[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 2ee3e38f8f456db4b5afb023ae0472ff79204369 (commit) from 941c877bdb71038f6beeaf416d9b7b7951ff1f19 (commit) - Log - commit 2ee3e38f8f456db4b5afb023ae0472ff79204369 Author: Pauli Date: Thu Jan 13 12:30:59 2022 +1100 coverity 1497107: dereference after null check Add null checks to avoid dereferencing a pointer that could be null. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/17488) --- Summary of changes: apps/lib/apps.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 25a6b6bcc3..07dd4550f2 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -696,10 +696,13 @@ int load_cert_certs(const char *uri, if (ret) { if (pcert != NULL) warn_cert(uri, *pcert, 0, vpm); -warn_certs(uri, *pcerts, 1, vpm); +if (pcerts != NULL) +warn_certs(uri, *pcerts, 1, vpm); } else { -sk_X509_pop_free(*pcerts, X509_free); -*pcerts = NULL; +if (pcerts != NULL) { +sk_X509_pop_free(*pcerts, X509_free); +*pcerts = NULL; +} } return ret; }
[openssl] master update
The branch master has been updated via 8c870f6bed241ec80c67453e60592461f0d8f2b8 (commit) from 79c7acc59bb98c2b8451b048ed1dd8cc517df76e (commit) - Log - commit 8c870f6bed241ec80c67453e60592461f0d8f2b8 Author: Pauli Date: Thu Jan 13 12:30:59 2022 +1100 coverity 1497107: dereference after null check Add null checks to avoid dereferencing a pointer that could be null. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/17488) --- Summary of changes: apps/lib/apps.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 7ca30ef590..77edc1d936 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -691,10 +691,13 @@ int load_cert_certs(const char *uri, if (ret) { if (pcert != NULL) warn_cert(uri, *pcert, 0, vpm); -warn_certs(uri, *pcerts, 1, vpm); +if (pcerts != NULL) +warn_certs(uri, *pcerts, 1, vpm); } else { -OSSL_STACK_OF_X509_free(*pcerts); -*pcerts = NULL; +if (pcerts != NULL) { +OSSL_STACK_OF_X509_free(*pcerts); +*pcerts = NULL; +} } return ret; }
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D9Wcg_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGhUU471-2FcoF0zb9rVvP4EV3D-2FZsjhfqZoCuDm7i-2BLludtEoe31q5BdHpK5ksLo6z4f6mIPeUcbPSTSnUf9xacuyTBcE-2FIcNgs4zYOxuzOI9mRZQ-2FFDebLPeOwQeHprUAcTEAF3S18oy-2FxMXJegu-2BYI4VRbneErCJqr7-2FvWPV-2F4p0t1ghY1X3QnHoIbgt4bpqk-3D Build ID: 430269 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 941c877bdb71038f6beeaf416d9b7b7951ff1f19 (commit) from 21467ec273818e70a05ddece1019a13796c0fd26 (commit) - Log - commit 941c877bdb71038f6beeaf416d9b7b7951ff1f19 Author: Dmitry Belyavskiy Date: Wed Jan 12 16:54:45 2022 +0100 Cleansing all the temporary data for s390x Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17486) (cherry picked from commit 79c7acc59bb98c2b8451b048ed1dd8cc517df76e) --- Summary of changes: crypto/ec/ecp_s390x_nistp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index 5c70b2d678..c5726c638b 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -116,7 +116,7 @@ ret: /* Otherwise use default. */ if (rc == -1) rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); +OPENSSL_cleanse(param, sizeof(param)); BN_CTX_end(ctx); BN_CTX_free(new_ctx); return rc; @@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, ok = 1; ret: -OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); +OPENSSL_cleanse(param, sizeof(param)); if (ok != 1) { ECDSA_SIG_free(sig); sig = NULL;
[openssl] master update
The branch master has been updated via 79c7acc59bb98c2b8451b048ed1dd8cc517df76e (commit) from 3bfb7239daf3d6a89476e163dc925c641d356729 (commit) - Log - commit 79c7acc59bb98c2b8451b048ed1dd8cc517df76e Author: Dmitry Belyavskiy Date: Wed Jan 12 16:54:45 2022 +0100 Cleansing all the temporary data for s390x Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17486) --- Summary of changes: crypto/ec/ecp_s390x_nistp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index 5c70b2d678..c5726c638b 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -116,7 +116,7 @@ ret: /* Otherwise use default. */ if (rc == -1) rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); +OPENSSL_cleanse(param, sizeof(param)); BN_CTX_end(ctx); BN_CTX_free(new_ctx); return rc; @@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, ok = 1; ret: -OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); +OPENSSL_cleanse(param, sizeof(param)); if (ok != 1) { ECDSA_SIG_free(sig); sig = NULL;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 21467ec273818e70a05ddece1019a13796c0fd26 (commit) from 16535ba9b86dcb99558201e66613f018fb1d3f65 (commit) - Log - commit 21467ec273818e70a05ddece1019a13796c0fd26 Author: Tomas Mraz Date: Wed Jan 12 09:55:43 2022 +0100 test_gendhparam: Drop expected error output Otherwise it sometimes confuses the TAP parser. Fixes #17480 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17481) (cherry picked from commit 3bfb7239daf3d6a89476e163dc925c641d356729) --- Summary of changes: test/recipes/15-test_gendhparam.t | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/recipes/15-test_gendhparam.t b/test/recipes/15-test_gendhparam.t index b5fe644889..b95695b4dc 100644 --- a/test/recipes/15-test_gendhparam.t +++ b/test/recipes/15-test_gendhparam.t @@ -140,9 +140,17 @@ foreach my $test (@testdata) { push(@pkeyopts, '-pkeyopt'); push(@pkeyopts, $_); } -my @lines = run(app(['openssl', 'genpkey', '-genparam', +my @lines; +if ($expected[0] eq 'ERROR') { +@lines = run(app(['openssl', 'genpkey', '-genparam', + '-algorithm', $alg, '-text', @pkeyopts], + stderr => undef), + capture => 1); +} else { +@lines = run(app(['openssl', 'genpkey', '-genparam', '-algorithm', $alg, '-text', @pkeyopts]), -capture => 1); + capture => 1); +} ok(compareline(\@lines, \@expected), $msg); }
[openssl] master update
The branch master has been updated via 3bfb7239daf3d6a89476e163dc925c641d356729 (commit) from 8086b267fb3395c53cd5fc29eea68ba4826b333d (commit) - Log - commit 3bfb7239daf3d6a89476e163dc925c641d356729 Author: Tomas Mraz Date: Wed Jan 12 09:55:43 2022 +0100 test_gendhparam: Drop expected error output Otherwise it sometimes confuses the TAP parser. Fixes #17480 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17481) --- Summary of changes: test/recipes/15-test_gendhparam.t | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/recipes/15-test_gendhparam.t b/test/recipes/15-test_gendhparam.t index b5fe644889..b95695b4dc 100644 --- a/test/recipes/15-test_gendhparam.t +++ b/test/recipes/15-test_gendhparam.t @@ -140,9 +140,17 @@ foreach my $test (@testdata) { push(@pkeyopts, '-pkeyopt'); push(@pkeyopts, $_); } -my @lines = run(app(['openssl', 'genpkey', '-genparam', +my @lines; +if ($expected[0] eq 'ERROR') { +@lines = run(app(['openssl', 'genpkey', '-genparam', + '-algorithm', $alg, '-text', @pkeyopts], + stderr => undef), + capture => 1); +} else { +@lines = run(app(['openssl', 'genpkey', '-genparam', '-algorithm', $alg, '-text', @pkeyopts]), -capture => 1); + capture => 1); +} ok(compareline(\@lines, \@expected), $msg); }
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 16535ba9b86dcb99558201e66613f018fb1d3f65 (commit) from 589e0ab4ebf35e1e73d826ad08160b9e6060e616 (commit) - Log - commit 16535ba9b86dcb99558201e66613f018fb1d3f65 Author: Matt Caswell Date: Tue Jan 11 17:13:39 2022 + Clear md_data only when necessary PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes it. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17473) (cherry picked from commit 8086b267fb3395c53cd5fc29eea68ba4826b333d) --- Summary of changes: crypto/evp/digest.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index eb6ccfaca2..066f2a4af9 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -33,9 +33,10 @@ static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) ctx->digest->cleanup(ctx); if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) -|| force)) +|| force)) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -ctx->md_data = NULL; +ctx->md_data = NULL; +} } }
[openssl] master update
The branch master has been updated via 8086b267fb3395c53cd5fc29eea68ba4826b333d (commit) from 3d4d5305c292f5db62b4abf732f6682b2ada6f44 (commit) - Log - commit 8086b267fb3395c53cd5fc29eea68ba4826b333d Author: Matt Caswell Date: Tue Jan 11 17:13:39 2022 + Clear md_data only when necessary PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes it. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17473) --- Summary of changes: crypto/evp/digest.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index cdcb60092e..d4685e6489 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -33,9 +33,10 @@ static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) ctx->digest->cleanup(ctx); if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) -|| force)) +|| force)) { OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -ctx->md_data = NULL; +ctx->md_data = NULL; +} } }
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 4c5c2a5efbc315d7926cafbd5a19044ee3e087fa (commit) via 93dd7ab35f6ccfb8bde7a7a6e38ea5817c5b54e2 (commit) from 5e7098e11581b6b3a4083a1c17889ed817e8ac22 (commit) - Log - commit 4c5c2a5efbc315d7926cafbd5a19044ee3e087fa Author: Matt Caswell Date: Wed Dec 29 16:39:11 2021 + Add a test for a custom digest created via EVP_MD_meth_new() We check that the init and cleanup functions for the custom method are called as expected. Based on an original reproducer by Dmitry Belyavsky from issue #17149. Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17472) commit 93dd7ab35f6ccfb8bde7a7a6e38ea5817c5b54e2 Author: Matt Caswell Date: Fri Dec 10 17:17:27 2021 + Fix a leak in EVP_DigestInit_ex() If an EVP_MD_CTX is reused then memory allocated and stored in md_data can be leaked unless the EVP_MD's cleanup function is called. Fixes #17149 Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17472) --- Summary of changes: crypto/evp/digest.c | 32 + test/evp_extra_test.c | 78 +++ 2 files changed, 99 insertions(+), 11 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index d1bfa274ca..41ecdd8e5a 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -15,6 +15,22 @@ #include "crypto/evp.h" #include "evp_local.h" + +static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) +{ +if (ctx->digest != NULL) { +if (ctx->digest->cleanup != NULL +&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) +ctx->digest->cleanup(ctx); +if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 +&& (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) +|| force)) { +OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); +ctx->md_data = NULL; +} +} +} + /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) { @@ -25,13 +41,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. */ -if (ctx->digest && ctx->digest->cleanup -&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -ctx->digest->cleanup(ctx); -if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -&& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -} +cleanup_old_md_data(ctx, 0); + /* * pctx should be freed by the user of EVP_MD_CTX * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set @@ -76,6 +87,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; + if (type) { /* * Ensure an ENGINE left lying around from last time is cleared (the @@ -119,10 +131,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { -if (ctx->digest && ctx->digest->ctx_size) { -OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -ctx->md_data = NULL; -} +cleanup_old_md_data(ctx, 1); + ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index e4a0b180d7..538bff4659 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1762,6 +1762,83 @@ static int test_EVP_PKEY_set1_DH(void) } #endif /* OPENSSL_NO_DH */ +typedef struct { +int data; +} custom_dgst_ctx; + +static int custom_md_init_called = 0; +static int custom_md_cleanup_called = 0; + +static int custom_md_init(EVP_MD_CTX *ctx) +{ +custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + +if (p == NULL) +return 0; + +custom_md_init_called++; +return 1; +} + +static int custom_md_cleanup(EVP_MD_CTX *ctx) +{ +custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + +if (p == NULL) +/* Nothing to do */ +return 1; + +custom_md_cleanup_called++; +return 1; +} + +static int test_custom_md_meth(void) +{ +EVP_MD_CTX *mdctx = NULL; +EVP_MD *tmp = NULL; +char mess[] = "Test Message\n"; +unsigned char md_value[EVP_MAX_MD_SIZE]; +unsigned int md_len; +int testresult = 0; +int nid; + +custom_md_init_called =
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 589e0ab4ebf35e1e73d826ad08160b9e6060e616 (commit) via d1a488e944275a1b5db50ce02c1593aedb37c1f9 (commit) via a69b93afd26d8da664e19847432cebe3c7d3fbb3 (commit) via cc05c3ea8c585eb58a46602f94c59e3c17f4383d (commit) via d1ec05915686019eec8fa8de9890292980fc5d6e (commit) via 3517a3e055d3ed27b70441e2ee087fbb709b58da (commit) from cca25d5eb83b56ae27d81bd72bebf69c2f393e43 (commit) - Log - commit 589e0ab4ebf35e1e73d826ad08160b9e6060e616 Author: Pauli Date: Wed Jan 12 15:01:17 2022 +1100 drbg: add handling for cases where TSAN isn't available Most of the DRGB code is run under lock from the EVP layer. This is relied on to make the majority of TSAN operations safe. However, it is still necessary to enable locking for all DRBGs created. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit d1a488e944275a1b5db50ce02c1593aedb37c1f9 Author: Pauli Date: Wed Jan 12 14:45:07 2022 +1100 lhash: use lock when TSAN not available for statistics gathering Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit a69b93afd26d8da664e19847432cebe3c7d3fbb3 Author: Pauli Date: Wed Jan 12 14:25:46 2022 +1100 mem: do not produce usage counts when tsan is unavailable. Doing the tsan operations under lock would be difficult to arrange here (locks require memory allocation). Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit cc05c3ea8c585eb58a46602f94c59e3c17f4383d Author: Pauli Date: Wed Jan 12 14:22:23 2022 +1100 core namemap: use updated tsan lock detection capabilities Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit d1ec05915686019eec8fa8de9890292980fc5d6e Author: Pauli Date: Wed Jan 12 13:26:38 2022 +1100 tsan: make detecting the need for locking when using tsan easier Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit 3517a3e055d3ed27b70441e2ee087fbb709b58da Author: Pauli Date: Wed Jan 12 14:24:49 2022 +1100 threadstest: add write check to lock checking Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) --- Summary of changes: crypto/core_namemap.c | 15 -- crypto/lhash/lh_stats.c| 25 crypto/lhash/lhash.c | 55 ++ crypto/lhash/lhash_local.h | 3 ++ crypto/mem.c | 14 ++--- include/internal/tsan_assist.h | 8 - providers/implementations/rands/drbg.c | 4 +++ test/threadstest.c | 2 ++ 8 files changed, 95 insertions(+), 31 deletions(-) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 2bee5ef194..6cb0ec5a06 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -37,11 +37,7 @@ struct ossl_namemap_st { CRYPTO_RWLOCK *lock; LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ -#ifdef tsan_ld_acq -TSAN_QUALIFIER int max_number; /* Current max number TSAN version */ -#else -int max_number;/* Current max number plain version */ -#endif +TSAN_QUALIFIER int max_number; /* Current max number */ }; /* LHASH callbacks */ @@ -99,10 +95,7 @@ static const OSSL_LIB_CTX_METHOD stored_namemap_method = { int ossl_namemap_empty(OSSL_NAMEMAP *namemap) { -#ifdef tsan_ld_acq -/* Have TSAN support */ -return namemap == NULL || tsan_load(>max_number) == 0; -#else +#ifdef TSAN_REQUIRES_LOCKING /* No TSAN support */ int rv; @@ -114,6 +107,9 @@ int ossl_namemap_empty(OSSL_NAMEMAP *namemap) rv = namemap->max_number == 0; CRYPTO_THREAD_unlock(namemap->lock); return rv; +#else +/* Have TSAN support */ +return namemap == NULL || tsan_load(>max_number) == 0; #endif } @@ -260,6 +256,7 @@ static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) goto err; +/* The tsan_counter use here is safe since we're under lock */ namenum->number = number != 0 ? number : 1 + tsan_counter(>max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 5e38c42580..0d4bc72608 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -61,6 +61,14 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) { +int omit_tsan = 0; + +#ifdef
[openssl] master update
The branch master has been updated via 3d4d5305c292f5db62b4abf732f6682b2ada6f44 (commit) via 8ff861dcee38a41ce93374753e8c462e4b9012e2 (commit) via 43f132778b138870120d965f2fb61aa7411b78b2 (commit) via 5c41cee225094e6298799b709278b0431643fb1f (commit) via e6b8f359e79cdbe09033d02eaad7ecb4e24adb73 (commit) via d8ed9e4a9079b55a84bdbbc3172d36aa3be8bed7 (commit) via e22cbe5e67461470590e6fb8858c95285fcdea0e (commit) via 1fc97807d3a3b5e3065a7df80d1ad3601ccc5e2f (commit) from 9c5d1451292566e546d5dd01c7f19950fa34391d (commit) - Log - commit 3d4d5305c292f5db62b4abf732f6682b2ada6f44 Author: Pauli Date: Wed Jan 12 14:22:29 2022 +1100 threadstest: use locking for tsan operations if required Not all platforms support tsan operations, those that don't need to have an alternative locking path. Fixes #17447 Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit 8ff861dcee38a41ce93374753e8c462e4b9012e2 Author: Pauli Date: Wed Jan 12 15:01:17 2022 +1100 drbg: add handling for cases where TSAN isn't available Most of the DRGB code is run under lock from the EVP layer. This is relied on to make the majority of TSAN operations safe. However, it is still necessary to enable locking for all DRBGs created. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit 43f132778b138870120d965f2fb61aa7411b78b2 Author: Pauli Date: Wed Jan 12 14:45:07 2022 +1100 lhash: use lock when TSAN not available for statistics gathering Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit 5c41cee225094e6298799b709278b0431643fb1f Author: Pauli Date: Wed Jan 12 14:25:46 2022 +1100 mem: do not produce usage counts when tsan is unavailable. Doing the tsan operations under lock would be difficult to arrange here (locks require memory allocation). Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit e6b8f359e79cdbe09033d02eaad7ecb4e24adb73 Author: Pauli Date: Wed Jan 12 14:25:35 2022 +1100 object: use updated tsan lock detection capabilities Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit d8ed9e4a9079b55a84bdbbc3172d36aa3be8bed7 Author: Pauli Date: Wed Jan 12 14:22:23 2022 +1100 core namemap: use updated tsan lock detection capabilities Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit e22cbe5e67461470590e6fb8858c95285fcdea0e Author: Pauli Date: Wed Jan 12 13:26:38 2022 +1100 tsan: make detecting the need for locking when using tsan easier Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) commit 1fc97807d3a3b5e3065a7df80d1ad3601ccc5e2f Author: Pauli Date: Wed Jan 12 14:24:49 2022 +1100 threadstest: add write check to lock checking Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/17479) --- Summary of changes: crypto/core_namemap.c | 15 -- crypto/lhash/lh_stats.c| 25 crypto/lhash/lhash.c | 55 ++ crypto/lhash/lhash_local.h | 3 ++ crypto/mem.c | 14 ++--- crypto/objects/obj_dat.c | 20 - include/internal/tsan_assist.h | 8 - providers/implementations/rands/drbg.c | 4 +++ test/threadstest.c | 30 +-- 9 files changed, 126 insertions(+), 48 deletions(-) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 2bee5ef194..6cb0ec5a06 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -37,11 +37,7 @@ struct ossl_namemap_st { CRYPTO_RWLOCK *lock; LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ -#ifdef tsan_ld_acq -TSAN_QUALIFIER int max_number; /* Current max number TSAN version */ -#else -int max_number;/* Current max number plain version */ -#endif +TSAN_QUALIFIER int max_number; /* Current max number */ }; /* LHASH callbacks */ @@ -99,10 +95,7 @@ static const OSSL_LIB_CTX_METHOD stored_namemap_method = { int ossl_namemap_empty(OSSL_NAMEMAP *namemap) { -#ifdef tsan_ld_acq -/* Have TSAN support */ -return namemap == NULL || tsan_load(>max_number) == 0; -#else +#ifdef TSAN_REQUIRES_LOCKING /* No TSAN support */ int rv; @@ -114,6 +107,9 @@ int ossl_namemap_empty(OSSL_NAMEMAP *namemap) rv = namemap->max_number == 0; CRYPTO_THREAD_unlock(namemap->lock);
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via cca25d5eb83b56ae27d81bd72bebf69c2f393e43 (commit) from f7e71772becc0dba8a0cae9766b78ea42819b849 (commit) - Log - commit cca25d5eb83b56ae27d81bd72bebf69c2f393e43 Author: Pauli Date: Wed Jan 12 12:28:29 2022 +1100 Avoid using a macro expansion in a macro when statically initialising Circumvents a problem with ancient PA-RISC compilers on HP/UX. Fixes #17477 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17478) (cherry picked from commit 9c5d1451292566e546d5dd01c7f19950fa34391d) --- Summary of changes: providers/fips/self_test_data.inc | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index dd39ab5252..f2c1af04b6 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -18,7 +18,7 @@ { name, OSSL_PARAM_OCTET_STRING, ITM(data) } #define ST_KAT_PARAM_UTF8STRING(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } -#define ST_KAT_PARAM_UTF8CHAR(name, data)\ +#define ST_KAT_PARAM_UTF8CHAR(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM(data) } #define ST_KAT_PARAM_INT(name, i) \ { name, OSSL_PARAM_INTEGER, ITM(i) } @@ -1291,9 +1291,15 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ST_KAT_PARAM_END() }; +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; + static const ST_KAT_PARAM rsa_enc_params[] = { -ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, -OSSL_PKEY_RSA_PAD_MODE_NONE), +ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), ST_KAT_PARAM_END() };
[openssl] master update
The branch master has been updated via 9c5d1451292566e546d5dd01c7f19950fa34391d (commit) from 64a644530e023d3064db9027b0977d33b1d2ad9a (commit) - Log - commit 9c5d1451292566e546d5dd01c7f19950fa34391d Author: Pauli Date: Wed Jan 12 12:28:29 2022 +1100 Avoid using a macro expansion in a macro when statically initialising Circumvents a problem with ancient PA-RISC compilers on HP/UX. Fixes #17477 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17478) --- Summary of changes: providers/fips/self_test_data.inc | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index dd39ab5252..f2c1af04b6 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -18,7 +18,7 @@ { name, OSSL_PARAM_OCTET_STRING, ITM(data) } #define ST_KAT_PARAM_UTF8STRING(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } -#define ST_KAT_PARAM_UTF8CHAR(name, data)\ +#define ST_KAT_PARAM_UTF8CHAR(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM(data) } #define ST_KAT_PARAM_INT(name, i) \ { name, OSSL_PARAM_INTEGER, ITM(i) } @@ -1291,9 +1291,15 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ST_KAT_PARAM_END() }; +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; + static const ST_KAT_PARAM rsa_enc_params[] = { -ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, -OSSL_PKEY_RSA_PAD_MODE_NONE), +ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), ST_KAT_PARAM_END() };
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via f7e71772becc0dba8a0cae9766b78ea42819b849 (commit) from 3dcec2fb274235e938ce04f43e3e2f6d5743ae52 (commit) - Log - commit f7e71772becc0dba8a0cae9766b78ea42819b849 Author: Gerd Hoffmann Date: Tue Jan 11 08:51:31 2022 +0100 drop unused callback variable Signed-off-by: Gerd Hoffmann Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17471) (cherry picked from commit 64a644530e023d3064db9027b0977d33b1d2ad9a) --- Summary of changes: crypto/evp/pmeth_gn.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index f9d001fdd0..e6bb48501f 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -128,7 +128,6 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg) int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret = 0; -OSSL_CALLBACK cb; EVP_PKEY *allocated_pkey = NULL; /* Legacy compatible keygen callback info, only used with provider impls */ int gentmp[2];
[openssl] master update
The branch master has been updated via 64a644530e023d3064db9027b0977d33b1d2ad9a (commit) from a4e01187d3648d9ce99507097400902cf21f9b55 (commit) - Log - commit 64a644530e023d3064db9027b0977d33b1d2ad9a Author: Gerd Hoffmann Date: Tue Jan 11 08:51:31 2022 +0100 drop unused callback variable Signed-off-by: Gerd Hoffmann Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17471) --- Summary of changes: crypto/evp/pmeth_gn.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index f9d001fdd0..e6bb48501f 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -128,7 +128,6 @@ static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg) int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret = 0; -OSSL_CALLBACK cb; EVP_PKEY *allocated_pkey = NULL; /* Legacy compatible keygen callback info, only used with provider impls */ int gentmp[2];