err, "Error: buffer size too large\n");
+goto end;
+}
buflen += MAX_MISALIGNMENT + 1;
loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
@@ -3618,7 +3622,7 @@ static void multiblock_speed(const EVP_CIPHER
*evp_cipher, int lengths_single,
for (j = 0; j < num; j++) {
print_message(alg_name, 0, mblengths[j], seconds->sym);
Time_F(START);
-for (count = 0; run && count < 0x7fff; count++) {
+for (count = 0; run && count < INT_MAX; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j];
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index bfe992797a..29181ea970 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -101,6 +101,8 @@ Run benchmarks for I seconds.
=item B<-bytes> I
Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG.
+The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
+int would be 2147483583 bytes.
=item B<-mr>
[openssl] master update
The branch master has been updated
via 378c50f63dceb3a85bb4937a3499283b10d295b6 (commit)
from 64dc57419ddd9329f7062b048dee5ecd9306 (commit)
- Log -
commit 378c50f63dceb3a85bb4937a3499283b10d295b6
Author: Kevin K Biju
Date: Sat Feb 5 18:09:45 2022 +0530
Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17646)
---
Summary of changes:
apps/speed.c | 8 ++--
doc/man1/openssl-speed.pod.in | 2 ++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index a790f280db..2201489fb4 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -456,7 +456,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = {
static double sm2_results[SM2_NUM][2];/* 2 ops: sign then verify */
#endif /* OPENSSL_NO_SM2 */
-#define COND(unused_cond) (run && count < 0x7fff)
+#define COND(unused_cond) (run && count < INT_MAX)
#define COUNT(d) (count)
typedef struct loopargs_st {
@@ -1779,6 +1779,10 @@ int speed_main(int argc, char **argv)
buflen = lengths[size_num - 1];
if (buflen < 36)/* size of random vector in RSA benchmark */
buflen = 36;
+if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
+BIO_printf(bio_err, "Error: buffer size too large\n");
+goto end;
+}
buflen += MAX_MISALIGNMENT + 1;
loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
@@ -3613,7 +3617,7 @@ static void multiblock_speed(const EVP_CIPHER
*evp_cipher, int lengths_single,
for (j = 0; j < num; j++) {
print_message(alg_name, 0, mblengths[j], seconds->sym);
Time_F(START);
-for (count = 0; run && count < 0x7fff; count++) {
+for (count = 0; run && count < INT_MAX; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j];
diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in
index bfe992797a..98e3bac037 100644
--- a/doc/man1/openssl-speed.pod.in
+++ b/doc/man1/openssl-speed.pod.in
@@ -101,6 +101,8 @@ Run benchmarks for I seconds.
=item B<-bytes> I
Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG.
+The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
+int would be 2147483583 bytes.
=item B<-mr>
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Di0C6_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGFs1qICvMKX-2BqJ7-2FpswyZzauyNRfkJyha3Mg15Pt5sB-2F8U3hgEP6e49W7SVU08Iuf84CSSyPlth7UMkHTMNYsa9D-2F82LpKbQ7-2FAe4ePDLPTrtrVcjyj9j8JVOlPTkQv8VO06D1q15gleEvaeIjaRKKsmQpGG6NQNT-2FxCAJ4QxnDQpKGRkaGmcjEVnDVVSqHtY-3D Build ID: 436323 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated
via 64dc57419ddd9329f7062b048dee5ecd9306 (commit)
from 63b996e752ac698186c38177232280e6515d571b (commit)
- Log -
commit 64dc57419ddd9329f7062b048dee5ecd9306
Author: Kelvin Lee
Date: Sat Jan 22 11:22:31 2022 +1100
bn_lib.c: Change Endianess check to as a binary condition.
This prevents VS2022 from mis-identify an uninitialized local pointer
variable.
CLA: trivial
Reviewed-by: Ben Kaduk
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17567)
---
Summary of changes:
crypto/bn/bn_lib.c | 14 --
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b49c8a3bd2..05b36033a5 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -455,18 +455,15 @@ static BIGNUM *bin2bn(const unsigned char *s, int len,
BIGNUM *ret,
* significant BIGNUM chunk, so we adapt parameters to transfer
* input bytes accordingly.
*/
-switch (endianess) {
-case LITTLE:
+if (endianess == LITTLE) {
s2 = s + len - 1;
inc2 = -1;
inc = 1;
-break;
-case BIG:
+} else {
s2 = s;
inc2 = 1;
inc = -1;
s += len - 1;
-break;
}
/* Take note of the signedness of the input bytes*/
@@ -593,14 +590,11 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to,
int tolen,
* to most significant BIGNUM limb, so we adapt parameters to
* transfer output bytes accordingly.
*/
-switch (endianess) {
-case LITTLE:
+if (endianess == LITTLE) {
inc = 1;
-break;
-case BIG:
+} else {
inc = -1;
to += tolen - 1; /* Move to the last byte, not beyond */
-break;
}
lasti = atop - 1;
[openssl] master update
The branch master has been updated via 1cc94e2fa7fd1d5c24ad4cc01f363ff9ba5a4f13 (commit) from 0fdb31669f88cbf5d63ba16d82d95c6c84575dc0 (commit) - Log - commit 1cc94e2fa7fd1d5c24ad4cc01f363ff9ba5a4f13 Author: Weiguo Li Date: Wed Feb 9 16:12:30 2022 +0800 Fix outdated comments Update the comment "../md32_common.h" to "crypto/md32_common.h". CLA: trivial Signed-off-by: Weiguo Li Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/17670) --- Summary of changes: crypto/sha/sha1dgst.c | 2 +- crypto/sha/sha512.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 65d7e62e58..4c0c7a0fe4 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -20,7 +20,7 @@ #include #include -/* The implementation is in ../md32_common.h */ +/* The implementation is in crypto/md32_common.h */ #include "sha_local.h" #include "crypto/sha.h" diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 9600b370b4..154b79745b 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -25,7 +25,7 @@ * on [aligned] data in host byte order and one - on data in input * stream byte order; * - share common byte-order neutral collector and padding function - * implementations, ../md32_common.h; + * implementations, crypto/md32_common.h; * * Neither of the above applies to this SHA-512 implementations. Reasons * [in reverse order] are:
