| 3a1d2b59 | 12-Apr-2021 |
Oliver Mihatsch |
Fix memory leak in i2d_ASN1_bio_stream
When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START
Fix memory leak in i2d_ASN1_bio_stream
When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream().
This results in calling asn1_bio_flush_ex cleanup but will only
reset retry flags as the state is not ASN1_STATE_POST_COPY.
Therefore 48 bytes (Linux x86_64) leaked since the
ndef_prefix_free / ndef_suffix_free callbacks are not executed
and the ndef_aux structure is not freed.
By always calling free function callback in asn1_bio_free() the
memory leak is fixed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14844)
show more ...
|
| 5cffc49f | 30-Jun-2021 |
Tomas Mraz |
PEM_read_...: document that garbage and other PEM data is skipped
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949) |
| d82d1d11 | 30-Jun-2021 |
Tomas Mraz |
load_key_certs_crls: Avoid reporting any spurious errors
When there is other PEM data in between certs the OSSL_STORE_load
returns NULL and reports error. Avoid printing that error unles
load_key_certs_crls: Avoid reporting any spurious errors
When there is other PEM data in between certs the OSSL_STORE_load
returns NULL and reports error. Avoid printing that error unless
there was nothing read at all.
Fixes #15945
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
show more ...
|
| e5808784 | 29-Jun-2021 |
Tomas Mraz |
test_pem_reading: Test loading a key from a file with multiple PEM data
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949) |
| bb8a2450 | 29-Jun-2021 |
Tomas Mraz |
load_pkey_pem: Check for spurious errors when loading
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949) |
| 66a7c9f3 | 29-Jun-2021 |
Tomas Mraz |
pem_read_bio_key: Add passphrase caching to avoid asking for password twice
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949) |
| fbbd4253 | 29-Jun-2021 |
Tomas Mraz |
pem_read_bio_key_decoder: Avoid spurious error on unknown PEM data
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949) |
| 92d7120c | 01-Jul-2021 |
Shane Lontis |
Fix compile errors when building with --api=1.1.0 no-deprecated.
Fixes #15963
INSTALL.md uses these exact options as an example so it should work.
Reviewed-by: Tomas Mraz <
Fix compile errors when building with --api=1.1.0 no-deprecated.
Fixes #15963
INSTALL.md uses these exact options as an example so it should work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15965)
show more ...
|
| 6a748529 | 01-Jul-2021 |
Paul Kehrer |
update pyca-cryptography regression test suite
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/
update pyca-cryptography regression test suite
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15962)
show more ...
|
| 6870c1e7 | 23-Jun-2021 |
Randall S. Becker |
Defined out MUTEX attributes not available on NonStop SPT Threads.
Standard Posix Threads (SPT) Threads are an older separate branch of
pthreads that do not support some of the capabilit
Defined out MUTEX attributes not available on NonStop SPT Threads.
Standard Posix Threads (SPT) Threads are an older separate branch of
pthreads that do not support some of the capabilities in the current
Posix User Threads (PUT).
The change also includes a rename of the close field of OSSL_STORE_LOADER
which was causing preprocessor conflicts.
Fixes #15885
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15886)
show more ...
|
| d60e719c | 30-Jun-2021 |
Tomas Mraz |
doc: Mention the update of der data pointers in d2i/i2d
Fixes #15958
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged f
doc: Mention the update of der data pointers in d2i/i2d
Fixes #15958
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15959)
show more ...
|
| 02531243 | 30-Jun-2021 |
Richard Levitte |
DOC: clarify OPENSSL_API_COMPAT
Fixes #15928
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/o
DOC: clarify OPENSSL_API_COMPAT
Fixes #15928
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15956)
show more ...
|
| a5a4dac9 | 29-Jun-2021 |
Pauli |
ci: add a memory sanitiser test run
This omission noted in #15950
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged fro
ci: add a memory sanitiser test run
This omission noted in #15950
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)
show more ...
|
| 514b7691 | 30-Jun-2021 |
Pauli |
afalg: add some memory initialisation calls to pacify memory sanitisation.
The engine is modifying memory without the sanitiser realising. By pre-
initialising this memory, the sanitise
afalg: add some memory initialisation calls to pacify memory sanitisation.
The engine is modifying memory without the sanitiser realising. By pre-
initialising this memory, the sanitiser now thinks that read accesses are okay.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)
show more ...
|
| d720e603 | 29-Jun-2021 |
Randall S. Becker |
Document cross-compile considerations for NonStop x86 builds.
Fixes #15919
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.
Document cross-compile considerations for NonStop x86 builds.
Fixes #15919
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15948)
show more ...
|
| 36a4637e | 29-Jun-2021 |
David Benjamin |
Fix use of uninitialized memory in test_rsa_oaep
48f1739600f33c92387debce2002acec6e365f1d did not convert the RSA OAEP
tests correctly. The corrupted ciphertext and truncation tests were
Fix use of uninitialized memory in test_rsa_oaep
48f1739600f33c92387debce2002acec6e365f1d did not convert the RSA OAEP
tests correctly. The corrupted ciphertext and truncation tests were
really decrypting uninitialized memory, rather than the sample
ciphertext. This results in an error in tools like MSan.
The test is somewhat roundabout. In the original version, before the
conversion, ctext_ex was an OAEP test vector from key1(), etc.,
functions. The test would:
1. Encrypt ptext_ex as ctext.
2. Decrypt ctext and check it gives ptext_ex.
3. Decrypt ctext_ex and check it gives ptext_ex.
4. Try corrupted and truncated versions of ctext.
48f1739600f33c92387debce2002acec6e365f1d then moved steps 1 and 2 into
test_rsa_simple, which meant ctext is no longer available for step 4. It
then mistakenly left the variable around, but uninitialized, so the test
wasn't testing anything. (Confusingly, test_rsa_simple outputs ctext_ex
to the caller, but doesn't do anything with it. The ctext_ex output is
also only usable for OAEP, not PKCS#1 v1.5.)
It doesn't really matter whether we use ctext or ctext_ex for step 4, so
this PR fixes it by using ctext_ex instead.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15950)
show more ...
|
| 1986f615 | 29-Jun-2021 |
Dr. David von Oheimb |
OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency
Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results
OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency
Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
show more ...
|
| 66be663b | 22-Jun-2021 |
Dr. David von Oheimb |
cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mra
cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
show more ...
|
| 7df56ada | 16-Jun-2021 |
Dr. David von Oheimb |
CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.
CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
show more ...
|
| b9bc8eb0 | 30-Jun-2021 |
Pauli |
test: fix test ordering in threads test
Fixes #15953
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15954) |
| 5e56f458 | 28-Jun-2021 |
Pauli |
evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943) |
| 98431c43 | 28-Jun-2021 |
Pauli |
dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943) |
| 159dacca | 28-Jun-2021 |
Pauli |
s_time: avoid unlikely division by zero
Fixing coverity 966560 Division or modulo by zero (DIVIDE_BY_ZERO)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu
s_time: avoid unlikely division by zero
Fixing coverity 966560 Division or modulo by zero (DIVIDE_BY_ZERO)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
show more ...
|
| 196feb18 | 28-Jun-2021 |
Pauli |
bio: check for valid socket when closing
Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/
bio: check for valid socket when closing
Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
show more ...
|
| 01fb4bff | 28-Jun-2021 |
Pauli |
test: fix coverity 1469427 Improper use of negative value (NEGATIVE_RETURNS)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943) |
