slontis [Fri, 24 Jun 2022 04:01:07 +0000 (14:01 +1000)]
Fix memory leak in ossl_rsa_fromdata.
Occurs if a malloc failure happens inside collect_numbers()
Reported via #18365
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18646)
Matt Caswell [Fri, 24 Jun 2022 10:02:22 +0000 (11:02 +0100)]
Add a test for an all 0 RSA key
Testing a key with all values set to 0.
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18651)
Matt Caswell [Fri, 24 Jun 2022 10:01:22 +0000 (11:01 +0100)]
The rsa_validate_keypair_multiprime() function return is not boolean
A -ve return value from this function indicates an error which we should
treat as a failure to validate.
Fixes #18538
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18651)
```
test/test_test.c:58:9: note: cast one or both operands to int to silence this warning
test/test_test.c:58:9: error: use of bitwise '|' with boolean operands [-Werror,-Wbitwise-instead-of-logical]
if (!TEST(1, TEST_uint_eq(3u, 3u))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test/test_test.c:58:9: note: cast one or both operands to int to silence this warning
```
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
Sam James [Thu, 23 Jun 2022 03:24:32 +0000 (04:24 +0100)]
CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14
Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet
until this commit - in OpenSSL's CI.
It makes sense to ensure CI tests compilers used in newer Linux distributions:
* Fedora 36 ships with GCC 12
* Ubuntu 22.04 ships with Clang 14
We switch from 'ubuntu-latest' (which can change meaning but currently points
to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and
ubuntu-22.04 for the newer ones added by this commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18633)
Tomas Mraz [Wed, 22 Jun 2022 13:08:18 +0000 (15:08 +0200)]
Avoid including decoder/encoder/store headers into fips module
Fixes #18618
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18630)
Bernd Edlinger [Fri, 17 Jun 2022 08:25:24 +0000 (10:25 +0200)]
Fix compile issues in test/v3ext.c with no-rfc3779
There are no ASIdentifiers if OPENSSL_NO_RFC3779 is defined,
therefore the test cannot be compiled.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
Bernd Edlinger [Fri, 17 Jun 2022 07:30:04 +0000 (09:30 +0200)]
Add a CI workflow for no-rfc3779
Currently this configurations seem to be failing.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
Jiasheng Jiang [Wed, 22 Jun 2022 08:41:12 +0000 (16:41 +0800)]
crypto/http/http_client.c: Add the check for OPENSSL_strdup
As the potential failure of the OPENSSL_strdup(), it should
be better to check the return value and return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18624)
Xi Ruoyao [Wed, 22 Jun 2022 10:07:05 +0000 (18:07 +0800)]
rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2
bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size
is moduli bit size.
Fixes #18625.
Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18626)
Daniel Hu [Wed, 25 May 2022 09:23:40 +0000 (10:23 +0100)]
Optimize chacha20 on aarch64 by SVE2
This patch improves existing chacha20 SVE patch by using SVE2,
which is an optional architecture feature of aarch64, with XAR
instruction that can improve the performance of chacha20.
Signed-off-by: Daniel Hu <Daniel.Hu@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18522)
Jiasheng Jiang [Wed, 15 Jun 2022 07:37:36 +0000 (15:37 +0800)]
test/v3nametest.c: Add check for OPENSSL_malloc
As the potential failure of the OPENSSL_malloc(),
it should be better to add the check and return
error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18573)
Jiasheng Jiang [Fri, 17 Jun 2022 08:57:15 +0000 (16:57 +0800)]
test/evp_test.c: Add check for OPENSSL_strdup
As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18592)
- If keymgmmt is not available, it's not an error but the error message
persists in stack
- when setting groups, it's worth saying which group is not available
Fixes #18585
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18591)
Lutz Jaenicke [Fri, 17 Jun 2022 11:11:31 +0000 (13:11 +0200)]
Add test cases for verification of time stamping certificates
Test makes sure, that both time stamping certificate according to rfc3161 (no
requirements for keyUsage extension) and according to CAB forum (keyUsage
extension must be digitalSignature and be set critical) are accepted. Misuse
cases as stated in CAB forum are rejected, only exeption is a missing
"critial" flag on keyUsage.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18597)
Jiasheng Jiang [Fri, 17 Jun 2022 09:44:24 +0000 (17:44 +0800)]
apps/s_server.c: Add check for OPENSSL_strdup
As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18595)
Jiasheng Jiang [Fri, 17 Jun 2022 09:07:15 +0000 (17:07 +0800)]
crypto/x509/by_store.c: Add check for OPENSSL_strdup
As the potential failure of the OPENSSL_strdup(),
it should be better to check the return value and
return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18593)
SIZE_MAX is used in a recent fix of this file, but without including
internal/numbers.h, so that macro ends up not existing on some platforms,
resulting in build failures.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18605)
Jiasheng Jiang [Wed, 15 Jun 2022 08:07:12 +0000 (16:07 +0800)]
crypto/asn1/a_time.c: Add check for OPENSSL_malloc
As the potential failure of the OPENSSL_malloc(),
timestamp_tm could be NULL and be used in ASN1_TIME_to_tm()
without check.
Therefore, it should be better to check the return value of
OPENSSL_malloc() and return error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18575)
Clarify use of EGD for HPNS in rand/rand_egd.c comments.
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18566)
Fraser Tweedale [Wed, 15 Jun 2022 00:50:57 +0000 (10:50 +1000)]
Fix documentation of BIO_FLAGS_BASE64_NO_NL
Commit 8bfb7506d210841f2ee4eda8afe96441a0e33fa5 updated
`BIO_f_base64(3)` to improve the documentation of the
`BIO_FLAGS_BASE64_NO_NL` flag. In particular, the updated text
states that when this flag is used, all newlines in the input are
ignored. This is incorrect, as the following program proves:
int main(int argc, char **argv) {
BIO *b64 = BIO_new(BIO_f_base64());
if (b64 == NULL) return 1;
BIO_set_flags(b64, BIO_get_flags(b64) | BIO_FLAGS_BASE64_NO_NL);
int in_len = strlen(in_buf);
BIO *in = BIO_new_mem_buf(in_buf, in_len);
if (in == NULL) return 2;
in = BIO_push(b64, in);
unsigned char *out_buf = calloc(in_len, sizeof(unsigned char));
if (out_buf == NULL) return 3;
size_t out_len;
int r = BIO_read_ex(in, out_buf, in_len, &out_len);
printf("rv = %d\n", r);
printf("decoded = %s\n", out_buf);
return 0;
}
```
Update the text of `BIO_f_base64(3)` to clarify that when the flag
is set, the data must be all on one line (with or without a trailing
newline character).
Signed-off-by: Fraser Tweedale <ftweedal@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18568)
Daniel Fiala [Wed, 15 Jun 2022 06:54:39 +0000 (08:54 +0200)]
Remove debug and other outdated build targets.
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18571)
Richard Levitte [Fri, 10 Jun 2022 17:50:01 +0000 (19:50 +0200)]
test/recipes/*.t: setup() doesn't play well with spaces in the argument
The argument translates into a directory name, and there are platforms
that don't allow spaces (at least not easily), which makes the test fail.
This modifies it to conform a bit better to the usual form for that arg.
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18531)
Fix for OSSL_PARAM sample code referencing OSSL_PARAM_UTF8_PTR
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18490)
Tomas Mraz [Thu, 9 Jun 2022 10:34:55 +0000 (12:34 +0200)]
Always end BN_mod_exp_mont_consttime with normal Montgomery reduction.
This partially fixes a bug where, on x86_64, BN_mod_exp_mont_consttime
would sometimes return m, the modulus, when it should have returned
zero. Thanks to Guido Vranken for reporting it. It is only a partial fix
because the same bug also exists in the "rsaz" codepath.
The bug only affects zero outputs (with non-zero inputs), so we believe
it has no security impact on our cryptographic functions.
The fx is to delete lowercase bn_from_montgomery altogether, and have the
mont5 path use the same BN_from_montgomery ending as the non-mont5 path.
This only impacts the final step of the whole exponentiation and has no
measurable perf impact.
Jiasheng Jiang [Tue, 14 Jun 2022 09:15:05 +0000 (17:15 +0800)]
test/ssl_old_test.c: Add check for OPENSSL_malloc
As the potential failure of the OPENSSL_malloc(),
it should be better to add the check and return
error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18555)
Jiasheng Jiang [Tue, 14 Jun 2022 07:06:23 +0000 (15:06 +0800)]
test/ssl_old_test.c: Add check for OPENSSL_zalloc
As the potential failure of the OPENSSL_zalloc(),
it should be better to add the check and return
error if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18552)
If keymgmt is NULL, tmp_keymgmt is allocated and will not be freed.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18499)
Matt Caswell [Thu, 9 Jun 2022 15:57:30 +0000 (16:57 +0100)]
Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
Richard Levitte [Sun, 12 Jun 2022 04:03:50 +0000 (06:03 +0200)]
test/evp_test.c: Check too big output buffer sizes in PKEYKDF tests
EVP_PKEY_derive() should be able to cope with a too big buffer for fixed
size outputs. However, we don't test that.
This change modifies the PKEYKDF tests to ask EVP_PKEY_derive() what the
desired output buffer size is, and as long as the returned value isn't
absurd (indicating that anything goes), the output buffer is made to be
twice as big as what is expected.
Tests #18517
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18533)
Matt Caswell [Thu, 9 Jun 2022 11:02:37 +0000 (12:02 +0100)]
Fix the export routines to not return success if param alloc failed
We fix the dsa, dh, ec and rsa export routines so that they are
consistent with each other and do not report success if the allocation
of parameters failed.
This is essentially the same fix as applied in #18483 but applied to all
relevant key types.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18507)
Tomas Mraz [Mon, 13 Jun 2022 13:50:18 +0000 (15:50 +0200)]
Avoid reusing the init_lock for a different purpose
Otherwise we might cause a recursive locking.
Fixes #18535
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18545)
slontis [Mon, 30 May 2022 08:07:40 +0000 (18:07 +1000)]
RSA keygen update: Raise an error if no prime candidate q is found.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
slontis [Mon, 30 May 2022 08:03:11 +0000 (18:03 +1000)]
RSA Keygen update - When using the default provider fallback to default multiprime keygen if e is < 65537
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
slontis [Mon, 30 May 2022 07:56:53 +0000 (17:56 +1000)]
RSA keygen fixes
Fixes #18321
Increase the iteration factor used when 'Computing a Probable Prime Factor Based on Auxiliary Primes' from 5 to 20.
This matches the algorithm update made in FIPS 186-5.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18429)
Billy Brumley [Thu, 9 Jun 2022 21:03:23 +0000 (00:03 +0300)]
[crypto/bn] BN_consttime_swap: remove superfluous early exit
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18518)
Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me> Tested-by: Jiatai He <jiatai2021@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18197)
Matt Caswell [Mon, 6 Jun 2022 09:06:57 +0000 (10:06 +0100)]
Assert that a property definition cache entry is the first
When adding a property definition cache entry for a given property query
string we add an assert that we are not replacing an existing entry. If we
are then that indicates a bug in the caller.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
Matt Caswell [Thu, 2 Jun 2022 10:14:32 +0000 (11:14 +0100)]
Fix a memory leak in ossl_method_store_add()
If the call to ossl_prop_defn_set() fails then the OSSL_PROPERTY_LIST
we just created will leak.
Found as a result of:
https://github.com/openssl/openssl/pull/18355#issuecomment-1139499881
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18458)
Todd Short [Mon, 6 Jun 2022 15:46:36 +0000 (11:46 -0400)]
Update SIV mode documentation
Fixes #18440
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18485)
Matt Caswell [Fri, 3 Jun 2022 13:01:22 +0000 (14:01 +0100)]
Fix a mem leak in evp_pkey_copy_downgraded()
If we get a failure during evp_pkey_copy_downgraded() and on entry *dest
was NULL then we leak the EVP_PKEY that was automatically allocated and
stored in *dest.
Found due to this comment:
https://github.com/openssl/openssl/pull/18355#issuecomment-1145028315
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18470)
Matt Caswell [Thu, 2 Jun 2022 12:54:45 +0000 (13:54 +0100)]
CONF_modules_unload should fail if CONF_modules_finish fails
The module_list_lock is used by CONF_modules_unload(). That function relies
on the RUN_ONCE in CONF_modules_finish() to initialise that lock. However
if the RUN_ONCE fails that failure is not propagated to
CONF_modules_unload() and so it erroneously tries to use the lock anyway.
Found due to:
https://github.com/openssl/openssl/pull/18355#issuecomment-1144734604
Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18460)
Clemens Lang [Fri, 3 Jun 2022 11:23:36 +0000 (13:23 +0200)]
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com>
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18469)
projects / thirdparty / openssl.git / log
