[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 (commit) from b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit) - Log - commit fc27d9f3af95aa33e5028c6cef8d56d1c7f17436 Author: Pauli Date: Wed Feb 9 11:17:57 2022 +1100 Change condition to avoid spurious compiler complaints. X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are equivalent in this situation but gcc-12 has conniptions about a subsequent possible NULL dereference (which isn't possible). Fixes #17665 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17668) (cherry picked from commit b84c6e86dd8ca88444207080808d1d598856041f) --- Summary of changes: crypto/x509/x509_trust.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c index ff578aee73..0888e16c15 100644 --- a/crypto/x509/x509_trust.c +++ b/crypto/x509/x509_trust.c @@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), /* Get existing entry if any */ idx = X509_TRUST_get_by_id(id); /* Need a new entry */ -if (idx == -1) { +if (idx < 0) { if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return 0;
[openssl] master update
The branch master has been updated via b84c6e86dd8ca88444207080808d1d598856041f (commit) from 378c50f63dceb3a85bb4937a3499283b10d295b6 (commit) - Log - commit b84c6e86dd8ca88444207080808d1d598856041f Author: Pauli Date: Wed Feb 9 11:17:57 2022 +1100 Change condition to avoid spurious compiler complaints. X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are equivalent in this situation but gcc-12 has conniptions about a subsequent possible NULL dereference (which isn't possible). Fixes #17665 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17668) --- Summary of changes: crypto/x509/x509_trust.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c index e71db0c9a1..bf674737f8 100644 --- a/crypto/x509/x509_trust.c +++ b/crypto/x509/x509_trust.c @@ -134,7 +134,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), /* Get existing entry if any */ idx = X509_TRUST_get_by_id(id); /* Need a new entry */ -if (idx == -1) { +if (idx < 0) { if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return 0;
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via b32b2167155cafc4ac133f49d9cd04a249e443c8 (commit) from 09ade84a4a9e082c785cb51a9db2e85a45097cbd (commit) - Log - commit b32b2167155cafc4ac133f49d9cd04a249e443c8 Author: Kevin K Biju Date: Sat Feb 5 18:09:45 2022 +0530 Added checking for buflen overflow due to MAX_MISALIGNMENT. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17646) (cherry picked from commit 4b3777c9ad4a2058a9b87afb26289039ebf4a6c1) --- Summary of changes: apps/speed.c | 8 ++-- doc/man1/openssl-speed.pod.in | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 9be01bb4b2..b730a5c2b5 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -452,7 +452,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = { static double sm2_results[SM2_NUM][2];/* 2 ops: sign then verify */ #endif /* OPENSSL_NO_SM2 */ -#define COND(unused_cond) (run && count < 0x7fff) +#define COND(unused_cond) (run && count < INT_MAX) #define COUNT(d) (count) typedef struct loopargs_st { @@ -1775,6 +1775,10 @@ int speed_main(int argc, char **argv) buflen = lengths[size_num - 1]; if (buflen < 36)/* size of random vector in RSA benchmark */ buflen = 36; +if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { +BIO_printf(bio_err, "Error: buffer size too large\n"); +goto end; +} buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); @@ -3618,7 +3622,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); -for (count = 0; run && count < 0x7fff; count++) { +for (count = 0; run && count < INT_MAX; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in index bfe992797a..29181ea970 100644 --- a/doc/man1/openssl-speed.pod.in +++ b/doc/man1/openssl-speed.pod.in @@ -101,6 +101,8 @@ Run benchmarks for I seconds. =item B<-bytes> I Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG. +The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit +int would be 2147483583 bytes. =item B<-mr>
[openssl] master update
The branch master has been updated via 378c50f63dceb3a85bb4937a3499283b10d295b6 (commit) from 64dc57419ddd9329f7062b048dee5ecd9306 (commit) - Log - commit 378c50f63dceb3a85bb4937a3499283b10d295b6 Author: Kevin K Biju Date: Sat Feb 5 18:09:45 2022 +0530 Added checking for buflen overflow due to MAX_MISALIGNMENT. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17646) --- Summary of changes: apps/speed.c | 8 ++-- doc/man1/openssl-speed.pod.in | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index a790f280db..2201489fb4 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -456,7 +456,7 @@ static const OPT_PAIR sm2_choices[SM2_NUM] = { static double sm2_results[SM2_NUM][2];/* 2 ops: sign then verify */ #endif /* OPENSSL_NO_SM2 */ -#define COND(unused_cond) (run && count < 0x7fff) +#define COND(unused_cond) (run && count < INT_MAX) #define COUNT(d) (count) typedef struct loopargs_st { @@ -1779,6 +1779,10 @@ int speed_main(int argc, char **argv) buflen = lengths[size_num - 1]; if (buflen < 36)/* size of random vector in RSA benchmark */ buflen = 36; +if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { +BIO_printf(bio_err, "Error: buffer size too large\n"); +goto end; +} buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); @@ -3613,7 +3617,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); -for (count = 0; run && count < 0x7fff; count++) { +for (count = 0; run && count < INT_MAX; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in index bfe992797a..98e3bac037 100644 --- a/doc/man1/openssl-speed.pod.in +++ b/doc/man1/openssl-speed.pod.in @@ -101,6 +101,8 @@ Run benchmarks for I seconds. =item B<-bytes> I Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG. +The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit +int would be 2147483583 bytes. =item B<-mr>
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3Di0C6_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGFs1qICvMKX-2BqJ7-2FpswyZzauyNRfkJyha3Mg15Pt5sB-2F8U3hgEP6e49W7SVU08Iuf84CSSyPlth7UMkHTMNYsa9D-2F82LpKbQ7-2FAe4ePDLPTrtrVcjyj9j8JVOlPTkQv8VO06D1q15gleEvaeIjaRKKsmQpGG6NQNT-2FxCAJ4QxnDQpKGRkaGmcjEVnDVVSqHtY-3D Build ID: 436323 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated via 64dc57419ddd9329f7062b048dee5ecd9306 (commit) from 63b996e752ac698186c38177232280e6515d571b (commit) - Log - commit 64dc57419ddd9329f7062b048dee5ecd9306 Author: Kelvin Lee Date: Sat Jan 22 11:22:31 2022 +1100 bn_lib.c: Change Endianess check to as a binary condition. This prevents VS2022 from mis-identify an uninitialized local pointer variable. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17567) --- Summary of changes: crypto/bn/bn_lib.c | 14 -- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b49c8a3bd2..05b36033a5 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -455,18 +455,15 @@ static BIGNUM *bin2bn(const unsigned char *s, int len, BIGNUM *ret, * significant BIGNUM chunk, so we adapt parameters to transfer * input bytes accordingly. */ -switch (endianess) { -case LITTLE: +if (endianess == LITTLE) { s2 = s + len - 1; inc2 = -1; inc = 1; -break; -case BIG: +} else { s2 = s; inc2 = 1; inc = -1; s += len - 1; -break; } /* Take note of the signedness of the input bytes*/ @@ -593,14 +590,11 @@ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, * to most significant BIGNUM limb, so we adapt parameters to * transfer output bytes accordingly. */ -switch (endianess) { -case LITTLE: +if (endianess == LITTLE) { inc = 1; -break; -case BIG: +} else { inc = -1; to += tolen - 1; /* Move to the last byte, not beyond */ -break; } lasti = atop - 1;
[openssl] master update
The branch master has been updated via 1cc94e2fa7fd1d5c24ad4cc01f363ff9ba5a4f13 (commit) from 0fdb31669f88cbf5d63ba16d82d95c6c84575dc0 (commit) - Log - commit 1cc94e2fa7fd1d5c24ad4cc01f363ff9ba5a4f13 Author: Weiguo Li Date: Wed Feb 9 16:12:30 2022 +0800 Fix outdated comments Update the comment "../md32_common.h" to "crypto/md32_common.h". CLA: trivial Signed-off-by: Weiguo Li Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/17670) --- Summary of changes: crypto/sha/sha1dgst.c | 2 +- crypto/sha/sha512.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 65d7e62e58..4c0c7a0fe4 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -20,7 +20,7 @@ #include #include -/* The implementation is in ../md32_common.h */ +/* The implementation is in crypto/md32_common.h */ #include "sha_local.h" #include "crypto/sha.h" diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 9600b370b4..154b79745b 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -25,7 +25,7 @@ * on [aligned] data in host byte order and one - on data in input * stream byte order; * - share common byte-order neutral collector and padding function - * implementations, ../md32_common.h; + * implementations, crypto/md32_common.h; * * Neither of the above applies to this SHA-512 implementations. Reasons * [in reverse order] are: