[openssl-commits] [tools] master update
The branch master has been updated via eb4d1f2af762c9674d1461ddbe652f18bcd21415 (commit) from 1f45f077ae95e501865207cc9aba81a7c3791756 (commit) - Log - commit eb4d1f2af762c9674d1461ddbe652f18bcd21415 Author: Richard Levitte Date: Mon Sep 10 17:34:52 2018 +0200 release-tools: use 'make tar' instead of 'make dist' 'make dist' will pre-configure the OpenSSL source for distribution with a simple generic configuration, which is nice... as long as you're on Unix. Unfortunately, the resulting Makefile will be picked up by NMAKE (on Windows) and MMS / MMK (on VMS) and will spew out errors because those are very different environments. Therefore, it's better not to pre-configure, and just create an archive from the source proper. (note that pre-configuration would still work on the 1.0.2 series, since the Windows and VMS builds are entirely different there, but it's no big loss to force everyone to configure when using 1.0.2 as well) Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/29) --- Summary of changes: release-tools/README.md| 2 +- release-tools/mkrelease.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/release-tools/README.md b/release-tools/README.md index 5376eec..af2b78f 100644 --- a/release-tools/README.md +++ b/release-tools/README.md @@ -276,7 +276,7 @@ or if you want to use the openssl-team key: Make the release tarball. You do this with: -make dist +make tar Create .sha1, .sha256 and .asc files manually. You can use: diff --git a/release-tools/mkrelease.pl b/release-tools/mkrelease.pl index 69e337f..48f18d7 100644 --- a/release-tools/mkrelease.pl +++ b/release-tools/mkrelease.pl @@ -257,7 +257,7 @@ if ( !$no_release ) { my $gpgann = $ENV{"OPENSSL_GPG_ANNOUNCE"} // "$gpg --use-agent -sta --clearsign"; my $tarfile = "openssl-${expected_version}.tar.gz"; -system("(./config; make $TAR dist) >../$tarfile.log 2>&1"); +system("(./config; make $TAR tar) >../$tarfile.log 2>&1"); die "Error generating release!" if $?; die "Can't find tarball!!" unless -f "../$tarfile"; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1hfECf0OQMcOdd6JJm9HuS8lD032hD8CFJ-2F0gxilkgC3MJ0iLtID-2F-2B-2BrBisWv5Y55wfF-2Bl-2B5DzPpKl-2BEd-2BghTWfedAJo6CIbOirw6BpB2eabi6bWEgKJKMa0rysBTF-2Fw7IB1arB8XUaF0RlKYRtS4fJyM9DlekyGWpLZdV8dLyTUmxDc7bLX0NzMJeUzhRFYY-3D Build ID: 227211 Analysis Summary: New defects found: 0 Defects eliminated: 5 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 1fa7e2ee06f24cdc7fe04599456a07f29db69d95 (commit) from 1ed9fafccc37bcc78c12d20d586842ee7c7cd8a6 (commit) - Log - commit 1fa7e2ee06f24cdc7fe04599456a07f29db69d95 Author: Matt Caswell Date: Mon Sep 10 16:23:14 2018 +0100 Check the return value from ASN1_INTEGER_set Found by Coverity Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7169) (cherry picked from commit 512d811719fc955f574090af4c3586a9aba46fa7) --- Summary of changes: crypto/pkcs12/p12_init.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index a78e183..7b76909 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -22,7 +22,8 @@ PKCS12 *PKCS12_init(int mode) PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } -ASN1_INTEGER_set(pkcs12->version, 3); +if (!ASN1_INTEGER_set(pkcs12->version, 3)) +goto err; pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 4a98bb0068cae9fbe5c6a6e513093d41969dad58 (commit) from 6e873259029939657a297e9fe451196df4e3da48 (commit) - Log - commit 4a98bb0068cae9fbe5c6a6e513093d41969dad58 Author: Matt Caswell Date: Mon Sep 10 16:23:14 2018 +0100 Check the return value from ASN1_INTEGER_set Found by Coverity Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7169) (cherry picked from commit 512d811719fc955f574090af4c3586a9aba46fa7) --- Summary of changes: crypto/pkcs12/p12_init.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 0322df9..8275a23 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -70,7 +70,8 @@ PKCS12 *PKCS12_init(int mode) PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } -ASN1_INTEGER_set(pkcs12->version, 3); +if (!ASN1_INTEGER_set(pkcs12->version, 3)) +goto err; pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 512d811719fc955f574090af4c3586a9aba46fa7 (commit) from d689f313cc5ebe2763fb26d1e7f8cd53b7da6a4a (commit) - Log - commit 512d811719fc955f574090af4c3586a9aba46fa7 Author: Matt Caswell Date: Mon Sep 10 16:23:14 2018 +0100 Check the return value from ASN1_INTEGER_set Found by Coverity Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7169) --- Summary of changes: crypto/pkcs12/p12_init.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index a78e183..7b76909 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -22,7 +22,8 @@ PKCS12 *PKCS12_init(int mode) PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } -ASN1_INTEGER_set(pkcs12->version, 3); +if (!ASN1_INTEGER_set(pkcs12->version, 3)) +goto err; pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via d689f313cc5ebe2763fb26d1e7f8cd53b7da6a4a (commit) from 52307f94f8f3e5a1cd392f0a48802a24ccf73ba2 (commit) - Log - commit d689f313cc5ebe2763fb26d1e7f8cd53b7da6a4a Author: Matt Caswell Date: Mon Sep 10 16:53:17 2018 +0100 Validate the SM2 digest len before use Fixes a Coverity complaint. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7170) --- Summary of changes: crypto/sm2/sm2_pmeth.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index 3e42065..d187699 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -259,6 +259,7 @@ static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) SM2_PKEY_CTX *smctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; const EVP_MD *md = EVP_MD_CTX_md(mctx); +int mdlen = EVP_MD_size(md); if (!smctx->id_set) { /* @@ -270,11 +271,16 @@ static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) return 0; } +if (mdlen < 0) { +SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST); +return 0; +} + /* get hashed prefix 'z' of tbs message */ if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec)) return 0; -return EVP_DigestUpdate(mctx, z, EVP_MD_size(md)); +return EVP_DigestUpdate(mctx, z, (size_t)mdlen); } const EVP_PKEY_METHOD sm2_pkey_meth = { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 52307f94f8f3e5a1cd392f0a48802a24ccf73ba2 (commit) from 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 (commit) - Log - commit 52307f94f8f3e5a1cd392f0a48802a24ccf73ba2 Author: Matt Caswell Date: Mon Sep 10 16:03:14 2018 +0100 Don't cast an int * to a size_t * If sizeof(int) != sizeof(size_t) this may not work correctly. Fixes a Coverity issue. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7168) --- Summary of changes: apps/speed.c | 17 + 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index c859c86..a487917 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -600,6 +600,7 @@ typedef struct loopargs_st { unsigned char *buf2_malloc; unsigned char *key; unsigned int siglen; +size_t sigsize; #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; #endif @@ -1185,11 +1186,11 @@ static int EdDSA_sign_loop(void *args) unsigned char *buf = tempargs->buf; EVP_MD_CTX **edctx = tempargs->eddsa_ctx; unsigned char *eddsasig = tempargs->buf2; -unsigned int *eddsasiglen = >siglen; +size_t *eddsasigsize = >sigsize; int ret, count; for (count = 0; COND(eddsa_c[testnum][0]); count++) { -ret = EVP_DigestSign(edctx[testnum], eddsasig, (size_t *)eddsasiglen, buf, 20); +ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20); if (ret == 0) { BIO_printf(bio_err, "EdDSA sign failure\n"); ERR_print_errors(bio_err); @@ -1206,11 +1207,11 @@ static int EdDSA_verify_loop(void *args) unsigned char *buf = tempargs->buf; EVP_MD_CTX **edctx = tempargs->eddsa_ctx; unsigned char *eddsasig = tempargs->buf2; -unsigned int eddsasiglen = tempargs->siglen; +size_t eddsasigsize = tempargs->sigsize; int ret, count; for (count = 0; COND(eddsa_c[testnum][1]); count++) { -ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasiglen, buf, 20); +ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20); if (ret != 1) { BIO_printf(bio_err, "EdDSA verify failure\n"); ERR_print_errors(bio_err); @@ -1525,7 +1526,7 @@ int speed_main(int argc, char **argv) const char *name; unsigned int nid; unsigned int bits; -unsigned int siglen; +size_t sigsize; } test_ed_curves[] = { /* EdDSA */ {"Ed25519", NID_ED25519, 253, 64}, @@ -3101,9 +3102,9 @@ int speed_main(int argc, char **argv) } else { for (i = 0; i < loopargs_len; i++) { /* Perform EdDSA signature test */ -loopargs[i].siglen = test_ed_curves[testnum].siglen; +loopargs[i].sigsize = test_ed_curves[testnum].sigsize; st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], -loopargs[i].buf2, (size_t *)[i].siglen, +loopargs[i].buf2, [i].sigsize, loopargs[i].buf, 20); if (st == 0) break; @@ -3133,7 +3134,7 @@ int speed_main(int argc, char **argv) /* Perform EdDSA verification test */ for (i = 0; i < loopargs_len; i++) { st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum], - loopargs[i].buf2, loopargs[i].siglen, + loopargs[i].buf2, loopargs[i].sigsize, loopargs[i].buf, 20); if (st != 1) break; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 (commit) from 3f8b623aaa4044908900767a8991b7769b320880 (commit) - Log - commit 6ccfc8fa316f8dcfe4c943e5a43e9e3661be9cb1 Author: Matt Caswell Date: Mon Sep 10 14:44:04 2018 +0100 More updates to CHANGES and NEWS for the 1.1.1 release Reviewed-by: Ben Kaduk Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7167) --- Summary of changes: CHANGES | 8 NEWS| 18 -- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index be44954..63fe26c 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,14 @@ Changes between 1.1.0i and 1.1.1 [xx XXX ] + *) Add a new ClientHello callback. Provides a callback interface that gives + the application the ability to adjust the nascent SSL object at the + earliest stage of ClientHello processing, immediately after extensions have + been collected but before they have been processed. In particular, this + callback can adjust the supported TLS versions in response to the contents + of the ClientHello + [Benjamin Kaduk] + *) Add SM2 base algorithm support. [Jack Lloyd] diff --git a/NEWS b/NEWS index b49d51a..ae0c2d7 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,19 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] - o Support for TLSv1.3 added + o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 +for further important information). The TLSv1.3 implementation includes: + o Fully compliant implementation of RFC8446 (TLSv1.3) on by default + o Early data (0-RTT) + o Post-handshake authentication and key update + o Middlebox Compatibility Mode + o TLSv1.3 PSKs + o Support for all five RFC8446 ciphersuites + o RSA-PSS signature algorithms (backported to TLSv1.2) + o Configurable session ticket support + o Stateless server support + o Rewrite of the packet construction code for "safer" packet handling + o Rewrite of the extension handling code o Complete rewrite of the OpenSSL random number generator to introduce the following capabilities o The default RAND method now utilizes an AES-CTR DRBG according to @@ -21,7 +33,7 @@ o Support for various new cryptographic algorithms including: o SHA3 o SHA512/224 and SHA512/256 - o EdDSA (including Ed25519 and Ed448) + o EdDSA (both Ed25519 and Ed448) including X509 and TLS support o X448 (adding to the existing X25519 support in 1.1.0) o Multi-prime RSA o SM2 @@ -30,6 +42,8 @@ o SipHash o ARIA (including TLS support) o Significant Side-Channel attack security improvements + o Add a new ClientHello callback to provide the ability to adjust the SSL +object at an early stage. o Add 'Maximum Fragment Length' TLS extension negotiation and support o A new STORE module, which implements a uniform and URI based reader of stores that can contain keys, certificates, CRLs and numerous other _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 3f8b623aaa4044908900767a8991b7769b320880 (commit) from 7a8f6cad82d0b01732066bd7ef189e753c98cffe (commit) - Log - commit 3f8b623aaa4044908900767a8991b7769b320880 Author: Matt Caswell Date: Mon Sep 10 11:51:30 2018 +0100 Updates NEWS for the 1.1.1 release Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7164) --- Summary of changes: NEWS | 35 ++- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 9ac7456..b49d51a 100644 --- a/NEWS +++ b/NEWS @@ -8,19 +8,36 @@ Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [in pre-release] o Support for TLSv1.3 added + o Complete rewrite of the OpenSSL random number generator to introduce the +following capabilities + o The default RAND method now utilizes an AES-CTR DRBG according to +NIST standard SP 800-90Ar1. + o Support for multiple DRBG instances with seed chaining. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. + o Keep all global DRBG instances on the secure heap if it is enabled. + o The public and private DRBG instance are per thread for lock free +operation + o Support for various new cryptographic algorithms including: + o SHA3 + o SHA512/224 and SHA512/256 + o EdDSA (including Ed25519 and Ed448) + o X448 (adding to the existing X25519 support in 1.1.0) + o Multi-prime RSA + o SM2 + o SM3 + o SM4 + o SipHash + o ARIA (including TLS support) + o Significant Side-Channel attack security improvements + o Add 'Maximum Fragment Length' TLS extension negotiation and support + o A new STORE module, which implements a uniform and URI based reader of +stores that can contain keys, certificates, CRLs and numerous other +objects. o Move the display of configuration data to configdata.pm. o Allow GNU style "make variables" to be used with Configure. - o Add a STORE module (OSSL_STORE) o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes - o Add multi-prime RSA (RFC 8017) support - o Add SM3 implemented according to GB/T 32905-2016 - o Add SM4 implemented according to GB/T 32907-2016. - o Add 'Maximum Fragment Length' TLS extension negotiation and support - o Add ARIA support - o Add SHA3 o Rewrite of devcrypto engine - o Add support for SipHash - o Grand redesign of the OpenSSL random generator Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7a8f6cad82d0b01732066bd7ef189e753c98cffe (commit) from a9ea8d431f1a0057bcdfe8fe7297e8ce271eec8b (commit) - Log - commit 7a8f6cad82d0b01732066bd7ef189e753c98cffe Author: Matt Caswell Date: Mon Sep 10 11:33:40 2018 +0100 Update the pyca-cryptography submodule Hopefully this will resolve spurious travis failures. [extended tests] Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7163) --- Summary of changes: pyca-cryptography | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyca-cryptography b/pyca-cryptography index 58fd9c4..0940310 16 --- a/pyca-cryptography +++ b/pyca-cryptography @@ -1 +1 @@ -Subproject commit 58fd9c412ad8e91f1453f86ba1fc16479f5b11d0 +Subproject commit 09403100de2f6f1cdd0d484dcb8e620f1c335c8f _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a9ea8d431f1a0057bcdfe8fe7297e8ce271eec8b (commit) from 35db366cf453427c855bea8ca097618a8a8d7ff0 (commit) - Log - commit a9ea8d431f1a0057bcdfe8fe7297e8ce271eec8b Author: Paul Yang Date: Mon Sep 10 13:42:00 2018 +0800 Add a sentence in CHANGES to note SM2 support Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7160) --- Summary of changes: CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index e2e61bb..be44954 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,9 @@ Changes between 1.1.0i and 1.1.1 [xx XXX ] + *) Add SM2 base algorithm support. + [Jack Lloyd] + *) s390x assembly pack: add (improved) hardware-support for the following cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb, aes-cfb/cfb8, aes-ecb. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 35db366cf453427c855bea8ca097618a8a8d7ff0 (commit) from 427e91d928ce7a1c583e4bba761cb17a85ac95b4 (commit) - Log - commit 35db366cf453427c855bea8ca097618a8a8d7ff0 Author: Dr. Matthias St. Pierre Date: Mon Sep 10 00:20:12 2018 +0200 test/evp_extra_test.c: fix null pointer dereference It's actually not a real issue but caused by the absence of the default case which does not occur in reality but which makes coverity see a code path where pkey remains unassigned. Reported by Coverity Scan (CID 1423323) [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7158) --- Summary of changes: test/evp_extra_test.c | 43 --- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f0b0040..7b847ee 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -855,27 +855,32 @@ static int test_EVP_PKEY_check(int i) p = input; -if (type == 0 && -(!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, , input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))) -goto done; - +switch (type) { +case 0: +if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, , input_len)) +|| !TEST_ptr_eq(p, input + input_len) +|| !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) +goto done; +break; #ifndef OPENSSL_NO_EC -if (type == 1 && -(!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) - || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey -goto done; - -if (type == 2 && -(!TEST_ptr(eckey = d2i_ECParameters(NULL, , input_len)) - || !TEST_ptr_eq(p, input + input_len) - || !TEST_ptr(pkey = EVP_PKEY_new()) - || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey -goto done; +case 1: +if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) +|| !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) +|| !TEST_ptr(pkey = EVP_PKEY_new()) +|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) +goto done; +break; +case 2: +if (!TEST_ptr(eckey = d2i_ECParameters(NULL, , input_len)) +|| !TEST_ptr_eq(p, input + input_len) +|| !TEST_ptr(pkey = EVP_PKEY_new()) +|| !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) +goto done; +break; #endif +default: +return 0; +} if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) goto done; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 427e91d928ce7a1c583e4bba761cb17a85ac95b4 (commit) from 9ba9d81b1c1645ed56a79b841e3fb63e5cbd7617 (commit) - Log - commit 427e91d928ce7a1c583e4bba761cb17a85ac95b4 Author: Dr. Matthias St. Pierre Date: Sun Sep 9 16:33:12 2018 +0200 crypto/rsa/rsa_pss.c: silence coverity warning Reported by Coverity Scan (CID 1439138) [extended tests] Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7156) --- Summary of changes: crypto/rsa/rsa_pss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 26d5f36..f7c575d 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -244,7 +244,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, err: EVP_MD_CTX_free(ctx); -OPENSSL_clear_free(salt, sLen); +OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */ return ret; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9ba9d81b1c1645ed56a79b841e3fb63e5cbd7617 (commit) from ca89174bc92c16f0a2a7eb86359b6c6fd1dd7a4d (commit) - Log - commit 9ba9d81b1c1645ed56a79b841e3fb63e5cbd7617 Author: Dr. Matthias St. Pierre Date: Sun Sep 9 16:19:19 2018 +0200 test/dhtest.c: fix resource leak Reported by Coverity Scan (CID 1439136) [extended tests] Reviewed-by: Nicola Tuveri Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7155) --- Summary of changes: test/dhtest.c | 68 ++- 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/test/dhtest.c b/test/dhtest.c index 956d081..5b2fd67 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -26,10 +26,10 @@ static int cb(int p, int n, BN_GENCB *arg); static int dh_test(void) { -DH *dh; -BIGNUM *p, *q, *g; +DH *dh = NULL; +BIGNUM *p = NULL, *q = NULL, *g = NULL; const BIGNUM *p2, *q2, *g2; -BIGNUM *priv_key; +BIGNUM *priv_key = NULL; const BIGNUM *pub_key2, *priv_key2; BN_GENCB *_cb = NULL; DH *a = NULL; @@ -49,7 +49,7 @@ static int dh_test(void) || !TEST_ptr(q = BN_new()) || !TEST_ptr(g = BN_new()) || !TEST_ptr(priv_key = BN_new())) -goto err; +goto err1; /* * I) basic tests @@ -60,40 +60,40 @@ static int dh_test(void) || !TEST_true(BN_set_word(q, 2039L)) || !TEST_true(BN_set_word(g, 3L)) || !TEST_true(DH_set0_pqg(dh, p, q, g))) -goto err; +goto err1; /* test the combined getter for p, q, and g */ DH_get0_pqg(dh, , , ); if (!TEST_ptr_eq(p2, p) || !TEST_ptr_eq(q2, q) || !TEST_ptr_eq(g2, g)) -goto err; +goto err2; /* test the simple getters for p, q, and g */ if (!TEST_ptr_eq(DH_get0_p(dh), p2) || !TEST_ptr_eq(DH_get0_q(dh), q2) || !TEST_ptr_eq(DH_get0_g(dh), g2)) -goto err; +goto err2; /* set the private key only*/ if (!TEST_true(BN_set_word(priv_key, 1234L)) || !TEST_true(DH_set0_key(dh, NULL, priv_key))) -goto err; +goto err2; /* test the combined getter for pub_key and priv_key */ DH_get0_key(dh, _key2, _key2); if (!TEST_ptr_eq(pub_key2, NULL) || !TEST_ptr_eq(priv_key2, priv_key)) -goto err; +goto err3; /* test the simple getters for pub_key and priv_key */ if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) -goto err; +goto err3; /* now generate a key pair ... */ if (!DH_generate_key(dh)) -goto err; +goto err3; /* ... and check whether the private key was reused: */ @@ -101,14 +101,14 @@ static int dh_test(void) DH_get0_key(dh, _key2, _key2); if (!TEST_ptr(pub_key2) || !TEST_ptr_eq(priv_key2, priv_key)) -goto err; +goto err3; /* test it the simple getters for pub_key and priv_key */ if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) -goto err; +goto err3; -/* check whether the public key was calculated correclty */ +/* check whether the public key was calculated correctly */ TEST_uint_eq(BN_get_word(pub_key2), 3331L); /* @@ -117,32 +117,32 @@ static int dh_test(void) /* generate a DH group ... */ if (!TEST_ptr(_cb = BN_GENCB_new())) -goto err; +goto err3; BN_GENCB_set(_cb, , NULL); if (!TEST_ptr(a = DH_new()) || !TEST_true(DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, _cb))) -goto err; +goto err3; /* ... and check whether it is valid */ if (!DH_check(a, )) -goto err; +goto err3; if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) || !TEST_false(i & DH_UNABLE_TO_CHECK_GENERATOR) || !TEST_false(i & DH_NOT_SUITABLE_GENERATOR)) -goto err; +goto err3; DH_get0_pqg(a, , NULL, ); /* now create another copy of the DH group for the peer */ if (!TEST_ptr(b = DH_new())) -goto err; +goto err3; if (!TEST_ptr(bp = BN_dup(ap)) || !TEST_ptr(bg = BN_dup(ag)) || !TEST_true(DH_set0_pqg(b, bp, NULL, bg))) -goto err; +goto err3; bp = bg = NULL; /* @@ -150,43 +150,53 @@ static int dh_test(void) */ if (!DH_generate_key(a)) -goto err; +goto err3; DH_get0_key(a, _key, NULL); if (!DH_generate_key(b)) -goto err; +goto err3;