[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu May 31 09:43:46 UTC 2018


The branch master has been updated
       via  5f49783c12e9e6100075e50fe727ee2d5cc30445 (commit)
       via  bdd5f12ea6b76fb133b152a3ca38a3c045be4de3 (commit)
       via  28c73b34dfe00e786fc9198d89e089655ec5ae01 (commit)
       via  fbccfedf9bb0840e6c2db54b66ac511b85a3f587 (commit)
       via  6712ba9323cd9dc550ae3cc258cb61b5b23dcd83 (commit)
       via  bceae201b45fdbc7898adada6aebe2a1b6145009 (commit)
       via  1b3c89cd1e579aa8b9229498699ce54fa7986fa7 (commit)
       via  5be77b074c17a506f222a28f13a0b64bbef9da7a (commit)
      from  3190d1dca43ecfd748c06aa06752de06af3768b9 (commit)


- Log -----------------------------------------------------------------
commit 5f49783c12e9e6100075e50fe727ee2d5cc30445
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 16:09:02 2018 +0100

    Don't call setsockopt with an invalid fd
    
    This is probably a "should not happen" scenario, but better check anyway.
    Found by Coverity.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit bdd5f12ea6b76fb133b152a3ca38a3c045be4de3
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 16:05:10 2018 +0100

    Fix a memory leak in an error path
    
    Found by Coverity
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit 28c73b34dfe00e786fc9198d89e089655ec5ae01
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 16:01:30 2018 +0100

    Free a variable
    
    Fix a memory leak in storeutl.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit fbccfedf9bb0840e6c2db54b66ac511b85a3f587
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 15:59:25 2018 +0100

    Free a variable on an error path
    
    Issue found by Coverity.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit 6712ba9323cd9dc550ae3cc258cb61b5b23dcd83
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 15:58:47 2018 +0100

    Only set TCP_NODELAY if the protocol is TCP
    
    This doesn't apply if we're doing DTLS, or using UNIX domain sockets.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit bceae201b45fdbc7898adada6aebe2a1b6145009
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 16:27:25 2018 +0100

    EVP_MD_size() can return an error
    
    Fix some instances where we weren't checking the error return.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit 1b3c89cd1e579aa8b9229498699ce54fa7986fa7
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 14:55:45 2018 +0100

    Remove some logically dead code
    
    Found by coverity. This is an artifact left over from the original
    decaf import which generated the source code for different curves. For
    curve 448 this is dead.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

commit 5be77b074c17a506f222a28f13a0b64bbef9da7a
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 29 14:33:12 2018 +0100

    Remove some logically dead code
    
    Issues found by Coverity
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6373)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c            |  1 +
 apps/s_server.c            |  1 +
 apps/s_socket.c            |  2 +-
 apps/s_time.c              |  7 +++++--
 apps/storeutl.c            |  1 +
 crypto/ec/curve448/eddsa.c |  4 ----
 crypto/ec/ec_pmeth.c       | 11 ++++-------
 ssl/statem/extensions.c    | 11 ++++++++++-
 ssl/tls13_enc.c            | 21 +++++++++++++++++++--
 9 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 9122d48..09f5340 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -201,6 +201,7 @@ static int psk_use_session_cb(SSL *s, const EVP_MD *md,
         cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
         if (cipher == NULL) {
             BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+            OPENSSL_free(key);
             return 0;
         }
 
diff --git a/apps/s_server.c b/apps/s_server.c
index b0d38e4..df2bf02 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -212,6 +212,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
     cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
     if (cipher == NULL) {
         BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+        OPENSSL_free(key);
         return 0;
     }
 
diff --git a/apps/s_socket.c b/apps/s_socket.c
index f4264cd..76f9289 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port,
 #endif
 
         if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
-                         type == SOCK_STREAM ? BIO_SOCK_NODELAY : 0)) {
+                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
             BIO_closesocket(*sock);
             *sock = INVALID_SOCKET;
             continue;
diff --git a/apps/s_time.c b/apps/s_time.c
index 5688f4f..82d40a5 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -389,11 +389,14 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
 #if defined(SOL_SOCKET) && defined(SO_LINGER)
     {
         struct linger no_linger;
+        int fd;
 
         no_linger.l_onoff  = 1;
         no_linger.l_linger = 0;
-        (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER,
-                          (char*)&no_linger, sizeof(no_linger));
+        fd = SSL_get_fd(serverCon);
+        if (fd >= 0)
+            (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
+                             sizeof(no_linger));
     }
 #endif
 
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 0f310d2..50007f6 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -308,6 +308,7 @@ int storeutl_main(int argc, char *argv[])
                   text, noout, recursive, 0, out, prog);
 
  end:
+    OPENSSL_free(fingerprint);
     OPENSSL_free(alias);
     ASN1_INTEGER_free(serial);
     X509_NAME_free(subject);
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index d318876..85565a8 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -253,7 +253,6 @@ c448_error_t c448_ed448_verify(
         curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
     curve448_scalar_t challenge_scalar;
     curve448_scalar_t response_scalar;
-    unsigned int c;
 
     if (C448_SUCCESS != error)
         return error;
@@ -291,9 +290,6 @@ c448_error_t c448_ed448_verify(
                                 &signature[EDDSA_448_PUBLIC_BYTES],
                                 EDDSA_448_PRIVATE_BYTES);
 
-    for (c = 1; c < C448_EDDSA_DECODE_RATIO; c <<= 1)
-        curve448_scalar_add(response_scalar, response_scalar, response_scalar);
-
     /* pk_point = -c(x(P)) + (cx + k)G = kG */
     curve448_base_double_scalarmul_non_secret(pk_point,
                                               response_scalar,
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 2fde4f7..b4105c2 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -219,10 +219,8 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx,
 
         if (dctx->md)
             md_type = EVP_MD_type(dctx->md);
-        else if (ec_nid == NID_sm2)
-            md_type = NID_sm3;
         else
-            md_type = NID_sha256;
+            md_type = NID_sm3;
 
         if (out == NULL) {
             *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type),
@@ -259,13 +257,12 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx,
 
         if (dctx->md)
             md_type = EVP_MD_type(dctx->md);
-        else if (ec_nid == NID_sm2)
-            md_type = NID_sm3;
         else
-            md_type = NID_sha256;
+            md_type = NID_sm3;
 
         if (out == NULL) {
-            *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen);
+            *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type),
+                                         inlen);
             ret = 1;
         }
         else {
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 7f9fd5f..209b4df 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1427,10 +1427,19 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
     const char external_label[] = "ext binder";
     const char nonce_label[] = "resumption";
     const char *label;
-    size_t bindersize, labelsize, psklen, hashsize = EVP_MD_size(md);
+    size_t bindersize, labelsize, psklen, hashsize;
+    int hashsizei = EVP_MD_size(md);
     int ret = -1;
     int usepskfored = 0;
 
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashsizei >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    hashsize = (size_t)hashsizei;
+
     if (external
             && s->early_data_state == SSL_EARLY_DATA_CONNECTING
             && s->session->ext.max_early_data == 0
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 1e6db92..3fc8e96 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -129,6 +129,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
                           unsigned char *outsecret)
 {
     size_t mdlen, prevsecretlen;
+    int mdleni;
     int ret;
     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
     static const char derived_secret_label[] = "derived";
@@ -140,7 +141,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
         return 0;
     }
 
-    mdlen = EVP_MD_size(md);
+    mdleni = EVP_MD_size(md);
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(mdleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    mdlen = (size_t)mdleni;
 
     if (insecret == NULL) {
         insecret = default_zeros;
@@ -316,7 +324,16 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
 {
     unsigned char key[EVP_MAX_KEY_LENGTH];
     size_t ivlen, keylen, taglen;
-    size_t hashlen = EVP_MD_size(md);
+    int hashleni = EVP_MD_size(md);
+    size_t hashlen;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    hashlen = (size_t)hashleni;
 
     if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
                            secret, hashlen)) {


More information about the openssl-commits mailing list