date:20211107

[openssl] master update

2021-11-07 Thread dev

The branch master has been updated
   via  03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168 (commit)
  from  4ce64ed79d301939c7f2844a9e5e5fdd2033605f (commit)


- Log -
commit 03ee2e5b1ecd1832d99d07fc459ecf62f5a0b168
Author: Dr. David von Oheimb 
Date:   Wed Nov 3 18:41:07 2021 +0100

APPS/cmp: make the -sans option support email addresses (type rfc822Name)

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16960)

---

Summary of changes:
 apps/cmp.c  | 3 ++-
 doc/man1/openssl-cmp.pod.in | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index b6e88e64f6..1c97075531 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -836,11 +836,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, 
const char *desc)
 continue;
 }
 
-/* try IP address first, then URI or domain name */
+/* try IP address first, then email/URI/domain name */
 (void)ERR_set_mark();
 n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0);
 if (n == NULL)
 n = a2i_GENERAL_NAME(NULL, NULL, NULL,
+ strchr(names, '@') != NULL ? GEN_EMAIL :
  strchr(names, ':') != NULL ? GEN_URI : 
GEN_DNS,
  names, 0);
 (void)ERR_pop_to_mark();
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index b4c3c82255..58e9bd7dda 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -312,7 +312,8 @@ contained the given PKCS#10 CSR, overriding any extensions 
with same OIDs.
 
 =item B<-sans> I
 
-One or more IP addresses, DNS names, or URIs separated by commas or whitespace
+One or more IP addresses, email addresses, DNS names, or URIs
+separated by commas or whitespace
 (where in the latter case the whole argument must be enclosed in "...")
 to add as Subject Alternative Name(s) (SAN) certificate request extension.
 If the special element "critical" is given the SANs are flagged as critical.

Coverity Scan: Analysis completed for openssl/openssl

2021-11-07 Thread scan-admin



Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DfwOK_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEtd7JzYvBETayiwnVQKiPdDNYKPzNcW-2BJ8kLRU6eo0kZQSkxVWbks7dlXtFp3K-2F6oV8Ws9fS9iHLHLZaLf-2FWtZ6hunBmoN3HVYcxngIY471jTsQ2QAQtuSBqAVqwv-2BBhVosyHOEXt-2BqQOS-2B2U-2BGrLcVsi1A87i9PTzP8-2FbW529af34wrkCSBMW1IMAuUDNl58-3D

Build ID: 416638

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  65d39565375bb7d0c5df733063ee09f7e8ca292b (commit)
  from  ed1a12aa5e2b5f312d0f75c90f5d91eafe0e1a89 (commit)


- Log -
commit 65d39565375bb7d0c5df733063ee09f7e8ca292b
Author: Matt Caswell 
Date:   Fri Nov 5 08:43:10 2021 +

Fix errors in EVP_PKEY_fromdata examples

The EVP_PKEY_fromdata man page has some code examples with various
errors in them. This fixes those errors.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16973)

(cherry picked from commit 4ce64ed79d301939c7f2844a9e5e5fdd2033605f)

---

Summary of changes:
 doc/man3/EVP_PKEY_fromdata.pod | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index b968150bb6..fdab94cd4f 100644
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -138,6 +138,7 @@ TODO Write a set of cookbook documents and link to them.
 
  #include 
  #include 
+ #include 
 
  /*
   * Fixed data to represent the private and public key.
@@ -160,12 +161,6 @@ TODO Write a set of cookbook documents and link to them.
  0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f,
  0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
  };
- const OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string("group", "prime256v1", 10),
- OSSL_PARAM_BN("priv", priv, sizeof(priv)),
- OSSL_PARAM_BN("pub", pub, sizeof(pub)),
- OSSL_PARAM_END
- };
 
  int main()
  {
@@ -181,15 +176,15 @@ TODO Write a set of cookbook documents and link to them.
  param_bld = OSSL_PARAM_BLD_new();
  if (priv != NULL && param_bld != NULL
  && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
-"prime256v1", 0);
- && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv);
+"prime256v1", 0)
+ && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv)
  && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub",
  pub_data, sizeof(pub_data)))
  params = OSSL_PARAM_BLD_to_param(param_bld);
 
  ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
  if (ctx == NULL
- || params != NULL
+ || params == NULL
  || EVP_PKEY_fromdata_init(ctx) <= 0
  || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
  exitcode = 1;
@@ -209,12 +204,13 @@ TODO Write a set of cookbook documents and link to them.
 =head2 Finding out params for an unknown key type
 
  #include 
+ #include 
 
  /* Program expects a key type as first argument */
  int main(int argc, char *argv[])
  {
  EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
- const *OSSL_PARAM *settable_params = NULL;
+ const OSSL_PARAM *settable_params = NULL;
 
  if (ctx == NULL)
 exit(1);
@@ -247,9 +243,9 @@ TODO Write a set of cookbook documents and link to them.
  }
  printf("%s : %s ", settable_params->key, datatype);
  if (settable_params->data_size == 0)
- printf("(unlimited size)");
+ printf("(unlimited size)\n");
  else
- printf("(maximum size %zu)", settable_params->data_size);
+ printf("(maximum size %zu)\n", settable_params->data_size);
  }
  }

[openssl] master update

2021-11-07 Thread Dr . Paul Dale

The branch master has been updated
   via  4ce64ed79d301939c7f2844a9e5e5fdd2033605f (commit)
  from  e6a10b074e90f1ce3d8e9ae0ca740a835ff29bb9 (commit)


- Log -
commit 4ce64ed79d301939c7f2844a9e5e5fdd2033605f
Author: Matt Caswell 
Date:   Fri Nov 5 08:43:10 2021 +

Fix errors in EVP_PKEY_fromdata examples

The EVP_PKEY_fromdata man page has some code examples with various
errors in them. This fixes those errors.

Reviewed-by: Tomas Mraz 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16973)

---

Summary of changes:
 doc/man3/EVP_PKEY_fromdata.pod | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/doc/man3/EVP_PKEY_fromdata.pod b/doc/man3/EVP_PKEY_fromdata.pod
index b968150bb6..fdab94cd4f 100644
--- a/doc/man3/EVP_PKEY_fromdata.pod
+++ b/doc/man3/EVP_PKEY_fromdata.pod
@@ -138,6 +138,7 @@ TODO Write a set of cookbook documents and link to them.
 
  #include 
  #include 
+ #include 
 
  /*
   * Fixed data to represent the private and public key.
@@ -160,12 +161,6 @@ TODO Write a set of cookbook documents and link to them.
  0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f,
  0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
  };
- const OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string("group", "prime256v1", 10),
- OSSL_PARAM_BN("priv", priv, sizeof(priv)),
- OSSL_PARAM_BN("pub", pub, sizeof(pub)),
- OSSL_PARAM_END
- };
 
  int main()
  {
@@ -181,15 +176,15 @@ TODO Write a set of cookbook documents and link to them.
  param_bld = OSSL_PARAM_BLD_new();
  if (priv != NULL && param_bld != NULL
  && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
-"prime256v1", 0);
- && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv);
+"prime256v1", 0)
+ && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv)
  && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub",
  pub_data, sizeof(pub_data)))
  params = OSSL_PARAM_BLD_to_param(param_bld);
 
  ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
  if (ctx == NULL
- || params != NULL
+ || params == NULL
  || EVP_PKEY_fromdata_init(ctx) <= 0
  || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
  exitcode = 1;
@@ -209,12 +204,13 @@ TODO Write a set of cookbook documents and link to them.
 =head2 Finding out params for an unknown key type
 
  #include 
+ #include 
 
  /* Program expects a key type as first argument */
  int main(int argc, char *argv[])
  {
  EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
- const *OSSL_PARAM *settable_params = NULL;
+ const OSSL_PARAM *settable_params = NULL;
 
  if (ctx == NULL)
 exit(1);
@@ -247,9 +243,9 @@ TODO Write a set of cookbook documents and link to them.
  }
  printf("%s : %s ", settable_params->key, datatype);
  if (settable_params->data_size == 0)
- printf("(unlimited size)");
+ printf("(unlimited size)\n");
  else
- printf("(maximum size %zu)", settable_params->data_size);
+ printf("(maximum size %zu)\n", settable_params->data_size);
  }
  }

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  ed1a12aa5e2b5f312d0f75c90f5d91eafe0e1a89 (commit)
  from  2d35559743d2d73a0ffa82c02bbdc3b4d3b3cbf6 (commit)


- Log -
commit ed1a12aa5e2b5f312d0f75c90f5d91eafe0e1a89
Author: Pauli 
Date:   Fri Nov 5 13:10:10 2021 +1000

Fix data race setting `default_DSO_meth`

The global variable `default_DSO_meth` was potentially set multiple times by
different threads.  It turns out that it could only be set to a single value
so the race is harmless but still better avoided.  The fix here simply 
removes
the global and accesses the value it was set to via the 
`DSO_METHOD_openssl()`
call.

Problem discovered via #16970, but this does not resolve that issue because
there are other concerns.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16972)

(cherry picked from commit e6a10b074e90f1ce3d8e9ae0ca740a835ff29bb9)

---

Summary of changes:
 crypto/dso/dso_lib.c | 22 +-
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 4850e96a4b..e093b77a27 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -10,20 +10,10 @@
 #include "dso_local.h"
 #include "internal/refcount.h"
 
-static DSO_METHOD *default_DSO_meth = NULL;
-
 static DSO *DSO_new_method(DSO_METHOD *meth)
 {
 DSO *ret;
 
-if (default_DSO_meth == NULL) {
-/*
- * We default to DSO_METH_openssl() which in turn defaults to
- * stealing the "best available" method. Will fallback to
- * DSO_METH_null() in the worst case.
- */
-default_DSO_meth = DSO_METHOD_openssl();
-}
 ret = OPENSSL_zalloc(sizeof(*ret));
 if (ret == NULL) {
 ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
@@ -36,7 +26,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
 OPENSSL_free(ret);
 return NULL;
 }
-ret->meth = default_DSO_meth;
+ret->meth = DSO_METHOD_openssl();
 ret->references = 1;
 ret->lock = CRYPTO_THREAD_lock_new();
 if (ret->lock == NULL) {
@@ -309,9 +299,8 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
 
 int DSO_pathbyaddr(void *addr, char *path, int sz)
 {
-DSO_METHOD *meth = default_DSO_meth;
-if (meth == NULL)
-meth = DSO_METHOD_openssl();
+DSO_METHOD *meth = DSO_METHOD_openssl();
+
 if (meth->pathbyaddr == NULL) {
 ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
 return -1;
@@ -339,9 +328,8 @@ DSO *DSO_dsobyaddr(void *addr, int flags)
 
 void *DSO_global_lookup(const char *name)
 {
-DSO_METHOD *meth = default_DSO_meth;
-if (meth == NULL)
-meth = DSO_METHOD_openssl();
+DSO_METHOD *meth = DSO_METHOD_openssl();
+
 if (meth->globallookup == NULL) {
 ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
 return NULL;

[openssl] master update

2021-11-07 Thread Dr . Paul Dale

The branch master has been updated
   via  e6a10b074e90f1ce3d8e9ae0ca740a835ff29bb9 (commit)
  from  1b4d9967a24154f1dc00f471eb843203ec7bb7d4 (commit)


- Log -
commit e6a10b074e90f1ce3d8e9ae0ca740a835ff29bb9
Author: Pauli 
Date:   Fri Nov 5 13:10:10 2021 +1000

Fix data race setting `default_DSO_meth`

The global variable `default_DSO_meth` was potentially set multiple times by
different threads.  It turns out that it could only be set to a single value
so the race is harmless but still better avoided.  The fix here simply 
removes
the global and accesses the value it was set to via the 
`DSO_METHOD_openssl()`
call.

Problem discovered via #16970, but this does not resolve that issue because
there are other concerns.

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16972)

---

Summary of changes:
 crypto/dso/dso_lib.c | 22 +-
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 4850e96a4b..e093b77a27 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -10,20 +10,10 @@
 #include "dso_local.h"
 #include "internal/refcount.h"
 
-static DSO_METHOD *default_DSO_meth = NULL;
-
 static DSO *DSO_new_method(DSO_METHOD *meth)
 {
 DSO *ret;
 
-if (default_DSO_meth == NULL) {
-/*
- * We default to DSO_METH_openssl() which in turn defaults to
- * stealing the "best available" method. Will fallback to
- * DSO_METH_null() in the worst case.
- */
-default_DSO_meth = DSO_METHOD_openssl();
-}
 ret = OPENSSL_zalloc(sizeof(*ret));
 if (ret == NULL) {
 ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE);
@@ -36,7 +26,7 @@ static DSO *DSO_new_method(DSO_METHOD *meth)
 OPENSSL_free(ret);
 return NULL;
 }
-ret->meth = default_DSO_meth;
+ret->meth = DSO_METHOD_openssl();
 ret->references = 1;
 ret->lock = CRYPTO_THREAD_lock_new();
 if (ret->lock == NULL) {
@@ -309,9 +299,8 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
 
 int DSO_pathbyaddr(void *addr, char *path, int sz)
 {
-DSO_METHOD *meth = default_DSO_meth;
-if (meth == NULL)
-meth = DSO_METHOD_openssl();
+DSO_METHOD *meth = DSO_METHOD_openssl();
+
 if (meth->pathbyaddr == NULL) {
 ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
 return -1;
@@ -339,9 +328,8 @@ DSO *DSO_dsobyaddr(void *addr, int flags)
 
 void *DSO_global_lookup(const char *name)
 {
-DSO_METHOD *meth = default_DSO_meth;
-if (meth == NULL)
-meth = DSO_METHOD_openssl();
+DSO_METHOD *meth = DSO_METHOD_openssl();
+
 if (meth->globallookup == NULL) {
 ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED);
 return NULL;

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  2d35559743d2d73a0ffa82c02bbdc3b4d3b3cbf6 (commit)
  from  571512aa46b73625bf4b82ae545614b9c3105708 (commit)


- Log -
commit 2d35559743d2d73a0ffa82c02bbdc3b4d3b3cbf6
Author: Pauli 
Date:   Thu Nov 4 15:05:59 2021 +1000

Address Coverity 1493362 resource leak

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

(cherry picked from commit 1b4d9967a24154f1dc00f471eb843203ec7bb7d4)

---

Summary of changes:
 providers/implementations/keymgmt/mac_legacy_kmgmt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c 
b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 63553996bd..ec34a3ee71 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -508,6 +508,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void 
*cbarg)
  * of this can be removed and we will only support the EVP_KDF APIs.
  */
 if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) {
+ossl_mac_key_free(key);
 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
 return NULL;
 }

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  571512aa46b73625bf4b82ae545614b9c3105708 (commit)
  from  0abb5703ba63bd8237d60af6d8168601dd2f (commit)


- Log -
commit 571512aa46b73625bf4b82ae545614b9c3105708
Author: Pauli 
Date:   Thu Nov 4 12:52:00 2021 +1000

Address coverity 1493382 argument cannot be negative

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

(cherry picked from commit fe4125382301201e42a3251544cda429bba0c9d7)

---

Summary of changes:
 crypto/evp/e_rc5.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index 3fb372360d..3496a70193 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -72,12 +72,13 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, 
void *ptr)
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
 {
-if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) {
+const int key_len = EVP_CIPHER_CTX_get_key_length(ctx);
+
+if (key_len > 255 || key_len < 0) {
 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH);
 return 0;
 }
-return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
-  key, data(ctx)->rounds);
+return RC5_32_set_key(&data(ctx)->ks, key_len, key, data(ctx)->rounds);
 }
 
 #endif

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  0abb5703ba63bd8237d60af6d8168601dd2f (commit)
  from  8c5016e65dc1c9369d48624823c0b2b1ff79a252 (commit)


- Log -
commit 0abb5703ba63bd8237d60af6d8168601dd2f
Author: Pauli 
Date:   Thu Nov 4 12:46:58 2021 +1000

Address Coverity 1493387 Logically dead code

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

(cherry picked from commit 182cc644b3a3690bddfecba925486fefa421d6ec)

---

Summary of changes:
 crypto/evp/m_sigver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 2972734d8d..80570973dd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -462,14 +462,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char 
*sigret,
 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
  sigret, siglen,
- (sigret == NULL) ? 0 
: *siglen);
+ (siglen == NULL) ? 0 
: *siglen);
 dctx = EVP_PKEY_CTX_dup(pctx);
 if (dctx == NULL)
 return 0;
 
 r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
   sigret, siglen,
-  (sigret == NULL) ? 0 : 
*siglen);
+  (siglen == NULL) ? 0 : 
*siglen);
 EVP_PKEY_CTX_free(dctx);
 return r;

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  8c5016e65dc1c9369d48624823c0b2b1ff79a252 (commit)
  from  d8e830954fdb19ac4cec07c7e902562e290fbe05 (commit)


- Log -
commit 8c5016e65dc1c9369d48624823c0b2b1ff79a252
Author: Pauli 
Date:   Thu Nov 4 11:59:55 2021 +1000

Fix coverity 1493364 & 1493375: unchecked return value

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

(cherry picked from commit 73a815defe428e42ccc27fdc9d5be507f980278b)

---

Summary of changes:
 crypto/comp/c_zlib.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index b36a562d88..9a7087e444 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -380,7 +380,11 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
 ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE);
 return 0;
 }
-inflateInit(zin);
+if ((ret = inflateInit(zin)) != Z_OK) {
+ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR,
+   "zlib error: %s", zError(ret));
+return 0;
+}
 zin->next_in = ctx->ibuf;
 zin->avail_in = 0;
 }
@@ -443,7 +447,11 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
 }
 ctx->optr = ctx->obuf;
 ctx->ocount = 0;
-deflateInit(zout, ctx->comp_level);
+if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) {
+ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR,
+   "zlib error: %s", zError(ret));
+return 0;
+}
 zout->next_out = ctx->obuf;
 zout->avail_out = ctx->obufsize;
 }

[openssl] master update

2021-11-07 Thread Dr . Paul Dale

The branch master has been updated
   via  1b4d9967a24154f1dc00f471eb843203ec7bb7d4 (commit)
   via  fe4125382301201e42a3251544cda429bba0c9d7 (commit)
   via  182cc644b3a3690bddfecba925486fefa421d6ec (commit)
   via  73a815defe428e42ccc27fdc9d5be507f980278b (commit)
  from  098f2627c8d283a518a6e6e60e7893664c7510e0 (commit)


- Log -
commit 1b4d9967a24154f1dc00f471eb843203ec7bb7d4
Author: Pauli 
Date:   Thu Nov 4 15:05:59 2021 +1000

Address Coverity 1493362 resource leak

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

commit fe4125382301201e42a3251544cda429bba0c9d7
Author: Pauli 
Date:   Thu Nov 4 12:52:00 2021 +1000

Address coverity 1493382 argument cannot be negative

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

commit 182cc644b3a3690bddfecba925486fefa421d6ec
Author: Pauli 
Date:   Thu Nov 4 12:46:58 2021 +1000

Address Coverity 1493387 Logically dead code

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

commit 73a815defe428e42ccc27fdc9d5be507f980278b
Author: Pauli 
Date:   Thu Nov 4 11:59:55 2021 +1000

Fix coverity 1493364 & 1493375: unchecked return value

Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/16962)

---

Summary of changes:
 crypto/comp/c_zlib.c | 12 ++--
 crypto/evp/e_rc5.c   |  7 ---
 crypto/evp/m_sigver.c|  4 ++--
 providers/implementations/keymgmt/mac_legacy_kmgmt.c |  1 +
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index b36a562d88..9a7087e444 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -380,7 +380,11 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
 ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE);
 return 0;
 }
-inflateInit(zin);
+if ((ret = inflateInit(zin)) != Z_OK) {
+ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR,
+   "zlib error: %s", zError(ret));
+return 0;
+}
 zin->next_in = ctx->ibuf;
 zin->avail_in = 0;
 }
@@ -443,7 +447,11 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
 }
 ctx->optr = ctx->obuf;
 ctx->ocount = 0;
-deflateInit(zout, ctx->comp_level);
+if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) {
+ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR,
+   "zlib error: %s", zError(ret));
+return 0;
+}
 zout->next_out = ctx->obuf;
 zout->avail_out = ctx->obufsize;
 }
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index 3fb372360d..3496a70193 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -72,12 +72,13 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, 
void *ptr)
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
 {
-if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) {
+const int key_len = EVP_CIPHER_CTX_get_key_length(ctx);
+
+if (key_len > 255 || key_len < 0) {
 ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH);
 return 0;
 }
-return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
-  key, data(ctx)->rounds);
+return RC5_32_set_key(&data(ctx)->ks, key_len, key, data(ctx)->rounds);
 }
 
 #endif
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 2972734d8d..80570973dd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -462,14 +462,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char 
*sigret,
 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
  sigret, siglen,
- (sigret == NULL) ? 0 
: *siglen);
+ (siglen == NULL) ? 0 
: *siglen);
 dctx = EVP_PKEY_CTX_dup(pctx);
 if (dctx == NULL)
 return 0;
 
 r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
   sigret, siglen,
-  (sigret == NULL) ? 0 : 
*siglen);
+  (siglen == NULL) ? 0 : 
*siglen);
 EVP_PKEY_CTX_free(dctx);
 return r;
 
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c 
b/providers/implementations/keymgmt/m

[openssl] openssl-3.0 update

2021-11-07 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  d8e830954fdb19ac4cec07c7e902562e290fbe05 (commit)
  from  0cb66d6bfeb7685f5776e1a93d716024fe678018 (commit)


- Log -
commit d8e830954fdb19ac4cec07c7e902562e290fbe05
Author: PW Hu 
Date:   Mon Nov 1 15:00:54 2021 +0800

Fix incorrect return check of BN_bn2binpad

Reviewed-by: Kurt Roeckx 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16942)

(cherry picked from commit 098f2627c8d283a518a6e6e60e7893664c7510e0)

---

Summary of changes:
 crypto/ec/ec_deprecated.c | 2 +-
 test/acvp_test.c  | 2 +-
 test/ecdsatest.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/ec/ec_deprecated.c b/crypto/ec/ec_deprecated.c
index cd2eec80b7..22ddb3660c 100644
--- a/crypto/ec/ec_deprecated.c
+++ b/crypto/ec/ec_deprecated.c
@@ -52,7 +52,7 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
 return NULL;
 }
 
-if (!BN_bn2binpad(bn, buf, buf_len)) {
+if (BN_bn2binpad(bn, buf, buf_len) < 0) {
 OPENSSL_free(buf);
 return NULL;
 }
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 6512a6ec35..4b6632e689 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -71,7 +71,7 @@ static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
 buf = OPENSSL_zalloc(sz);
 if (buf == NULL)
 goto err;
-if (!BN_bn2binpad(bn, buf, sz))
+if (BN_bn2binpad(bn, buf, sz) <= 0)
 goto err;
 
 *out_len = sz;
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index c94d7d8dab..282b9660d3 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -46,7 +46,7 @@ static int fbytes(unsigned char *buf, size_t num, ossl_unused 
const char *name,
 || !TEST_true(BN_hex2bn(&tmp, numbers[fbytes_counter]))
 /* tmp might need leading zeros so pad it out */
 || !TEST_int_le(BN_num_bytes(tmp), num)
-|| !TEST_true(BN_bn2binpad(tmp, buf, num)))
+|| !TEST_int_gt(BN_bn2binpad(tmp, buf, num), 0))
 goto err;
 
 fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers);

[openssl] master update

2021-11-07 Thread Dr . Paul Dale

The branch master has been updated
   via  098f2627c8d283a518a6e6e60e7893664c7510e0 (commit)
  from  ab547fc005307ecf48451638e947cdabca147159 (commit)


- Log -
commit 098f2627c8d283a518a6e6e60e7893664c7510e0
Author: PW Hu 
Date:   Mon Nov 1 15:00:54 2021 +0800

Fix incorrect return check of BN_bn2binpad

Reviewed-by: Kurt Roeckx 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/16942)

---

Summary of changes:
 crypto/ec/ec_deprecated.c | 2 +-
 test/acvp_test.c  | 2 +-
 test/ecdsatest.c  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/ec/ec_deprecated.c b/crypto/ec/ec_deprecated.c
index cd2eec80b7..22ddb3660c 100644
--- a/crypto/ec/ec_deprecated.c
+++ b/crypto/ec/ec_deprecated.c
@@ -52,7 +52,7 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
 return NULL;
 }
 
-if (!BN_bn2binpad(bn, buf, buf_len)) {
+if (BN_bn2binpad(bn, buf, buf_len) < 0) {
 OPENSSL_free(buf);
 return NULL;
 }
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 6512a6ec35..4b6632e689 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -71,7 +71,7 @@ static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
 buf = OPENSSL_zalloc(sz);
 if (buf == NULL)
 goto err;
-if (!BN_bn2binpad(bn, buf, sz))
+if (BN_bn2binpad(bn, buf, sz) <= 0)
 goto err;
 
 *out_len = sz;
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index c94d7d8dab..282b9660d3 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -46,7 +46,7 @@ static int fbytes(unsigned char *buf, size_t num, ossl_unused 
const char *name,
 || !TEST_true(BN_hex2bn(&tmp, numbers[fbytes_counter]))
 /* tmp might need leading zeros so pad it out */
 || !TEST_int_le(BN_num_bytes(tmp), num)
-|| !TEST_true(BN_bn2binpad(tmp, buf, num)))
+|| !TEST_int_gt(BN_bn2binpad(tmp, buf, num), 0))
 goto err;
 
 fbytes_counter = (fbytes_counter + 1) % OSSL_NELEM(numbers);

[openssl] master update

2021-11-07 Thread matthias . st . pierre

The branch master has been updated
   via  ab547fc005307ecf48451638e947cdabca147159 (commit)
  from  884400d78992d1da1573a3677876b06421b797eb (commit)


- Log -
commit ab547fc005307ecf48451638e947cdabca147159
Author: Pauli 
Date:   Thu Nov 4 08:23:32 2021 +1000

avoid a NULL dereference when getting digest

Fixes #16961

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/16969)

---

Summary of changes:
 crypto/evp/evp_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 64d7fb046d..24092cfd5b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -999,7 +999,7 @@ EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
 if (ctx == NULL)
 return NULL;
 md = (EVP_MD *)ctx->reqdigest;
-if (!EVP_MD_up_ref(md))
+if (md == NULL || !EVP_MD_up_ref(md))
 return NULL;
 return md;
 }

[openssl] openssl-3.0 update

2021-11-07 Thread matthias . st . pierre

The branch openssl-3.0 has been updated
   via  0cb66d6bfeb7685f5776e1a93d716024fe678018 (commit)
  from  51f416d7c90e0eb04f9b0c5be189426e27f5779e (commit)


- Log -
commit 0cb66d6bfeb7685f5776e1a93d716024fe678018
Author: Pauli 
Date:   Thu Nov 4 08:23:32 2021 +1000

avoid a NULL dereference when getting digest

Fixes #16961

Reviewed-by: Matthias St. Pierre 
(Merged from https://github.com/openssl/openssl/pull/16969)

(cherry picked from commit ab547fc005307ecf48451638e947cdabca147159)

---

Summary of changes:
 crypto/evp/evp_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 64d7fb046d..24092cfd5b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -999,7 +999,7 @@ EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx)
 if (ctx == NULL)
 return NULL;
 md = (EVP_MD *)ctx->reqdigest;
-if (!EVP_MD_up_ref(md))
+if (md == NULL || !EVP_MD_up_ref(md))
 return NULL;
 return md;
 }

[openssl] master update

Coverity Scan: Analysis completed for openssl/openssl

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] openssl-3.0 update

[openssl] openssl-3.0 update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] master update

[openssl] openssl-3.0 update

15 matches

Site Navigation

Mail list logo

Footer information