[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sat Mar 20 00:21:02 UTC 2021


The branch master has been updated
       via  c38048e793e4cdf21759d4b068561d3bb0041ae6 (commit)
       via  b6d1bd4eb8662fb89911d5823d9454ca924878e7 (commit)
       via  72ded6f2a93085f536b4a820ab42b2da26fecf1c (commit)
       via  f1619160c89d5394f0cb9626d1198ef5180448db (commit)
       via  88ce406c895acf8d310835c3af628542364d8129 (commit)
       via  8f586f5bc10f86a064c74f06542b9da6cf137cc6 (commit)
       via  337ace06b9f112c5a5f540840814348ba17984d0 (commit)
       via  b6f0f546ff06fa9aa7e37c1a272e3a712c81fdc0 (commit)
       via  28c21fa048db0f1850e533c82a13d01c98de7ea1 (commit)
      from  07aa88cccf506c6143ec882a5dd93cd97483ecc2 (commit)


- Log -----------------------------------------------------------------
commit c38048e793e4cdf21759d4b068561d3bb0041ae6
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 17:59:34 2021 +1000

    sslapitest: fix problem in cleanup on failure path
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit b6d1bd4eb8662fb89911d5823d9454ca924878e7
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:35:59 2021 +1000

    evp: fix coverity 1473381 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit 72ded6f2a93085f536b4a820ab42b2da26fecf1c
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:25:11 2021 +1000

    x509: coverity 1472673 & 1472693 - dereference after null checks
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit f1619160c89d5394f0cb9626d1198ef5180448db
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:09:06 2021 +1000

    test: coverity 1469426 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit 88ce406c895acf8d310835c3af628542364d8129
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:07:56 2021 +1000

    ssl: coverity 1465527 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit 8f586f5bc10f86a064c74f06542b9da6cf137cc6
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:05:37 2021 +1000

    test: coverity 1455749 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit 337ace06b9f112c5a5f540840814348ba17984d0
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 13:04:20 2021 +1000

    test: coverity 1455747 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit b6f0f546ff06fa9aa7e37c1a272e3a712c81fdc0
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 12:59:24 2021 +1000

    async: coverity 1446224 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

commit 28c21fa048db0f1850e533c82a13d01c98de7ea1
Author: Pauli <ppzgs1 at gmail.com>
Date:   Wed Mar 17 12:55:37 2021 +1000

    evp: fix coverity 1445872 - dereference after null check
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14589)

-----------------------------------------------------------------------

Summary of changes:
 crypto/async/async.c               |  5 ++++-
 crypto/evp/ctrl_params_translate.c | 10 ++++++++--
 crypto/evp/digest.c                |  7 ++++++-
 crypto/x509/x509_cmp.c             |  7 +++++--
 ssl/ssl_rsa.c                      |  3 +++
 test/evp_test.c                    | 14 ++++++++------
 test/sslapitest.c                  | 14 +++++++++-----
 7 files changed, 43 insertions(+), 17 deletions(-)

diff --git a/crypto/async/async.c b/crypto/async/async.c
index 2a51ee7bc2..53b25d7b4b 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -181,7 +181,7 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
     if (ctx == NULL)
         return ASYNC_ERR;
 
-    if (*job)
+    if (*job != NULL)
         ctx->currjob = *job;
 
     for (;;) {
@@ -203,7 +203,10 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
             }
 
             if (ctx->currjob->status == ASYNC_JOB_PAUSED) {
+                if (*job == NULL)
+                    return ASYNC_ERR;
                 ctx->currjob = *job;
+
                 /*
                  * Restore the default libctx to what it was the last time the
                  * fibre ran
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 32af4eedd3..808804ab3a 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1512,8 +1512,14 @@ static int get_payload_group_name(enum state state,
         return 0;
     }
 
-    if (ctx->p2 != NULL)
-        ctx->p1 = strlen(ctx->p2);
+    /*
+     * Quietly ignoring unknown groups matches the behaviour on the provider
+     * side.
+     */
+    if (ctx->p2 == NULL)
+        return 1;
+
+    ctx->p1 = strlen(ctx->p2);
     return default_fixup_args(state, translation, ctx);
 }
 
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d256cbe140..494e0f5646 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -457,7 +457,12 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
     OSSL_PARAM params[2];
     size_t i = 0;
 
-    if (ctx->digest == NULL || ctx->digest->prov == NULL)
+    if (ctx->digest == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
+        return 0;
+    }
+
+    if (ctx->digest->prov == NULL)
         goto legacy;
 
     if (ctx->digest->dfinal == NULL) {
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index a149bf49dc..3ced70b21f 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -251,18 +251,21 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
         return -1;
 
     /* Ensure canonical encoding is present and up to date */
-    if (!a->canon_enc || a->modified) {
+    if (a->canon_enc == NULL || a->modified) {
         ret = i2d_X509_NAME((X509_NAME *)a, NULL);
         if (ret < 0)
             return -2;
     }
 
-    if (!b->canon_enc || b->modified) {
+    if (b->canon_enc == NULL || b->modified) {
         ret = i2d_X509_NAME((X509_NAME *)b, NULL);
         if (ret < 0)
             return -2;
     }
 
+    if (a->canon_enc == NULL || b->canon_enc == NULL)
+        return -2;
+
     ret = a->canon_enclen - b->canon_enclen;
     if (ret == 0 && a->canon_enclen != 0)
         ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b78d751818..cf410d6d87 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -424,6 +424,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
     void *passwd_callback_userdata;
     SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
 
+    if (ctx == NULL && ssl == NULL)
+        return 0;
+
     ERR_clear_error();          /* clear error stack for
                                  * SSL_CTX_use_certificate() */
 
diff --git a/test/evp_test.c b/test/evp_test.c
index bd32ad5c7b..2bb837e6e7 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1115,15 +1115,16 @@ static int mac_test_parse(EVP_TEST *t,
 static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
                               const char *value)
 {
-    int rv;
+    int rv = 0;
     char *p, *tmpval;
 
     if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
         return 0;
     p = strchr(tmpval, ':');
-    if (p != NULL)
+    if (p != NULL) {
         *p++ = '\0';
-    rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+        rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+    }
     if (rv == -2)
         t->err = "PKEY_CTRL_INVALID";
     else if (rv <= 0)
@@ -1459,15 +1460,16 @@ static void pkey_test_cleanup(EVP_TEST *t)
 static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
                           const char *value)
 {
-    int rv;
+    int rv = 0;
     char *p, *tmpval;
 
     if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
         return 0;
     p = strchr(tmpval, ':');
-    if (p != NULL)
+    if (p != NULL) {
         *p++ = '\0';
-    rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+        rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+    }
     if (rv == -2) {
         t->err = "PKEY_CTRL_INVALID";
         rv = 1;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index b469d80a17..edaadb170f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -625,10 +625,14 @@ static int test_client_cert_verify_cb(void)
 end:
     X509_free(crt1);
     X509_free(crt2);
-    SSL_shutdown(clientssl);
-    SSL_shutdown(serverssl);
-    SSL_free(serverssl);
-    SSL_free(clientssl);
+    if (clientssl != NULL) {
+        SSL_shutdown(clientssl);
+        SSL_free(clientssl);
+    }
+    if (serverssl != NULL) {
+        SSL_shutdown(serverssl);
+        SSL_free(serverssl);
+    }
     SSL_CTX_free(sctx);
     SSL_CTX_free(cctx);
 
@@ -8297,7 +8301,7 @@ static EVP_PKEY *get_tmp_dh_params(void)
         OSSL_PARAM_BLD_free_params(params);
     }
 
-    if (!EVP_PKEY_up_ref(tmp_dh_params))
+    if (tmp_dh_params != NULL && !EVP_PKEY_up_ref(tmp_dh_params))
         return NULL;
 
     return tmp_dh_params;


More information about the openssl-commits mailing list