[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 130b7df2db7d35af75ddf56046afdd1a57a2aea8 (commit)
from 5fba3afad01707f4a8856a35500de007a8a256ec (commit)
- Log -
commit 130b7df2db7d35af75ddf56046afdd1a57a2aea8
Author: Richard Levitte
Date: Fri Apr 5 01:22:14 2019 +0200
EVP_*Update: ensure that input NULL with length 0 isn't passed
Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function. The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.
Fixes #8675
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8676)
(cherry picked from commit dcb982d792d6064ed3493e79749208d8c257ff04)
---
Summary of changes:
crypto/evp/evp_enc.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 05dd791..bdec227 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
bl = ctx->cipher->block_size;
+if (inl <= 0) {
+*outl = 0;
+return inl == 0;
+}
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
/* If block size > 1 then the cipher will have to do this check */
if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
@@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
}
-if (inl <= 0) {
-*outl = 0;
-return inl == 0;
-}
if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
@@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
+if (inl <= 0) {
+*outl = 0;
+return inl == 0;
+}
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
@@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
return 1;
}
-if (inl <= 0) {
-*outl = 0;
-return inl == 0;
-}
-
if (ctx->flags & EVP_CIPH_NO_PADDING)
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
[openssl] master update
The branch master has been updated
via dcb982d792d6064ed3493e79749208d8c257ff04 (commit)
from ccf453610f48fe88968f0cfc63784b503eae33a0 (commit)
- Log -
commit dcb982d792d6064ed3493e79749208d8c257ff04
Author: Richard Levitte
Date: Fri Apr 5 01:22:14 2019 +0200
EVP_*Update: ensure that input NULL with length 0 isn't passed
Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function. The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.
Fixes #8675
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8676)
---
Summary of changes:
crypto/evp/evp_enc.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 7fdf759..641ad19 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -305,6 +305,11 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
bl = ctx->cipher->block_size;
+if (inl <= 0) {
+*outl = 0;
+return inl == 0;
+}
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
/* If block size > 1 then the cipher will have to do this check */
if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
@@ -320,10 +325,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
}
-if (inl <= 0) {
-*outl = 0;
-return inl == 0;
-}
if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
@@ -457,6 +458,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
+if (inl <= 0) {
+*outl = 0;
+return inl == 0;
+}
+
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
@@ -472,11 +478,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char
*out, int *outl,
return 1;
}
-if (inl <= 0) {
-*outl = 0;
-return inl == 0;
-}
-
if (ctx->flags & EVP_CIPH_NO_PADDING)
return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 5fba3afad01707f4a8856a35500de007a8a256ec (commit)
from 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit)
- Log -
commit 5fba3afad01707f4a8856a35500de007a8a256ec
Author: Richard Levitte
Date: Mon Apr 1 06:40:33 2019 +0200
Rework DSO API conditions and configuration option
'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may
be some odd platforms with no DSO scheme. For those, we generate the
internal macro DSO_NONE aand use it.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8622)
---
Summary of changes:
Configure | 23 ++-
INSTALL | 3 ---
crypto/dso/dso_openssl.c | 2 +-
crypto/include/internal/dso_conf.h.in | 5 +++--
crypto/init.c | 10 --
include/internal/dsoerr.h | 7 ++-
6 files changed, 20 insertions(+), 30 deletions(-)
diff --git a/Configure b/Configure
index c2716ad..114ee9b 100755
--- a/Configure
+++ b/Configure
@@ -24,7 +24,7 @@ use OpenSSL::Glob;
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \_handler;
-my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx]
[-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE]
os/compiler[:flags]\n";
+my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx]
[-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]
[[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR]
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE]
os/compiler[:flags]\n";
# Options:
#
@@ -58,8 +58,6 @@ my $usage="Usage: Configure [no- ...]
[enable- ...] [-Dxxx] [-lx
# [no-]pic [don't] try to build position independent code when supported.
# If disabled, it also disables shared and dynamic-engine.
# no-asmdo not use assembler
-# no-dsodo not compile in any native shared-library methods. This
-# will ensure that all methods just return NULL.
# no-egddo not compile support for the entropy-gathering daemon APIs
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
@@ -75,7 +73,7 @@ my $usage="Usage: Configure [no- ...]
[enable- ...] [-Dxxx] [-lx
# -static while -static is also a pass-through compiler option (and
# as such is limited to environments where it's actually
# meaningful), it triggers a number configuration options,
-# namely no-dso, no-pic, no-shared and no-threads. It is
+# namely no-pic, no-shared and no-threads. It is
# argued that the only reason to produce statically linked
# binaries (and in context it means executables linked with
# -static flag, and not just executables linked with static
@@ -357,7 +355,6 @@ my @disablables = (
"dgram",
"dh",
"dsa",
-"dso",
"dtls",
"dynamic-engine",
"ec",
@@ -435,6 +432,7 @@ my %deprecated_disablables = (
"buf-freelists" => undef,
"ripemd" => "rmd160",
"ui" => "ui-console",
+"dso" => "",# Empty string means we're silent about it
);
# All of the following are disabled by default:
@@ -487,9 +485,6 @@ my @disable_cascades = (
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
-# Without DSO, we can't load dynamic engines, so don't build them dynamic
-"dso" => [ "dynamic-engine" ],
-
# Without position independent code, there can be no shared libraries or
DSOs
"pic" => [ "shared" ],
"shared"=> [ "dynamic-engine" ],
@@ -721,10 +716,13 @@ while (@argvcopy)
}
elsif (exists $deprecated_disablables{$1})
{
-$deprecated_options{$_} = 1;
-if (defined $deprecated_disablables{$1})
+if ($deprecated_disablables{$1} ne "")
{
-$disabled{$deprecated_disablables{$1}} =
"option";
+$deprecated_options{$_} = 1;
+if (defined $deprecated_disablables{$1})
+{
+$disabled{$deprecated_disablables{$1}}
= "option";
+}
}
Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared
Platform and configuration command:
$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64
x86_64 x86_64 GNU/Linux
$ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared
Commit log since last time:
ccf453610f Make X509_set_sm2_id consistent with other setters
bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes
f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size
b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject
d030892312 Add a legacy provider and put MD2 in it
dc46e3dde5 Use the right NID when putting a method in the store
68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common
195852fefc Params: add OSSL_PARAM_construct_end()
bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new
97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative
Build log ended with (last 100 lines):
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__afl_prev_loc'
crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:222:
more undefined references to `__afl_prev_loc' follow
crypto/sha/fips-dso-sha256.o: In function `SHA256':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:64:
undefined reference to `__afl_area_ptr'
crypto/sha/fips-dso-sha256.o: In function `SHA224_Update':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:77:
undefined reference to `__afl_area_ptr'
crypto/sha/fips-dso-sha256.o: In function `SHA224_Final':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:82:
undefined reference to `__afl_area_ptr'
crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:248:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb7e):
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:(.text+0xb90):
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:249:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:363:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:260:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/sha/sha256.c:383:
undefined reference to `__afl_area_ptr'
crypto/sha/fips-dso-sha256.o: In function `SHA256_Transform':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/crypto/include/internal/md32_common.h:186:
undefined reference to `__afl_area_ptr'
providers/common/digests/fips-dso-sha2.o: In function `sha256_newctx':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:26:
undefined reference to `__afl_area_ptr'
providers/common/digests/fips-dso-sha2.o: In function `sha256_final':
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:14:
undefined reference to `__afl_area_ptr'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:17:
undefined reference to `__afl_prev_loc'
/home/openssl/run-checker/enable-fuzz-afl/../openssl/providers/common/digests/sha2.c:22:
undefined reference
Build failed: openssl master.24057
Build openssl master.24057 failed Commit 4b999b67b7 by Shane Lontis on 4/10/2019 4:43 AM: tried to generate a dummy config to load from Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT
Platform and configuration command:
$ uname -a
Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared
-DOPENSSL_SMALL_FOOTPRINT
Commit log since last time:
ccf453610f Make X509_set_sm2_id consistent with other setters
bbcaef6324 test/params_test.c : Adjust tests to check utf8_ptr sizes
f55ed701a4 Params API: {utf8,octet}_ptr need to know the data size
b926f9deb3 Fix crash in X509_STORE_CTX_get_by_subject
d030892312 Add a legacy provider and put MD2 in it
dc46e3dde5 Use the right NID when putting a method in the store
68ca1737ce Configurations/10-main.conf: Don't inherit assembler in Cygwin-common
195852fefc Params: add OSSL_PARAM_construct_end()
bb315ca716 EC keygen updates + changed ecdsa_sign to use BN_secure_new
97cc9c9b01 Coverity: hkdf ENV_MD_size() is an int that can be negative
Build log ended with (last 100 lines):
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:208:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:209:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:216:
undefined reference to `__asan_report_store4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_load4'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_store1'
/home/openssl/run-checker/enable-asan/../openssl/crypto/include/internal/md32_common.h:222:
undefined reference to `__asan_report_load4'
Still Failing: openssl/openssl#24637 (master - ccf4536)
Build Update for openssl/openssl - Build: #24637 Status: Still Failing Duration: 19 mins and 31 secs Commit: ccf4536 (master) Author: Paul Yang Message: Make X509_set_sm2_id consistent with other setters This commit makes the X509_set_sm2_id to 'set0' behaviour, which means the memory management is passed to X509 and user doesn't need to free the sm2_id parameter later. API name also changes to X509_set0_sm2_id. Document and test case are also updated. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8626) View the changeset: https://github.com/openssl/openssl/compare/bbcaef632440...ccf453610f48 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517772351?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via ccf453610f48fe88968f0cfc63784b503eae33a0 (commit)
from bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit)
- Log -
commit ccf453610f48fe88968f0cfc63784b503eae33a0
Author: Paul Yang
Date: Mon Apr 1 10:21:53 2019 +0900
Make X509_set_sm2_id consistent with other setters
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.
Document and test case are also updated.
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8626)
---
Summary of changes:
apps/verify.c | 40 +
crypto/include/internal/x509_int.h | 2 +-
crypto/x509/x_all.c| 5 -
crypto/x509/x_x509.c | 13 ---
doc/man3/X509_get0_sm2_id.pod | 12 ++
include/openssl/x509.h | 2 +-
test/verify_extra_test.c | 46 ++
util/libcrypto.num | 2 +-
8 files changed, 97 insertions(+), 25 deletions(-)
diff --git a/apps/verify.c b/apps/verify.c
index 67d3276..3767972 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file,
if (sm2id != NULL) {
#ifndef OPENSSL_NO_SM2
-ASN1_OCTET_STRING v;
+ASN1_OCTET_STRING *v;
-v.data = sm2id;
-v.length = sm2idlen;
+v = ASN1_OCTET_STRING_new();
+if (v == NULL) {
+BIO_printf(bio_err, "error: SM2 ID allocation failed\n");
+goto end;
+}
-X509_set_sm2_id(x, );
+if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) {
+BIO_printf(bio_err, "error: setting SM2 ID failed\n");
+ASN1_OCTET_STRING_free(v);
+goto end;
+}
+
+X509_set0_sm2_id(x, v);
#endif
}
csc = X509_STORE_CTX_new();
if (csc == NULL) {
-printf("error %s: X.509 store context allocation failed\n",
- (file == NULL) ? "stdin" : file);
+BIO_printf(bio_err, "error %s: X.509 store context allocation
failed\n",
+ (file == NULL) ? "stdin" : file);
goto end;
}
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
X509_STORE_CTX_free(csc);
-printf("error %s: X.509 store context initialization failed\n",
- (file == NULL) ? "stdin" : file);
+BIO_printf(bio_err,
+ "error %s: X.509 store context initialization failed\n",
+ (file == NULL) ? "stdin" : file);
goto end;
}
if (tchain != NULL)
@@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file,
X509_STORE_CTX_set0_crls(csc, crls);
i = X509_verify_cert(csc);
if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
-printf("%s: OK\n", (file == NULL) ? "stdin" : file);
+BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file);
ret = 1;
if (show_chain) {
int j;
chain = X509_STORE_CTX_get1_chain(csc);
num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
-printf("Chain:\n");
+BIO_printf(bio_out, "Chain:\n");
for (j = 0; j < sk_X509_num(chain); j++) {
X509 *cert = sk_X509_value(chain, j);
-printf("depth=%d: ", j);
+BIO_printf(bio_out, "depth=%d: ", j);
X509_NAME_print_ex_fp(stdout,
X509_get_subject_name(cert),
0, get_nameopt());
if (j < num_untrusted)
-printf(" (untrusted)");
-printf("\n");
+BIO_printf(bio_out, " (untrusted)");
+BIO_printf(bio_out, "\n");
}
sk_X509_pop_free(chain, X509_free);
}
} else {
-printf("error %s: verification failed\n", (file == NULL) ? "stdin" :
file);
+BIO_printf(bio_err,
+ "error %s: verification failed\n",
+ (file == NULL) ? "stdin" : file);
}
X509_STORE_CTX_free(csc);
diff --git a/crypto/include/internal/x509_int.h
b/crypto/include/internal/x509_int.h
index 93f923e..7c40b15 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -184,7 +184,7 @@ struct x509_st {
CRYPTO_RWLOCK *lock;
volatile int ex_cached;
# ifndef OPENSSL_NO_SM2
-ASN1_OCTET_STRING sm2_id;
+ASN1_OCTET_STRING *sm2_id;
# endif
} /* X509 */ ;
diff --git a/crypto/x509/x_all.c
Still Failing: openssl/openssl#24636 (master - bbcaef6)
Build Update for openssl/openssl - Build: #24636 Status: Still Failing Duration: 18 mins and 14 secs Commit: bbcaef6 (master) Author: Richard Levitte Message: test/params_test.c : Adjust tests to check utf8_ptr sizes Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8703) View the changeset: https://github.com/openssl/openssl/compare/b926f9deb3dc...bbcaef632440 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517756906?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] master update
The branch master has been updated
via bbcaef632440067d173e2c4bfc40dd96ef2c0112 (commit)
via f55ed701a458e3b3840a5d8c8dd3019d7d71a26f (commit)
from b926f9deb3dc79d00f0a989370e95867516a3a17 (commit)
- Log -
commit bbcaef632440067d173e2c4bfc40dd96ef2c0112
Author: Richard Levitte
Date: Tue Apr 9 13:16:16 2019 +0200
test/params_test.c : Adjust tests to check utf8_ptr sizes
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8703)
commit f55ed701a458e3b3840a5d8c8dd3019d7d71a26f
Author: Richard Levitte
Date: Tue Apr 9 08:31:09 2019 +0200
Params API: {utf8,octet}_ptr need to know the data size
When the purpose is to pass parameters to a setter function, that
setter function needs to know the size of the data passed. This
remains true for the pointer data types as well.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8703)
---
Summary of changes:
crypto/params.c | 8
doc/man3/OSSL_PARAM_TYPE.pod | 19 +--
include/openssl/params.h | 4 ++--
test/params_api_test.c | 4 ++--
test/params_test.c | 32 +---
5 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/crypto/params.c b/crypto/params.c
index 8b75e04..bdb1fa9 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -580,15 +580,15 @@ int OSSL_PARAM_set_octet_ptr(const OSSL_PARAM *p, const
void *val,
}
OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf,
- size_t *rsize)
+ size_t bsize, size_t *rsize)
{
-return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, 0, rsize);
+return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, bsize, rsize);
}
OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
- size_t *rsize)
+ size_t bsize, size_t *rsize)
{
-return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize);
+return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, bsize, rsize);
}
OSSL_PARAM OSSL_PARAM_construct_end(void)
diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod
index dd887f3..4585f25 100644
--- a/doc/man3/OSSL_PARAM_TYPE.pod
+++ b/doc/man3/OSSL_PARAM_TYPE.pod
@@ -44,9 +44,9 @@ OSSL_PARAM_set_octet_ptr
OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf,
size_t bsize, size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf,
- size_t *rsize);
+ size_t bsize, size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
- size_t *rsize);
+ size_t bsize, size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_end(void);
OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key);
@@ -173,13 +173,13 @@ size B is created.
OSSL_PARAM_construct_utf8_ptr() is a function that constructes a UTF string
pointer OSSL_PARAM structure.
-A parameter with name B, storage pointer B<*buf> and return size B
-is created.
+A parameter with name B, storage pointer B<*buf>, size B and
+return size B is created.
OSSL_PARAM_construct_octet_ptr() is a function that constructes an OCTET string
pointer OSSL_PARAM structure.
-A parameter with name B, storage pointer B<*buf> and return size B
-is created.
+A parameter with name B, storage pointer B<*buf>, size B and
+return size B is created.
OSSL_PARAM_construct_end() is a function that constructs the terminating
OSSL_PARAM structure.
@@ -254,6 +254,13 @@ Integral types will be widened and sign extended as
required.
Apart from that, the functions must be used appropriately for the
expected type of the parameter.
+For OSSL_PARAM_get_utf8_ptr() and OSSL_PARAM_get_octet_ptr(), B
+is not relevant if the purpose is to send the B array to a
+I, i.e. to get parameter data back.
+In that case, B can safely be given zero.
+See L for further information on the
+possible purposes.
+
=head1 EXAMPLES
Reusing the examples from L to just show how
diff --git a/include/openssl/params.h b/include/openssl/params.h
index cf9ffa8..aea24bb 100644
--- a/include/openssl/params.h
+++ b/include/openssl/params.h
@@ -132,11 +132,11 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key,
double *buf,
OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf,
size_t bsize, size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf,
-
Still Failing: openssl/openssl#24632 (OpenSSL_1_1_1-stable - 0c45bd8)
Build Update for openssl/openssl - Build: #24632 Status: Still Failing Duration: 24 mins and 20 secs Commit: 0c45bd8 (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) View the changeset: https://github.com/openssl/openssl/compare/d7af859880c1...0c45bd8dae28 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517701034?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24631 (master - b926f9d)
Build Update for openssl/openssl - Build: #24631 Status: Still Failing Duration: 26 mins and 31 secs Commit: b926f9d (master) Author: Matt Caswell Message: Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) View the changeset: https://github.com/openssl/openssl/compare/d030892312a2...b926f9deb3dc View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517700898?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: e9cfa19201 Avoid alignment problems in params API. f997e456b9 s_client starttls: fix handling of multiline reply df09b6b5f9 coverity resource leak fixes in apps/pkeyutl 61d7045bd2 fix --strict-warnings build aa447d6fdb fix --strict-warnings build Build log ended with (last 100 lines): /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: undefined reference to `__ubsan_handle_shift_out_of_bounds_abort' crypto/sha/fips-dso-sha256.o:/home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:210: more undefined references to `__ubsan_handle_shift_out_of_bounds_abort' follow crypto/sha/fips-dso-sha256.o: In function `sha256_block_data_order': /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:202: undefined reference to `__ubsan_handle_add_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:221: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:222: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:223: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:224: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:225: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_out_of_bounds_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_pointer_overflow_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:226: undefined reference to `__ubsan_handle_type_mismatch_v1_abort' /home/openssl/run-checker/enable-ubsan/../openssl/crypto/sha/sha256.c:227: undefined reference to
Still Failing: openssl/openssl#24630 (master - d030892)
Build Update for openssl/openssl - Build: #24630 Status: Still Failing Duration: 25 mins and 13 secs Commit: d030892 (master) Author: Matt Caswell Message: Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8541) View the changeset: https://github.com/openssl/openssl/compare/68ca1737ce58...d030892312a2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517696858?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24629 (master - 68ca173)
Build Update for openssl/openssl - Build: #24629 Status: Still Failing Duration: 28 mins and 3 secs Commit: 68ca173 (master) Author: Richard Levitte Message: Configurations/10-main.conf: Don't inherit assembler in Cygwin-common The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do this. Fixes #8684 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8685) View the changeset: https://github.com/openssl/openssl/compare/195852fefc1e...68ca1737ce58 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694802?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: openssl/openssl#24628 (master - 195852f)
Build Update for openssl/openssl - Build: #24628 Status: Still Failing Duration: 17 mins and 47 secs Commit: 195852f (master) Author: Richard Levitte Message: Params: add OSSL_PARAM_construct_end() OSSL_PARAM_END is a macro that can only be used to initialize an OSSL_PARAM array, not to assign an array element later on. For completion, we add an end constructor to facilitate that kind of assignment. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8704) View the changeset: https://github.com/openssl/openssl/compare/bb315ca71665...195852fefc1e View the full build log and details: https://travis-ci.org/openssl/openssl/builds/517694137?utm_medium=notification_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 0c45bd8dae287a286583dca682eafcfa5a5d4469 (commit) from d7af859880c14fff9d46a028366ab473977d1f36 (commit) - Log - commit 0c45bd8dae287a286583dca682eafcfa5a5d4469 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) (cherry picked from commit b926f9deb3dc79d00f0a989370e95867516a3a17) --- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index be39015..eaf6a8e 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; +stmp.type = X509_LU_NONE; +stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock);
[openssl] master update
The branch master has been updated via b926f9deb3dc79d00f0a989370e95867516a3a17 (commit) from d030892312a2e7076511205e7fe1a5eae98e5102 (commit) - Log - commit b926f9deb3dc79d00f0a989370e95867516a3a17 Author: Matt Caswell Date: Mon Apr 8 11:22:37 2019 +0100 Fix crash in X509_STORE_CTX_get_by_subject If using a custom X509_LOOKUP_METHOD then calls to X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised X509_OBJECT being passed to the callback get_by_subject function. Fixes #8673 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8698) --- Summary of changes: crypto/x509/x509_lu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index fa8153d..e994633 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, if (ctx == NULL) return 0; +stmp.type = X509_LU_NONE; +stmp.data.ptr = NULL; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock);
[openssl] master update
The branch master has been updated
via d030892312a2e7076511205e7fe1a5eae98e5102 (commit)
via dc46e3dde58c781b5f29942d787a2c8765ba5514 (commit)
from 68ca1737ce58173001f2146b913388f872842f69 (commit)
- Log -
commit d030892312a2e7076511205e7fe1a5eae98e5102
Author: Matt Caswell
Date: Fri Apr 5 10:47:05 2019 +0100
Add a legacy provider and put MD2 in it
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8541)
commit dc46e3dde58c781b5f29942d787a2c8765ba5514
Author: Matt Caswell
Date: Wed Mar 20 17:51:29 2019 +
Use the right NID when putting a method in the store
When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/8541)
---
Summary of changes:
Configure | 6 ++-
INSTALL| 4 ++
crypto/core_fetch.c| 5 +-
crypto/evp/digest.c| 10 +++-
crypto/evp/evp_fetch.c | 27 ++
crypto/evp/evp_locl.h | 3 +-
crypto/property/property_parse.c | 1 +
doc/internal/man3/evp_generic_fetch.pod| 7 ++-
doc/internal/man3/ossl_method_construct.pod| 7 +--
include/internal/core.h| 4 +-
providers/build.info | 11
providers/legacy/build.info| 4 ++
providers/legacy/digests/build.info| 4 ++
providers/legacy/digests/md2.c | 63 ++
providers/{fips/fipsprov.c => legacy/legacyprov.c} | 36 +++--
test/md2test.c | 14 +
test/recipes/05-test_md2.t | 5 ++
17 files changed, 173 insertions(+), 38 deletions(-)
create mode 100644 providers/legacy/build.info
create mode 100644 providers/legacy/digests/build.info
create mode 100644 providers/legacy/digests/md2.c
copy providers/{fips/fipsprov.c => legacy/legacyprov.c} (68%)
diff --git a/Configure b/Configure
index 6702bc6..3b7ca36 100755
--- a/Configure
+++ b/Configure
@@ -374,6 +374,7 @@ my @disablables = (
"fuzz-afl",
"gost",
"idea",
+"legacy",
"makedepend",
"md2",
"md4",
@@ -513,7 +514,7 @@ my @disable_cascades = (
# or modules.
"pic" => [ "shared", "module" ],
-"module"=> [ "fips" ],
+"module"=> [ "fips", "legacy" ],
"engine"=> [ grep /eng$/, @disablables ],
"hw"=> [ "padlockeng" ],
@@ -532,6 +533,7 @@ my @disable_cascades = (
sub { !$disabled{"msan"} } => [ "asm" ],
sub { $disabled{cmac}; } => [ "siv" ],
+"legacy" => [ "md2" ],
);
# Avoid protocol support holes. Also disable all versions below N, if version
@@ -1226,7 +1228,7 @@ foreach my $what (sort keys %disabled) {
if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared',
'module', 'pic', 'dynamic-engine',
'makedepend',
-'zlib-dynamic', 'zlib', 'sse2' )) {
+'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) {
(my $WHAT = uc $what) =~ s|-|_|g;
my $skipdir = $what;
diff --git a/INSTALL b/INSTALL
index c496e79..50722a1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -409,6 +409,10 @@
available if the GOST algorithms are also available through
loading an externally supplied engine.
+ no-legacy
+ Don't build the legacy provider. Disabling this also
disables
+ the legacy algorithms: MD2 (already disabled by default).
+
no-makedepend
Don't generate dependencies.
diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
index d38e132..2c4b0d7 100644
--- a/crypto/core_fetch.c
+++ b/crypto/core_fetch.c
@@ -35,8 +35,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER
*provider, void *cbdata)
const OSSL_ALGORITHM *thismap = map++;
void *method = NULL;
-if ((method = data->mcm->construct(thismap->implementation, provider,
-data->mcm_data)) == NULL)
+if ((method = data->mcm->construct(thismap->algorithm_name,
+ thismap->implementation, provider,
+ data->mcm_data)) == NULL)
continue;
[openssl] master update
The branch master has been updated
via 68ca1737ce58173001f2146b913388f872842f69 (commit)
from 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit)
- Log -
commit 68ca1737ce58173001f2146b913388f872842f69
Author: Richard Levitte
Date: Fri Apr 5 15:38:09 2019 +0200
Configurations/10-main.conf: Don't inherit assembler in Cygwin-common
The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do
this.
Fixes #8684
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/8685)
---
Summary of changes:
Configurations/10-main.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 0e3afd3..27e587f 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1431,7 +1431,7 @@ my %targets = (
Cygwin
"Cygwin-common" => {
-inherit_from => [ "BASE_unix", asm("x86_asm") ],
+inherit_from => [ "BASE_unix" ],
template => 1,
CC => "gcc",
[openssl] master update
The branch master has been updated
via 195852fefc1ef090977ed3cc3334f1dfbd6bac34 (commit)
from bb315ca716656b7aff89f86d35988062952ccb21 (commit)
- Log -
commit 195852fefc1ef090977ed3cc3334f1dfbd6bac34
Author: Richard Levitte
Date: Tue Apr 9 09:49:58 2019 +0200
Params: add OSSL_PARAM_construct_end()
OSSL_PARAM_END is a macro that can only be used to initialize an
OSSL_PARAM array, not to assign an array element later on. For
completion, we add an end constructor to facilitate that kind of
assignment.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/8704)
---
Summary of changes:
crypto/params.c | 7 +++
doc/man3/OSSL_PARAM_TYPE.pod | 7 ++-
include/openssl/params.h | 1 +
test/params_api_test.c | 3 +--
test/params_test.c | 3 +--
util/libcrypto.num | 1 +
6 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/crypto/params.c b/crypto/params.c
index 465bb32..8b75e04 100644
--- a/crypto/params.c
+++ b/crypto/params.c
@@ -590,3 +590,10 @@ OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key,
void **buf,
{
return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, 0, rsize);
}
+
+OSSL_PARAM OSSL_PARAM_construct_end(void)
+{
+OSSL_PARAM end = OSSL_PARAM_END;
+
+return end;
+}
diff --git a/doc/man3/OSSL_PARAM_TYPE.pod b/doc/man3/OSSL_PARAM_TYPE.pod
index 2842eae..dd887f3 100644
--- a/doc/man3/OSSL_PARAM_TYPE.pod
+++ b/doc/man3/OSSL_PARAM_TYPE.pod
@@ -10,7 +10,8 @@ OSSL_PARAM_SIZED_octet_ptr, OSSL_PARAM_END,
OSSL_PARAM_construct_TYPE,
OSSL_PARAM_END,
OSSL_PARAM_construct_BN, OSSL_PARAM_construct_utf8_string,
OSSL_PARAM_construct_utf8_ptr, OSSL_PARAM_construct_octet_string,
-OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_locate, OSSL_PARAM_get_TYPE,
+OSSL_PARAM_construct_octet_ptr, OSSL_PARAM_construct_end,
+OSSL_PARAM_locate, OSSL_PARAM_get_TYPE,
OSSL_PARAM_set_TYPE, OSSL_PARAM_get_BN, OSSL_PARAM_set_BN,
OSSL_PARAM_get_utf8_string, OSSL_PARAM_set_utf8_string,
OSSL_PARAM_get_octet_string, OSSL_PARAM_set_octet_string,
@@ -46,6 +47,7 @@ OSSL_PARAM_set_octet_ptr
size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
size_t *rsize);
+ OSSL_PARAM OSSL_PARAM_construct_end(void);
OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *array, const char *key);
@@ -179,6 +181,9 @@ pointer OSSL_PARAM structure.
A parameter with name B, storage pointer B<*buf> and return size B
is created.
+OSSL_PARAM_construct_end() is a function that constructs the terminating
+OSSL_PARAM structure.
+
OSSL_PARAM_locate() is a function that searches an B of parameters for
the one matching the B name.
diff --git a/include/openssl/params.h b/include/openssl/params.h
index 10ed28d..cf9ffa8 100644
--- a/include/openssl/params.h
+++ b/include/openssl/params.h
@@ -137,6 +137,7 @@ OSSL_PARAM OSSL_PARAM_construct_octet_string(const char
*key, void *buf,
size_t bsize, size_t *rsize);
OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf,
size_t *rsize);
+OSSL_PARAM OSSL_PARAM_construct_end(void);
int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val);
int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val);
diff --git a/test/params_api_test.c b/test/params_api_test.c
index c78a42b..a3d2337 100644
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -448,7 +448,6 @@ static int test_param_construct(void)
void *vp, *vpn = NULL, *vp2;
OSSL_PARAM *p;
const OSSL_PARAM *cp;
-static const OSSL_PARAM pend = OSSL_PARAM_END;
int i, n = 0, ret = 0;
unsigned int u;
long int l;
@@ -478,7 +477,7 @@ static int test_param_construct(void)
);
params[n++] = OSSL_PARAM_construct_utf8_ptr("utf8ptr", , );
params[n++] = OSSL_PARAM_construct_octet_ptr("octptr", , );
-params[n] = pend;
+params[n] = OSSL_PARAM_construct_end();
/* Search failure */
if (!TEST_ptr_null(OSSL_PARAM_locate(params, "fnord")))
diff --git a/test/params_test.c b/test/params_test.c
index 338e6b2..8d456bb 100644
--- a/test/params_test.c
+++ b/test/params_test.c
@@ -391,7 +391,6 @@ static OSSL_PARAM *construct_api_params(void)
{
size_t n = 0;
static OSSL_PARAM params[10];
-OSSL_PARAM param_end = OSSL_PARAM_END;
params[n++] = OSSL_PARAM_construct_int("p1", _p1, NULL);
params[n++] = OSSL_PARAM_construct_BN("p3", bignumbin, sizeof(bignumbin),
@@ -404,7 +403,7 @@ static OSSL_PARAM *construct_api_params(void)
_p6_l);
params[n++] = OSSL_PARAM_construct_octet_string("foo", ,
Build completed: openssl master.24029
Build openssl master.24029 completed
Commit ecad6285f6 by Richard Levitte on 4/9/2019 6:31 AM:
Params API: {utf8,octet}_ptr need to know the data size
Configure your notification preferences
