[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Apr 29 15:51:09 UTC 2016
The branch master has been updated
via b8c51459aa5b5b6b78cce56a7b898944f5314550 (commit)
via 9d7ec8090ec1f131825c1bd087969c2e88750385 (commit)
via 40a8643a37ea50781872acd740020ac5b6c8f699 (commit)
via 7001571330ce2e31234660c10ef26089a07b17c1 (commit)
via 138388fe33707529683e1a41b0fe47d60313e7c1 (commit)
via ed3eb5e0cca0ac88908e5d718ac0137d0150ddb3 (commit)
from 3b7a71b2f026702877d8cf4240996f71ae2ff55a (commit)
- Log -----------------------------------------------------------------
commit b8c51459aa5b5b6b78cce56a7b898944f5314550
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 15:22:18 2016 +0100
Remove some dead code from EC_GROUP_check()
EC_GROUP_check() was obtaining a temporary BIGNUM from the BN_CTX, but
then not using it.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 9d7ec8090ec1f131825c1bd087969c2e88750385
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 12:17:15 2016 +0100
Don't use an uninitialised variable in srp application
The srp application created an uninitialised DB_ATTR object and then
passed it to the load_index function which attempted to read it. A
DB_ATTR object only contains a single field called "unique_subject".
AFAICT this attribute is unused in the SRP case, and therefore it would be
better to pass a NULL DB_ATTR to load_index (which handles that case
gracefully).
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 40a8643a37ea50781872acd740020ac5b6c8f699
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 11:44:39 2016 +0100
Avoid a NULL ptr deref if group is not set
We should only copy parameters and keys if the group is set. Otherwise
they don't really make any sense. Previously we copied the private key
regardless of whether the group was set...but if it wasn't a NULL ptr
deref could occur. It's unclear whether we could ever get into that
situation, but since we were already checking it for the public key we
should be consistent.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 7001571330ce2e31234660c10ef26089a07b17c1
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 11:29:50 2016 +0100
Check for a NULL return value from a call to X509_STORE_CTX_new()
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 138388fe33707529683e1a41b0fe47d60313e7c1
Author: Matt Caswell <matt at openssl.org>
Date: Fri Apr 29 11:27:09 2016 +0100
Check for failed malloc in BIO_ADDR_new
BIO_ADDR_new() calls OPENSSL_zalloc() which can fail - but the return
value is not checked.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit ed3eb5e0cca0ac88908e5d718ac0137d0150ddb3
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 28 17:05:21 2016 +0100
The x509_name_canon function doesn't check for an error return
i2d_name_canon can return a negative number on error. We should check it
before continuing.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/crl.c | 2 +-
apps/srp.c | 3 +--
crypto/bio/b_addr.c | 3 +++
crypto/ec/ec_check.c | 5 -----
crypto/ec/ec_key.c | 41 +++++++++++++++++++++--------------------
crypto/x509/x_name.c | 7 +++++--
6 files changed, 31 insertions(+), 30 deletions(-)
diff --git a/apps/crl.c b/apps/crl.c
index 915c9ac..d3fd416 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -244,7 +244,7 @@ int crl_main(int argc, char **argv)
if (lookup == NULL)
goto end;
ctx = X509_STORE_CTX_new();
- if (!X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
+ if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
}
diff --git a/apps/srp.c b/apps/srp.c
index 1bf2ee2..48ef85d 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -256,7 +256,6 @@ OPTIONS srp_options[] = {
int srp_main(int argc, char **argv)
{
CA_DB *db = NULL;
- DB_ATTR db_attr;
CONF *conf = NULL;
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
int doupdatedb = 0, mode = OPT_ERR;
@@ -401,7 +400,7 @@ int srp_main(int argc, char **argv)
BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
srpvfile);
- db = load_index(srpvfile, &db_attr);
+ db = load_index(srpvfile, NULL);
if (db == NULL)
goto end;
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index bfc745b..86c6c7e 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -83,6 +83,9 @@ BIO_ADDR *BIO_ADDR_new(void)
{
BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
+ if (ret == NULL)
+ return NULL;
+
ret->sa.sa_family = AF_UNSPEC;
return ret;
}
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 601559f..496b5fc 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -73,9 +73,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
goto err;
}
}
- BN_CTX_start(ctx);
- if ((order = BN_CTX_get(ctx)) == NULL)
- goto err;
/* check the discriminant */
if (!EC_GROUP_check_discriminant(group, ctx)) {
@@ -114,8 +111,6 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
ret = 1;
err:
- if (ctx != NULL)
- BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
EC_POINT_free(point);
return ret;
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 22c6535..31ed8a5 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -148,28 +148,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src)
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
return NULL;
- }
- /* copy the public key */
- if (src->pub_key != NULL && src->group != NULL) {
- EC_POINT_free(dest->pub_key);
- dest->pub_key = EC_POINT_new(src->group);
- if (dest->pub_key == NULL)
- return NULL;
- if (!EC_POINT_copy(dest->pub_key, src->pub_key))
- return NULL;
- }
- /* copy the private key */
- if (src->priv_key != NULL) {
- if (dest->priv_key == NULL) {
- dest->priv_key = BN_new();
- if (dest->priv_key == NULL)
+
+ /* copy the public key */
+ if (src->pub_key != NULL) {
+ EC_POINT_free(dest->pub_key);
+ dest->pub_key = EC_POINT_new(src->group);
+ if (dest->pub_key == NULL)
+ return NULL;
+ if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+ return NULL;
+ }
+ /* copy the private key */
+ if (src->priv_key != NULL) {
+ if (dest->priv_key == NULL) {
+ dest->priv_key = BN_new();
+ if (dest->priv_key == NULL)
+ return NULL;
+ }
+ if (!BN_copy(dest->priv_key, src->priv_key))
+ return NULL;
+ if (src->group->meth->keycopy
+ && src->group->meth->keycopy(dest, src) == 0)
return NULL;
}
- if (!BN_copy(dest->priv_key, src->priv_key))
- return NULL;
- if (src->group->meth->keycopy
- && src->group->meth->keycopy(dest, src) == 0)
- return NULL;
}
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 5e6abeb..cd6c719 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -335,7 +335,7 @@ static int x509_name_canon(X509_NAME *a)
STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
STACK_OF(X509_NAME_ENTRY) *entries = NULL;
X509_NAME_ENTRY *entry, *tmpentry = NULL;
- int i, set = -1, ret = 0;
+ int i, set = -1, ret = 0, len;
OPENSSL_free(a->canon_enc);
a->canon_enc = NULL;
@@ -370,7 +370,10 @@ static int x509_name_canon(X509_NAME *a)
/* Finally generate encoding */
- a->canon_enclen = i2d_name_canon(intname, NULL);
+ len = i2d_name_canon(intname, NULL);
+ if (len < 0)
+ goto err;
+ a->canon_enclen = len;
p = OPENSSL_malloc(a->canon_enclen);
More information about the openssl-commits
mailing list