| ba0b60c6 | 16-Feb-2022 |
Jiasheng Jiang |
apps/s_server: Add missing check for BIO_new
As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the derefere
apps/s_server: Add missing check for BIO_new
As the potential failure of the BIO_new(), it should be better to check the return value and return error if fails in order to avoid the dereference of NULL pointer.
And because 'bio_s_msg' is checked before being used everytime, which has no need to add the check.
But 'bio_s_out' is not.
And since the check 'if (bio_s_out == NULL)' is redundant, it can be removed to make the code succincter.
Also the 'sbio' and so forth should be checked like the other places in the same file.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17710)
show more ...
|
| 8f084b43 | 10-Feb-2022 |
Jiasheng Jiang |
apps/ocsp: Add check for OPENSSL_strdup
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
apps/ocsp: Add check for OPENSSL_strdup
Just assert 'bn' to be non-NULL is not enough.
The check for 'itmp' is still needed.
If 'bn' is 0, the 'itmp' is assigned by OPENSSL_strdup().
Since OPENSSL_strdup() may fail because of the lack of memory,
the 'itmp' will be NULL and be an valid parameter hashed in
TXT_DB_get_by_index(), returning a wrong result.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17677)
show more ...
|
| 0c590558 | 09-Feb-2022 |
Jiasheng Jiang |
s_server: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can ac
s_server: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, the 'port' could be NULL.
And then it will be used in do_server(), which can accept
NULL as an valid parameter.
That means that the system could run with a wrong parameter.
Therefore it should be better to check it, like the other
memory allocation.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17673)
show more ...
|
| d5530efa | 10-Feb-2022 |
Tomas Mraz |
Add back check for the DH public key size
This is needed for TLS-1.3.
Also add check for uncompressed point format for ECDHE as
the other formats are not allowed by RFC 8446.
Add back check for the DH public key size
This is needed for TLS-1.3.
Also add check for uncompressed point format for ECDHE as
the other formats are not allowed by RFC 8446.
Fixes #17667
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17678)
show more ...
|
| 3d27ac8d | 09-Feb-2022 |
Weiguo Li |
Add define guards to avoid multi-inclusion
This header files are included by multiple other headers.
It's better to add define guards to prevent multi-inclusion.
Adhere to the coding
Add define guards to avoid multi-inclusion
This header files are included by multiple other headers.
It's better to add define guards to prevent multi-inclusion.
Adhere to the coding style, all preprocessor directives inside
the guards gain a space.
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17666)
show more ...
|
| 17da5f2a | 15-Feb-2022 |
Jiasheng Jiang |
test/helpers/handshake.c: Add check for OPENSSL_strdup
As the potential failure of the memory allocation, the OPENSSL_strdup()
could return NULL pointer and then be assigned to 'server_c
test/helpers/handshake.c: Add check for OPENSSL_strdup
As the potential failure of the memory allocation, the OPENSSL_strdup()
could return NULL pointer and then be assigned to 'server_ctx'.
In order to tell the callers the failure of the configuration, it should
be better to return error.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17705)
show more ...
|
| b926548b | 09-Feb-2022 |
Todd Short |
Force macOS 10.15 or later to be 64-bit
macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do no
Force macOS 10.15 or later to be 64-bit
macOS Catalina (10.15) no longer supports 32-bit applications.
Do not wait 5 seconds to give the user the option of using KERNEL_BITS=32
Do not accept the KERNEL_BITS=32 option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17675)
show more ...
|
| 065121ff | 04-Feb-2022 |
Armin Fuerst |
Add tests for do_updatedb
Fixes #13944
Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.
Added function "asn1_string_to_time_t" including test
Add tests for do_updatedb
Fixes #13944
Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in tests.
Added function "asn1_string_to_time_t" including tests.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17645)
show more ...
|
| c920020f | 07-Feb-2022 |
Jiasheng Jiang |
dh_exch.c: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.
Signed-off-by: Jiasheng Ji
dh_exch.c: Add check for OPENSSL_strdup
Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17651)
show more ...
|
| 75850738 | 11-Feb-2022 |
Tomas Mraz |
Apply the correct Apache v2 license
There were still a few files mentioning the old OpenSSL license.
Fixes #17684
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged f
Apply the correct Apache v2 license
There were still a few files mentioning the old OpenSSL license.
Fixes #17684
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
show more ...
|
| 79cda38c | 10-Feb-2022 |
Jiasheng Jiang |
openssl rehash: add check for OPENSSL_strdup
As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if
openssl rehash: add check for OPENSSL_strdup
As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17676)
show more ...
|
| bb2fb5d7 | 23-Nov-2021 |
Rami Khaldi |
Implement a new flag for running s_client in a non-interactive mode
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github
Implement a new flag for running s_client in a non-interactive mode
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17097)
show more ...
|
| bd654f7e | 09-Feb-2022 |
Daniel |
Use C locale in Bash scripts.
Fixes openssl#17228.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://githu
Use C locale in Bash scripts.
Fixes openssl#17228.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17674)
show more ...
|
| 8fff986d | 14-Jan-2022 |
Bernd Edlinger |
Cleanup record length checks for KTLS
In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unpr
Cleanup record length checks for KTLS
In some corner cases the check for packets
which exceed the allowed record length was missing
when KTLS is initially enabled, when some
unprocessed packets are still pending.
Add at least some tests for KTLS, since we have
currently not very much test coverage for KTLS.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17504)
show more ...
|
| 0c47b8a8 | 09-Feb-2022 |
Tomas Mraz |
Add test of FIPS provider from the master branch with 3.0 build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671) |
| bbbd1210 | 09-Feb-2022 |
Tomas Mraz |
evp_test: Skip testcase if r parameter is unsupported
The r parameter of the KBKDF is unsupported by 3.0 FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from htt
evp_test: Skip testcase if r parameter is unsupported
The r parameter of the KBKDF is unsupported by 3.0 FIPS module.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
show more ...
|
| 3fdf4b93 | 08-Feb-2022 |
Tomas Mraz |
Add test of FIPS provider from the 3.0 branch with master build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671) |
| b84c6e86 | 09-Feb-2022 |
Pauli |
Change condition to avoid spurious compiler complaints.
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has connipt
Change condition to avoid spurious compiler complaints.
X509_TRUST_get0() is checking < 0, the code here was checking == -1. Both are
equivalent in this situation but gcc-12 has conniptions about a subsequent
possible NULL dereference (which isn't possible).
Fixes #17665
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17668)
show more ...
|
| 378c50f6 | 05-Feb-2022 |
Kevin K Biju |
Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/ope
Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17646)
show more ...
|
| 649999dc | 22-Jan-2022 |
Kelvin Lee |
bn_lib.c: Change Endianess check to as a binary condition.
This prevents VS2022 from mis-identify an uninitialized local pointer
variable.
CLA: trivial
Reviewed-by: Ben
bn_lib.c: Change Endianess check to as a binary condition.
This prevents VS2022 from mis-identify an uninitialized local pointer
variable.
CLA: trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17567)
show more ...
|
| 63b996e7 | 09-Jun-2021 |
Andrey Matyukov |
AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled
with AVX512 vAES and vPCLMULQDQ instructions (available starting
AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.
Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled
with AVX512 vAES and vPCLMULQDQ instructions (available starting Intel's
IceLake micro-architecture).
The performance details for representative IceLake Server and Client
platforms are shown below
Performance data:
OpenSSL Speed KBs/Sec
Intel(R) Xeon(R) Platinum 8380 CPU @ 2.30GHz (1Core/1Thread)
Payload in Bytes 16 64 256 1024 8192 16384
AES-128-GCM
Baseline 478708.27 1118296.96 2428092.52 3518199.4 4172355.99 4235762.07
Patched 534613.95 2009345.55 3775588.15 5059517.64 8476794.88 8941541.79
Speedup 1.12 1.80 1.55 1.44 2.03 2.11
AES-256-GCM
Baseline 399237.27 961699.9 2136377.65 2979889.15 3554823.37 3617757.5
Patched 475948.13 1720128.51 3462407.12 4696832.2 7532013.16 7924953.91
Speedup 1.19 1.79 1.62 1.58 2.12 2.19
Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz (1Core/1Thread)
Payload in Bytes 16 64 256 1024 8192 16384
AES-128-GCM
Baseline 259128.54 570756.43 1362554.16 1990654.57 2359128.88 2401671.58
Patched 292139.47 1079320.95 2001974.63 2829007.46 4510318.59 4705314.41
Speedup 1.13 1.89 1.47 1.42 1.91 1.96
AES-256-GCM
Baseline 236000.34 550506.76 1234638.08 1716734.57 2011255.6 2028099.99
Patched 247256.32 919731.34 1773270.43 2553239.55 3953115.14 4111227.29
Speedup 1.05 1.67 1.44 1.49 1.97 2.03
Reviewed-by: TJ O'Dwyer, Marcel Cornu, Pablo de Lara
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17239)
show more ...
|
| 1cc94e2f | 09-Feb-2022 |
Weiguo Li |
Fix outdated comments
Update the comment "../md32_common.h" to "crypto/md32_common.h".
CLA: trivial
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Paul
Fix outdated comments
Update the comment "../md32_common.h" to "crypto/md32_common.h".
CLA: trivial
Signed-off-by: Weiguo Li <liwg06@foxmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/17670)
show more ...
|
| 0fdb3166 | 07-Feb-2022 |
EasySec |
Fix small typo in EVP_KEYEXCH-ECDH.html doc example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/ope
Fix small typo in EVP_KEYEXCH-ECDH.html doc example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17657)
show more ...
|
| 3a23f012 | 07-Feb-2022 |
Tom Cosgrove |
aarch64: fix branch target indications in arm64cpuid.pl and keccak1600
Add missing AARCH64_VALID_CALL_TARGET to armv8_rng_probe(). Also add
these to the functions defined by gen_random()
aarch64: fix branch target indications in arm64cpuid.pl and keccak1600
Add missing AARCH64_VALID_CALL_TARGET to armv8_rng_probe(). Also add
these to the functions defined by gen_random(), and note that this Perl
sub prints the assembler out directly, not going via the $code xlate
mechanism (and therefore coming before the include of arm_arch.h). So
fix this too.
In KeccakF1600_int, AARCH64_SIGN_LINK_REGISTER functions as
AARCH64_VALID_CALL_TARGET on BTI-only builds, so it needs to come before
the 'adr' line.
Change-Id: If241efe71591c88253a3e36647ced00300c3c1a3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17653)
show more ...
|
| 09030ee7 | 05-Feb-2022 |
Jiasheng Jiang |
Add the check after calling OPENSSL_strdup
Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to che
Add the check after calling OPENSSL_strdup
Since the potential failure of the memory allocation, the
OPENSSL_strdup() could return NULL pointer.
Therefore, it should be better to check it in order to guarantee the
success of the configuration, same as the check for
SSL_CTX_set_srp_username().
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17643)
show more ...
|
