[openssl] master update
The branch master has been updated via 15729bef385211bc2a0497e2d53a45c45d677d2c (commit) from 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070 (commit) - Log - commit 15729bef385211bc2a0497e2d53a45c45d677d2c Author: Daiki Ueno Date: Thu Jul 8 19:22:36 2021 +0200 BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given The flag only affects which record types are queried via DNS (A or , or both). When node is NULL and AF_UNSPEC is used, it prevents getaddrinfo returning the right address associated with the loopback interface. Signed-off-by: Daiki Ueno Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16033) --- Summary of changes: crypto/bio/bio_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 0efbc3cb44..d18c849ade 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_protocol = protocol; # ifdef AI_ADDRCONFIG # ifdef AF_UNSPEC -if (family == AF_UNSPEC) +if (host != NULL && family == AF_UNSPEC) # endif hints.ai_flags |= AI_ADDRCONFIG; # endif
[openssl] master update
The branch master has been updated via 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070 (commit) via 50d0a51d6dc83815a6fca5c00c711ffcf407a214 (commit) via f0f4de4e50eaa11eb5a51fa6e7756d4a0876557e (commit) via 4cd47351866e303cebe89c5a056dbec7e513 (commit) via 2296cc34f3c700b0bc5c45f35e56641fbb840db3 (commit) from f159b83a75c8d5e5c43ae4b2dec62086a5e36189 (commit) - Log - commit 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070 Author: Tomas Mraz Date: Fri Jul 9 15:48:02 2021 +0200 test_cmp_ctx: Avoid using empty X509 with i2d Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/16036) commit 50d0a51d6dc83815a6fca5c00c711ffcf407a214 Author: Richard Levitte Date: Fri Jul 9 08:51:55 2021 +0200 Fix test/asn1_encode_test.c to handle encoding/decoding failure Make it only report (and fail on) encoding/decoding failures when success is expected. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16036) commit f0f4de4e50eaa11eb5a51fa6e7756d4a0876557e Author: Richard Levitte Date: Fri Jul 9 08:31:24 2021 +0200 Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items. This test program used it for non-optional items, which doesn't encode well. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16036) commit 4cd47351866e303cebe89c5a056dbec7e513 Author: Richard Levitte Date: Thu Jul 8 13:38:45 2021 +0200 ASN.1: Refuse to encode to DER if non-optional items are missing Fixes #16026 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16036) commit 2296cc34f3c700b0bc5c45f35e56641fbb840db3 Author: Richard Levitte Date: Thu Jul 8 13:33:28 2021 +0200 TEST: Check that i2d refuses to encode non-optional items with no content The test case creates an RSA public key and tries to pass it through i2d_PrivateKey(). This SHOULD fail, since the private bits are missing. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16036) --- Summary of changes: crypto/asn1/tasn_enc.c | 29 ++--- test/asn1_encode_test.c| 59 +++--- test/asn1_internal_test.c | 44 +++ test/cmp_ctx_test.c| 22 +--- test/recipes/65-test_cmp_ctx.t | 6 +++-- 5 files changed, 119 insertions(+), 41 deletions(-) diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 2d24320af9..06473d3411 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -217,7 +217,7 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass) { const int flags = tt->flags; -int i, ret, ttag, tclass, ndef; +int i, ret, ttag, tclass, ndef, len; const ASN1_VALUE *tval; /* @@ -303,13 +303,16 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, /* Determine total length of items */ skcontlen = 0; for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { -int tmplen; skitem = sk_const_ASN1_VALUE_value(sk, i); -tmplen = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); -if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) +len = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item), + -1, iclass); +if (len == -1 || (skcontlen > INT_MAX - len)) +return -1; +if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { +ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); return -1; -skcontlen += tmplen; +} +skcontlen += len; } sklen = ASN1_object_size(ndef, skcontlen, sktag); if (sklen == -1) @@ -347,6 +350,10 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); if (!i) return 0; +if (i == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { +ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); +return -1; +} /* Find length of EXPLICIT tag */ ret = ASN1_object_size(ndef, i, ttag); if (out && ret != -1) { @@ -360,9 +367,13 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, } /* Either normal or IMPLICIT tagging: combine
[openssl] master update
The branch master has been updated via f159b83a75c8d5e5c43ae4b2dec62086a5e36189 (commit) via 1bbe13fce5be8eee6fe2854b79dfbd38c028077c (commit) from 0007ff257c95f5cd046799e492436f41caf4ecb2 (commit) - Log - commit f159b83a75c8d5e5c43ae4b2dec62086a5e36189 Author: Richard Levitte Date: Thu Jul 8 19:05:34 2021 +0200 Configurations/unix-Makefile.tmpl: use platform->sharedlib() as fallback If platform->sharedlib_simple() and platform->sharedlib_import() return undefined, try platform->sharedlib() as a fallback before platform->staticlib(). Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16023) commit 1bbe13fce5be8eee6fe2854b79dfbd38c028077c Author: Richard Levitte Date: Thu Jul 8 05:18:25 2021 +0200 platform->sharedlib_simple(): return undef when same as platform->sharedlib() On some Unix-like platforms, there is no such thing as versioned shared libraries. In this case, platform->sharedlib_simple() should simply return undef. Among others, this avoids the shared libraries to be installed as symlinks on themselves. Fixes #16012 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16023) --- Summary of changes: Configurations/platform/Unix.pm | 1 + Configurations/unix-Makefile.tmpl | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Configurations/platform/Unix.pm b/Configurations/platform/Unix.pm index 80963adc30..c7d7d9eb80 100644 --- a/Configurations/platform/Unix.pm +++ b/Configurations/platform/Unix.pm @@ -63,6 +63,7 @@ sub sharedname_simple { } sub sharedlib_simple { +return undef if $_[0]->shlibext() eq $_[0]->shlibextsimple(); return platform::BASE::__concat($_[0]->sharedname_simple($_[1]), $_[0]->shlibextsimple()); } diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index b82166f70a..0fb80f1968 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1392,7 +1392,7 @@ FORCE: # Building targets ### -libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // () } @{$unified_info{libraries}}) -} +libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} libcrypto.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ @@ -1484,6 +1484,7 @@ reconfigure reconf: # On Unix platforms, we depend on {shlibname}.so return map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) + // platform->sharedlib($_) // platform->staticlib($_) } @_; }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via ea26844c4f624ef515d9228d3b623761a369b049 (commit) via f1d97905bbd8679b7647c992b97f526791069040 (commit) via 5434acb6c4d56507d761b28f7e142ccab808a8fa (commit) via 006906cddda37e24a66443199444ef4476697477 (commit) via 12e9b74c513a8ed3c1c260cf25221a465ae14b84 (commit) from 6eba6a9b35e97f8fc9fee33a7bdfff0bed04a6dc (commit) - Log - commit ea26844c4f624ef515d9228d3b623761a369b049 Author: Richard Levitte Date: Fri Jul 9 09:14:11 2021 +0200 make update (adds a new function code) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16027) commit f1d97905bbd8679b7647c992b97f526791069040 Author: Richard Levitte Date: Fri Jul 9 08:51:55 2021 +0200 Fix test/asn1_encode_test.c to handle encoding/decoding failure Make it only report (and fail on) encoding/decoding failures when success is expected. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16027) commit 5434acb6c4d56507d761b28f7e142ccab808a8fa Author: Richard Levitte Date: Fri Jul 9 08:31:24 2021 +0200 Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items. This test program used it for non-optional items, which doesn't encode well. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16027) commit 006906cddda37e24a66443199444ef4476697477 Author: Richard Levitte Date: Thu Jul 8 13:38:45 2021 +0200 ASN.1: Refuse to encode to DER if non-optional items are missing Fixes #16026 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16027) commit 12e9b74c513a8ed3c1c260cf25221a465ae14b84 Author: Richard Levitte Date: Thu Jul 8 13:33:28 2021 +0200 TEST: Check that i2d refuses to encode non-optional items with no content The test case creates an RSA public key and tries to pass it through i2d_PrivateKey(). This SHOULD fail, since the private bits are missing. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16027) --- Summary of changes: crypto/asn1/asn1_err.c| 4 +++- crypto/asn1/tasn_enc.c| 30 crypto/err/openssl.txt| 1 + include/openssl/asn1err.h | 3 ++- test/asn1_encode_test.c | 59 +-- test/asn1_internal_test.c | 38 ++ 6 files changed, 97 insertions(+), 38 deletions(-) diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cc0a59ca4c..50003a8531 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,6 +82,8 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { "ASN1_STRING_type_new"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0), "asn1_template_ex_d2i"}, +{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_I2D, 0), + "asn1_template_ex_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0), "asn1_template_noexp_d2i"}, diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index bcc96337bc..6eb300a21e 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -213,7 +213,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass) { -int i, ret, flags, ttag, tclass, ndef; +int i, ret, flags, ttag, tclass, ndef, len; ASN1_VALUE *tval; flags = tt->flags; @@ -300,13 +300,17 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* Determine total length of items */ skcontlen = 0; for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { -int tmplen; skitem = sk_ASN1_VALUE_value(sk, i); -tmplen = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); -if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) +len = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item), + -1, iclass); +if (len == -1 || (skcontlen > INT_MAX - len)) +return -1; +if (len == 0 &&
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DL8YS_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFgoZ9AiDcgwMLhxk6ghZTttO7jz3B7MwN-2F4vs7-2BXvKjApOadZY3K4E-2FG5M4ymqxCnvL6WGM3UimuVsAVRuLgGaVkH61rVQzoZk3k-2Fu1NBu3MgN5-2FWhMtS-2FFOLvaeEY5PQ-2BO9MsIJpCSfGqd61NFANnV3tKvSgwwJ2QNdJzszkIhVWFM0qjhGJGvSM8GjHgrPU-3D Build ID: 396243 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DhAZG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF4gI3AmCutU3pBC3qx724PmHvqdqsDlzfOAOS8bl7M6xMp6CmPwp9lXM4Wo2-2FjWgSmCHnJxh9mWISfK40y5QfmBTU40FwNDVj-2FOamQioGgHxGL2SnePEjFwxoDh8be2NHAsQJuKHGeTlYcmRpBx5ZvYJR763zo2ZhzInxmviDi-2BRyWb-2BTWASc7vR8ycFWugS4-3D Build ID: 396242 Analysis Summary: New defects found: 0 Defects eliminated: 0