[openssl] master update
The branch master has been updated
via 7850cc8307b9105f37dde864d5c8c881c522b28a (commit)
from b089d546242bbc073aefb6f6471586e484118863 (commit)
- Log -
commit 7850cc8307b9105f37dde864d5c8c881c522b28a
Author: EasySec
Date: Sat Feb 12 02:07:34 2022 +0100
enc : add support for wrap mode
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/17691)
---
Summary of changes:
apps/enc.c | 25 +++--
crypto/evp/c_allc.c | 3 +++
doc/man1/openssl-enc.pod.in | 20 +++-
3 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/apps/enc.c b/apps/enc.c
index b14129d9b0..d50baa6d2f 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -127,6 +127,8 @@ int enc_main(int argc, char **argv)
int pbkdf2 = 0;
int iter = 0;
long n;
+int streamable = 1;
+int wrap = 0;
struct doall_enc_ciphers dec;
#ifdef ZLIB
int do_zlib = 0;
@@ -298,6 +300,10 @@ int enc_main(int argc, char **argv)
/* Get the cipher name, either from progname (if set) or flag. */
if (!opt_cipher(ciphername, &cipher))
goto opthelp;
+if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE)) {
+wrap = 1;
+streamable = 0;
+}
if (digestname != NULL) {
if (!opt_md(digestname, &dgst))
goto opthelp;
@@ -328,6 +334,10 @@ int enc_main(int argc, char **argv)
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
if (infile == NULL) {
+if (!streamable) {
+BIO_printf(bio_err, "Unstreamable cipher mode\n");
+goto end;
+}
in = dup_bio_in(informat);
} else {
in = bio_open_default(infile, 'r', informat);
@@ -524,7 +534,8 @@ int enc_main(int argc, char **argv)
}
}
if ((hiv == NULL) && (str == NULL)
-&& EVP_CIPHER_get_iv_length(cipher) != 0) {
+&& EVP_CIPHER_get_iv_length(cipher) != 0
+&& wrap == 0) {
/*
* No IV was explicitly set and no IV was generated.
* Hence the IV is undefined, making correct decryption impossible.
@@ -551,6 +562,9 @@ int enc_main(int argc, char **argv)
BIO_get_cipher_ctx(benc, &ctx);
+if (wrap == 1)
+EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+
if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_get0_name(cipher));
@@ -561,7 +575,8 @@ int enc_main(int argc, char **argv)
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
-if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+if (!EVP_CipherInit_ex(ctx, NULL, NULL, key,
+ (hiv == NULL && wrap == 1 ? NULL : iv), enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_get0_name(cipher));
ERR_print_errors(bio_err);
@@ -607,10 +622,16 @@ int enc_main(int argc, char **argv)
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
+if (!streamable && !BIO_eof(rbio)) {/* do not output data */
+BIO_printf(bio_err, "Unstreamable cipher mode\n");
+goto end;
+}
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
+if (!streamable)
+break;
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index d556b5ab28..350a0e0527 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -149,6 +149,7 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aes_128_wrap());
EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
EVP_add_cipher(EVP_aes_128_wrap_pad());
+EVP_add_cipher_alias(SN_id_aes128_wrap_pad, "aes128-wrap-pad");
EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
EVP_add_cipher(EVP_aes_192_ecb());
@@ -166,6 +167,7 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aes_192_wrap());
EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
EVP_add_cipher(EVP_aes_192_wrap_pad());
+EVP_add_cipher_alias(SN_id_aes192_wrap_pad, "aes192-wrap-pad");
EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
EVP_add_cipher(EVP_aes_256_ecb());
@@ -184,6 +186,7 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_aes_256_wrap());
EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
EVP_add_ciph
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D796q_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFU5npPKQgockLraaMfBHBjW4ENPqEVxo9KHFnAREROevL8jh3Mi4g03XNZnR0EYmsTPFoVXYGkSDxwAnC-2FVvXBZVhTXi9IyqH66I0wPf275SutA3XQs5k7Sb2dyHEgdNRumTu5FwOZX3k9tgeqmcJ81LKy6pUY2uslRfDfmxgI7CWhnJzylSLS5kUG4eBCYko-3D Build ID: 438275 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 6ff03e39189b4b1767157d1e1035365036f4f907 (commit)
from c6a0cb82bf0772722617a9d1e8c30523452fc52c (commit)
- Log -
commit 6ff03e39189b4b1767157d1e1035365036f4f907
Author: Armin Fuerst
Date: Fri Feb 11 19:46:12 2022 +0100
Prefix output to avoid random ok to confuse test parser
Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.
Also corrected indent and removed useless comma after last item.
Fixes #17480
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17689)
(cherry picked from commit b089d546242bbc073aefb6f6471586e484118863)
---
Summary of changes:
test/recipes/15-test_gendhparam.t | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/15-test_gendhparam.t
b/test/recipes/15-test_gendhparam.t
index b95695b4dc..37178af643 100644
--- a/test/recipes/15-test_gendhparam.t
+++ b/test/recipes/15-test_gendhparam.t
@@ -118,12 +118,12 @@ my @testdata = (
#expect => [ 'BEGIN DH PARAMETERS', 'G:5' ],
#message => 'DH safe prime generator using an alias',
#},
- {
+{
algorithm => 'DHX',
pkeyopts => [ 'type:generator', 'safeprime-generator:5'],
expect => [ 'ERROR' ],
message => 'safe prime generator should fail for DHX',
-},
+}
);
plan skip_all => "DH isn't supported in this build" if disabled("dh");
@@ -165,7 +165,7 @@ sub compareline {
}
print "-\n";
foreach (@lines) {
-print $_;
+print "# ".$_;
}
print "-\n";
foreach my $ex (@expected) {
[openssl] master update
The branch master has been updated
via b089d546242bbc073aefb6f6471586e484118863 (commit)
from ba0b60c632ae9c5590b59184281baaf0a39f0c24 (commit)
- Log -
commit b089d546242bbc073aefb6f6471586e484118863
Author: Armin Fuerst
Date: Fri Feb 11 19:46:12 2022 +0100
Prefix output to avoid random ok to confuse test parser
Prefix output of generated dh parameters to avoid misinterpretation
of lines beginning with ok[^a-zA-Z0-9] as a testresult.
Also corrected indent and removed useless comma after last item.
Fixes #17480
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17689)
---
Summary of changes:
test/recipes/15-test_gendhparam.t | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/recipes/15-test_gendhparam.t
b/test/recipes/15-test_gendhparam.t
index b95695b4dc..37178af643 100644
--- a/test/recipes/15-test_gendhparam.t
+++ b/test/recipes/15-test_gendhparam.t
@@ -118,12 +118,12 @@ my @testdata = (
#expect => [ 'BEGIN DH PARAMETERS', 'G:5' ],
#message => 'DH safe prime generator using an alias',
#},
- {
+{
algorithm => 'DHX',
pkeyopts => [ 'type:generator', 'safeprime-generator:5'],
expect => [ 'ERROR' ],
message => 'safe prime generator should fail for DHX',
-},
+}
);
plan skip_all => "DH isn't supported in this build" if disabled("dh");
@@ -165,7 +165,7 @@ sub compareline {
}
print "-\n";
foreach (@lines) {
-print $_;
+print "# ".$_;
}
print "-\n";
foreach my $ex (@expected) {
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via c6a0cb82bf0772722617a9d1e8c30523452fc52c (commit)
from 22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a (commit)
- Log -
commit c6a0cb82bf0772722617a9d1e8c30523452fc52c
Author: Jiasheng Jiang
Date: Wed Feb 16 11:27:23 2022 +0800
apps/s_server: Add missing check for BIO_new
As the potential failure of the BIO_new(), it should be better to check the
return value and return error if fails in order to avoid the dereference of
NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has
no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be
removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the
same file.
Signed-off-by: Jiasheng Jiang
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17710)
(cherry picked from commit ba0b60c632ae9c5590b59184281baaf0a39f0c24)
---
Summary of changes:
apps/s_server.c | 54 ++
1 file changed, 50 insertions(+), 4 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 864a15f69b..5ab58aebfa 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1804,10 +1804,13 @@ int s_server_main(int argc, char *argv[])
if (s_msg && bio_s_msg == NULL)
bio_s_msg = dup_bio_out(FORMAT_TEXT);
} else {
-if (bio_s_out == NULL)
-bio_s_out = dup_bio_out(FORMAT_TEXT);
+bio_s_out = dup_bio_out(FORMAT_TEXT);
}
}
+
+if (bio_s_out == NULL)
+goto end;
+
if (nocert) {
s_cert_file = NULL;
s_key_file = NULL;
@@ -2345,6 +2348,11 @@ static int sv_body(int s, int stype, int prot, unsigned
char *context)
else
# endif
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ERR_print_errors(bio_err);
+goto err;
+}
if (enable_timeouts) {
timeout.tv_sec = 0;
@@ -2394,6 +2402,13 @@ static int sv_body(int s, int stype, int prot, unsigned
char *context)
BIO *test;
test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ret = -1;
+BIO_free(sbio);
+goto err;
+}
+
sbio = BIO_push(test, sbio);
}
@@ -2979,6 +2994,9 @@ static int www_body(int s, int stype, int prot, unsigned
char *context)
int width;
fd_set readfds;
const char *opmode;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
/* Set width for a select call if needed */
width = s + 1;
@@ -3018,10 +3036,21 @@ static int www_body(int s, int stype, int prot,
unsigned char *context)
}
sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+goto err;
+}
+
if (s_nbio_test) {
BIO *test;
test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+SSL_free(con);
+BIO_free(sbio);
+goto err;
+}
+
sbio = BIO_push(test, sbio);
}
SSL_set_bio(con, sbio, sbio);
@@ -3032,7 +3061,11 @@ static int www_body(int s, int stype, int prot, unsigned
char *context)
BIO_push(io, ssl_bio);
ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
#endif
if (s_debug) {
@@ -3403,6 +3436,9 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
int ret = 1;
SSL *con;
BIO *io, *ssl_bio, *sbio;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
/* as we use BIO_gets(), and it always null terminates data, we need
* to allocate 1 byte longer buffer to fit the full 2^14 byte record */
@@ -3432,6 +3468,12 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
}
sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+ERR_print_errors(bio_err);
+goto err;
+}
+
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
@@ -3440,7 +3482,11 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
BIO_push(io, ssl_bio);
ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
#endif
if (s_d
[openssl] master update
The branch master has been updated
via ba0b60c632ae9c5590b59184281baaf0a39f0c24 (commit)
from 8f084b43803d53e15d83ed130210f026f84679ff (commit)
- Log -
commit ba0b60c632ae9c5590b59184281baaf0a39f0c24
Author: Jiasheng Jiang
Date: Wed Feb 16 11:27:23 2022 +0800
apps/s_server: Add missing check for BIO_new
As the potential failure of the BIO_new(), it should be better to check the
return value and return error if fails in order to avoid the dereference of
NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has
no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be
removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the
same file.
Signed-off-by: Jiasheng Jiang
Reviewed-by: Matt Caswell
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17710)
---
Summary of changes:
apps/s_server.c | 54 ++
1 file changed, 50 insertions(+), 4 deletions(-)
diff --git a/apps/s_server.c b/apps/s_server.c
index 3646dd1dbd..45c112345f 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1817,10 +1817,13 @@ int s_server_main(int argc, char *argv[])
if (s_msg && bio_s_msg == NULL)
bio_s_msg = dup_bio_out(FORMAT_TEXT);
} else {
-if (bio_s_out == NULL)
-bio_s_out = dup_bio_out(FORMAT_TEXT);
+bio_s_out = dup_bio_out(FORMAT_TEXT);
}
}
+
+if (bio_s_out == NULL)
+goto end;
+
if (nocert) {
s_cert_file = NULL;
s_key_file = NULL;
@@ -2362,6 +2365,11 @@ static int sv_body(int s, int stype, int prot, unsigned
char *context)
else
# endif
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ERR_print_errors(bio_err);
+goto err;
+}
if (enable_timeouts) {
timeout.tv_sec = 0;
@@ -2411,6 +2419,13 @@ static int sv_body(int s, int stype, int prot, unsigned
char *context)
BIO *test;
test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+BIO_printf(bio_err, "Unable to create BIO\n");
+ret = -1;
+BIO_free(sbio);
+goto err;
+}
+
sbio = BIO_push(test, sbio);
}
@@ -2997,6 +3012,9 @@ static int www_body(int s, int stype, int prot, unsigned
char *context)
int width;
fd_set readfds;
const char *opmode;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
/* Set width for a select call if needed */
width = s + 1;
@@ -3036,10 +3054,21 @@ static int www_body(int s, int stype, int prot,
unsigned char *context)
}
sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+goto err;
+}
+
if (s_nbio_test) {
BIO *test;
test = BIO_new(BIO_f_nbio_test());
+if (test == NULL) {
+SSL_free(con);
+BIO_free(sbio);
+goto err;
+}
+
sbio = BIO_push(test, sbio);
}
SSL_set_bio(con, sbio, sbio);
@@ -3050,7 +3079,11 @@ static int www_body(int s, int stype, int prot, unsigned
char *context)
BIO_push(io, ssl_bio);
ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
#endif
if (s_debug) {
@@ -3414,6 +3447,9 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
int ret = 1;
SSL *con;
BIO *io, *ssl_bio, *sbio;
+#ifdef CHARSET_EBCDIC
+BIO *filter;
+#endif
/* as we use BIO_gets(), and it always null terminates data, we need
* to allocate 1 byte longer buffer to fit the full 2^14 byte record */
@@ -3443,6 +3479,12 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
}
sbio = BIO_new_socket(s, BIO_NOCLOSE);
+if (sbio == NULL) {
+SSL_free(con);
+ERR_print_errors(bio_err);
+goto err;
+}
+
SSL_set_bio(con, sbio, sbio);
SSL_set_accept_state(con);
@@ -3451,7 +3493,11 @@ static int rev_body(int s, int stype, int prot, unsigned
char *context)
BIO_push(io, ssl_bio);
ssl_bio = NULL;
#ifdef CHARSET_EBCDIC
-io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+filter = BIO_new(BIO_f_ebcdic_filter());
+if (filter == NULL)
+goto err;
+
+io = BIO_push(filter, io);
#endif
if (s_debug) {
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated
via 22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a (commit)
from edd8ea5da7854d3b70a7b12833ac20e734cc2b42 (commit)
- Log -
commit 22b3f72ed6ee2676f791fbd4e3a060cfcf1cb71a
Author: Jiasheng Jiang
Date: Thu Feb 10 15:41:40 2022 +0800
apps/ocsp: Add check for OPENSSL_strdup
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.
Signed-off-by: Jiasheng Jiang
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17677)
(cherry picked from commit 8f084b43803d53e15d83ed130210f026f84679ff)
---
Summary of changes:
apps/ocsp.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 7a5f84e527..3d2c668017 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1176,10 +1176,12 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER
*ser)
bn = ASN1_INTEGER_to_BN(ser, NULL);
OPENSSL_assert(bn); /* FIXME: should report an error at this
* point and abort */
-if (BN_is_zero(bn))
+if (BN_is_zero(bn)) {
itmp = OPENSSL_strdup("00");
-else
+OPENSSL_assert(itmp);
+} else {
itmp = BN_bn2hex(bn);
+}
row[DB_serial] = itmp;
BN_free(bn);
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
[openssl] master update
The branch master has been updated
via 8f084b43803d53e15d83ed130210f026f84679ff (commit)
from 0c5905581e9d1d79d62cac56a0e3c2ed487afecf (commit)
- Log -
commit 8f084b43803d53e15d83ed130210f026f84679ff
Author: Jiasheng Jiang
Date: Thu Feb 10 15:41:40 2022 +0800
apps/ocsp: Add check for OPENSSL_strdup
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.
Signed-off-by: Jiasheng Jiang
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17677)
---
Summary of changes:
apps/ocsp.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 18e7c44191..51f2b37f47 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1180,10 +1180,12 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER
*ser)
bn = ASN1_INTEGER_to_BN(ser, NULL);
OPENSSL_assert(bn); /* FIXME: should report an error at this
* point and abort */
-if (BN_is_zero(bn))
+if (BN_is_zero(bn)) {
itmp = OPENSSL_strdup("00");
-else
+OPENSSL_assert(itmp);
+} else {
itmp = BN_bn2hex(bn);
+}
row[DB_serial] = itmp;
BN_free(bn);
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via edd8ea5da7854d3b70a7b12833ac20e734cc2b42 (commit) from 59de5a5e8603fb5e2e7b0aa78224152700ad905a (commit) - Log - commit edd8ea5da7854d3b70a7b12833ac20e734cc2b42 Author: Jiasheng Jiang Date: Wed Feb 9 23:04:25 2022 +0800 s_server: Add check for OPENSSL_strdup Since the OPENSSL_strdup() may return NULL if allocation fails, the 'port' could be NULL. And then it will be used in do_server(), which can accept NULL as an valid parameter. That means that the system could run with a wrong parameter. Therefore it should be better to check it, like the other memory allocation. Signed-off-by: Jiasheng Jiang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17673) (cherry picked from commit 0c5905581e9d1d79d62cac56a0e3c2ed487afecf) --- Summary of changes: apps/s_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 813c56592c..864a15f69b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1006,7 +1006,7 @@ int s_server_main(int argc, char *argv[]) int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0; char *host = NULL; -char *port = OPENSSL_strdup(PORT); +char *port = NULL; unsigned char *context = NULL; OPTION_CHOICE o; EVP_PKEY *s_key2 = NULL; @@ -1069,9 +1069,10 @@ int s_server_main(int argc, char *argv[]) async = 0; use_sendfile = 0; +port = OPENSSL_strdup(PORT); cctx = SSL_CONF_CTX_new(); vpm = X509_VERIFY_PARAM_new(); -if (cctx == NULL || vpm == NULL) +if (port == NULL || cctx == NULL || vpm == NULL) goto end; SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
[openssl] master update
The branch master has been updated via 0c5905581e9d1d79d62cac56a0e3c2ed487afecf (commit) from d5530efada83825ef239a8458db541adc4b422ec (commit) - Log - commit 0c5905581e9d1d79d62cac56a0e3c2ed487afecf Author: Jiasheng Jiang Date: Wed Feb 9 23:04:25 2022 +0800 s_server: Add check for OPENSSL_strdup Since the OPENSSL_strdup() may return NULL if allocation fails, the 'port' could be NULL. And then it will be used in do_server(), which can accept NULL as an valid parameter. That means that the system could run with a wrong parameter. Therefore it should be better to check it, like the other memory allocation. Signed-off-by: Jiasheng Jiang Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17673) --- Summary of changes: apps/s_server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 5ec053b45b..3646dd1dbd 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1007,7 +1007,7 @@ int s_server_main(int argc, char *argv[]) int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0; char *host = NULL; -char *port = OPENSSL_strdup(PORT); +char *port = NULL; unsigned char *context = NULL; OPTION_CHOICE o; EVP_PKEY *s_key2 = NULL; @@ -1073,9 +1073,10 @@ int s_server_main(int argc, char *argv[]) async = 0; use_sendfile = 0; +port = OPENSSL_strdup(PORT); cctx = SSL_CONF_CTX_new(); vpm = X509_VERIFY_PARAM_new(); -if (cctx == NULL || vpm == NULL) +if (port == NULL || cctx == NULL || vpm == NULL) goto end; SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
