[openssl] master update
The branch master has been updated via 15729bef385211bc2a0497e2d53a45c45d677d2c (commit) from 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070 (commit) - Log - commit 15729bef385211bc2a0497e2d53a45c45d677d2c Author: Daiki Ueno Date: Thu Jul 8 19:22:36 2021 +0200 BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given The flag only affects which record types are queried via DNS (A or , or both). When node is NULL and AF_UNSPEC is used, it prevents getaddrinfo returning the right address associated with the loopback interface. Signed-off-by: Daiki Ueno Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16033) --- Summary of changes: crypto/bio/bio_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 0efbc3cb44..d18c849ade 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -696,7 +696,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_protocol = protocol; # ifdef AI_ADDRCONFIG # ifdef AF_UNSPEC -if (family == AF_UNSPEC) +if (host != NULL && family == AF_UNSPEC) # endif hints.ai_flags |= AI_ADDRCONFIG; # endif
[openssl] master update
The branch master has been updated
via 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070 (commit)
via 50d0a51d6dc83815a6fca5c00c711ffcf407a214 (commit)
via f0f4de4e50eaa11eb5a51fa6e7756d4a0876557e (commit)
via 4cd47351866e303cebe89c5a056dbec7e513 (commit)
via 2296cc34f3c700b0bc5c45f35e56641fbb840db3 (commit)
from f159b83a75c8d5e5c43ae4b2dec62086a5e36189 (commit)
- Log -
commit 6bfd3e51c04faa97ed98f38e35bd9bb5294b9070
Author: Tomas Mraz
Date: Fri Jul 9 15:48:02 2021 +0200
test_cmp_ctx: Avoid using empty X509 with i2d
Reviewed-by: Richard Levitte
Reviewed-by: David von Oheimb
(Merged from https://github.com/openssl/openssl/pull/16036)
commit 50d0a51d6dc83815a6fca5c00c711ffcf407a214
Author: Richard Levitte
Date: Fri Jul 9 08:51:55 2021 +0200
Fix test/asn1_encode_test.c to handle encoding/decoding failure
Make it only report (and fail on) encoding/decoding failures when success
is expected.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16036)
commit f0f4de4e50eaa11eb5a51fa6e7756d4a0876557e
Author: Richard Levitte
Date: Fri Jul 9 08:31:24 2021 +0200
Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items.
This test program used it for non-optional items, which doesn't encode
well.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16036)
commit 4cd47351866e303cebe89c5a056dbec7e513
Author: Richard Levitte
Date: Thu Jul 8 13:38:45 2021 +0200
ASN.1: Refuse to encode to DER if non-optional items are missing
Fixes #16026
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16036)
commit 2296cc34f3c700b0bc5c45f35e56641fbb840db3
Author: Richard Levitte
Date: Thu Jul 8 13:33:28 2021 +0200
TEST: Check that i2d refuses to encode non-optional items with no content
The test case creates an RSA public key and tries to pass it through
i2d_PrivateKey(). This SHOULD fail, since the private bits are missing.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16036)
---
Summary of changes:
crypto/asn1/tasn_enc.c | 29 ++---
test/asn1_encode_test.c| 59 +++---
test/asn1_internal_test.c | 44 +++
test/cmp_ctx_test.c| 22 +---
test/recipes/65-test_cmp_ctx.t | 6 +++--
5 files changed, 119 insertions(+), 41 deletions(-)
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 2d24320af9..06473d3411 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -217,7 +217,7 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval,
unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
const int flags = tt->flags;
-int i, ret, ttag, tclass, ndef;
+int i, ret, ttag, tclass, ndef, len;
const ASN1_VALUE *tval;
/*
@@ -303,13 +303,16 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval,
unsigned char **out,
/* Determine total length of items */
skcontlen = 0;
for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) {
-int tmplen;
skitem = sk_const_ASN1_VALUE_value(sk, i);
-tmplen = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item),
- -1, iclass);
-if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+len = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+if (len == -1 || (skcontlen > INT_MAX - len))
+return -1;
+if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
+ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
return -1;
-skcontlen += tmplen;
+}
+skcontlen += len;
}
sklen = ASN1_object_size(ndef, skcontlen, sktag);
if (sklen == -1)
@@ -347,6 +350,10 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval,
unsigned char **out,
i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
if (!i)
return 0;
+if (i == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) {
+ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
+return -1;
+}
/* Find length of EXPLICIT tag */
ret = ASN1_object_size(ndef, i, ttag);
if (out && ret != -1) {
@@ -360,9 +367,13 @@ static int asn1_template_ex_i2d(const ASN1_VALUE **pval,
unsigned char **out,
}
/* Either normal or IMPLICIT tagging: combine
[openssl] master update
The branch master has been updated
via f159b83a75c8d5e5c43ae4b2dec62086a5e36189 (commit)
via 1bbe13fce5be8eee6fe2854b79dfbd38c028077c (commit)
from 0007ff257c95f5cd046799e492436f41caf4ecb2 (commit)
- Log -
commit f159b83a75c8d5e5c43ae4b2dec62086a5e36189
Author: Richard Levitte
Date: Thu Jul 8 19:05:34 2021 +0200
Configurations/unix-Makefile.tmpl: use platform->sharedlib() as fallback
If platform->sharedlib_simple() and platform->sharedlib_import()
return undefined, try platform->sharedlib() as a fallback before
platform->staticlib().
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16023)
commit 1bbe13fce5be8eee6fe2854b79dfbd38c028077c
Author: Richard Levitte
Date: Thu Jul 8 05:18:25 2021 +0200
platform->sharedlib_simple(): return undef when same as
platform->sharedlib()
On some Unix-like platforms, there is no such thing as versioned shared
libraries. In this case, platform->sharedlib_simple() should simply
return undef. Among others, this avoids the shared libraries to be
installed as symlinks on themselves.
Fixes #16012
Reviewed-by: Tomas Mraz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/16023)
---
Summary of changes:
Configurations/platform/Unix.pm | 1 +
Configurations/unix-Makefile.tmpl | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/Configurations/platform/Unix.pm b/Configurations/platform/Unix.pm
index 80963adc30..c7d7d9eb80 100644
--- a/Configurations/platform/Unix.pm
+++ b/Configurations/platform/Unix.pm
@@ -63,6 +63,7 @@ sub sharedname_simple {
}
sub sharedlib_simple {
+return undef if $_[0]->shlibext() eq $_[0]->shlibextsimple();
return platform::BASE::__concat($_[0]->sharedname_simple($_[1]),
$_[0]->shlibextsimple());
}
diff --git a/Configurations/unix-Makefile.tmpl
b/Configurations/unix-Makefile.tmpl
index b82166f70a..0fb80f1968 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1392,7 +1392,7 @@ FORCE:
# Building targets ###
-libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map {
platform->sharedlib_simple($_) // platform->sharedlib_import($_) // () }
@{$unified_info{libraries}}) -}
+libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map {
platform->sharedlib_simple($_) // platform->sharedlib_import($_) //
platform->sharedlib($_) // () } @{$unified_info{libraries}}) -}
libcrypto.pc:
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
@@ -1484,6 +1484,7 @@ reconfigure reconf:
# On Unix platforms, we depend on {shlibname}.so
return map { platform->sharedlib_simple($_)
// platform->sharedlib_import($_)
+ // platform->sharedlib($_)
// platform->staticlib($_)
} @_;
}
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via ea26844c4f624ef515d9228d3b623761a369b049 (commit)
via f1d97905bbd8679b7647c992b97f526791069040 (commit)
via 5434acb6c4d56507d761b28f7e142ccab808a8fa (commit)
via 006906cddda37e24a66443199444ef4476697477 (commit)
via 12e9b74c513a8ed3c1c260cf25221a465ae14b84 (commit)
from 6eba6a9b35e97f8fc9fee33a7bdfff0bed04a6dc (commit)
- Log -
commit ea26844c4f624ef515d9228d3b623761a369b049
Author: Richard Levitte
Date: Fri Jul 9 09:14:11 2021 +0200
make update (adds a new function code)
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16027)
commit f1d97905bbd8679b7647c992b97f526791069040
Author: Richard Levitte
Date: Fri Jul 9 08:51:55 2021 +0200
Fix test/asn1_encode_test.c to handle encoding/decoding failure
Make it only report (and fail on) encoding/decoding failures when success
is expected.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 5434acb6c4d56507d761b28f7e142ccab808a8fa
Author: Richard Levitte
Date: Fri Jul 9 08:31:24 2021 +0200
Fix test/asn1_encode_test.c to not use ASN1_FBOOLEAN
ASN1_FBOOLEAN is designed to use as a default for optional ASN1 items.
This test program used it for non-optional items, which doesn't encode
well.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 006906cddda37e24a66443199444ef4476697477
Author: Richard Levitte
Date: Thu Jul 8 13:38:45 2021 +0200
ASN.1: Refuse to encode to DER if non-optional items are missing
Fixes #16026
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16027)
commit 12e9b74c513a8ed3c1c260cf25221a465ae14b84
Author: Richard Levitte
Date: Thu Jul 8 13:33:28 2021 +0200
TEST: Check that i2d refuses to encode non-optional items with no content
The test case creates an RSA public key and tries to pass it through
i2d_PrivateKey(). This SHOULD fail, since the private bits are missing.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16027)
---
Summary of changes:
crypto/asn1/asn1_err.c| 4 +++-
crypto/asn1/tasn_enc.c| 30
crypto/err/openssl.txt| 1 +
include/openssl/asn1err.h | 3 ++-
test/asn1_encode_test.c | 59 +--
test/asn1_internal_test.c | 38 ++
6 files changed, 97 insertions(+), 38 deletions(-)
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index cc0a59ca4c..50003a8531 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -82,6 +82,8 @@ static const ERR_STRING_DATA ASN1_str_functs[] = {
"ASN1_STRING_type_new"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
"asn1_template_ex_d2i"},
+{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_I2D, 0),
+ "asn1_template_ex_i2d"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
"asn1_template_noexp_d2i"},
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index bcc96337bc..6eb300a21e 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -213,7 +213,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
const ASN1_TEMPLATE *tt, int tag, int iclass)
{
-int i, ret, flags, ttag, tclass, ndef;
+int i, ret, flags, ttag, tclass, ndef, len;
ASN1_VALUE *tval;
flags = tt->flags;
@@ -300,13 +300,17 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval,
unsigned char **out,
/* Determine total length of items */
skcontlen = 0;
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-int tmplen;
skitem = sk_ASN1_VALUE_value(sk, i);
-tmplen = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item),
- -1, iclass);
-if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+len = ASN1_item_ex_i2d(, NULL, ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+if (len == -1 || (skcontlen > INT_MAX - len))
+return -1;
+if (len == 0 &&
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DL8YS_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFgoZ9AiDcgwMLhxk6ghZTttO7jz3B7MwN-2F4vs7-2BXvKjApOadZY3K4E-2FG5M4ymqxCnvL6WGM3UimuVsAVRuLgGaVkH61rVQzoZk3k-2Fu1NBu3MgN5-2FWhMtS-2FFOLvaeEY5PQ-2BO9MsIJpCSfGqd61NFANnV3tKvSgwwJ2QNdJzszkIhVWFM0qjhGJGvSM8GjHgrPU-3D Build ID: 396243 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DhAZG_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeF4gI3AmCutU3pBC3qx724PmHvqdqsDlzfOAOS8bl7M6xMp6CmPwp9lXM4Wo2-2FjWgSmCHnJxh9mWISfK40y5QfmBTU40FwNDVj-2FOamQioGgHxGL2SnePEjFwxoDh8be2NHAsQJuKHGeTlYcmRpBx5ZvYJR763zo2ZhzInxmviDi-2BRyWb-2BTWASc7vR8ycFWugS4-3D Build ID: 396242 Analysis Summary: New defects found: 0 Defects eliminated: 0
