[pull] master from openssl:master #304
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- add 'external/*' to the list of patterns to skip - add '*.csr' to the list of patterns to skip Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> (Merged from #29437)
Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> (Merged from #29437)
There's this one random string where we have the word "Hellow". It's a random string, "correct" spelling is really not important, so we tell codespell to just ignore that line. Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> (Merged from #29437)
A small script that tries to perform reformatting of a patch set. Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from #29356)
The "Verify-Message" type looks for private keys only, which meant anything using a public key got skipped. Changed the entries to "Verify-Message-Public" which tries the public key first. This uncovered one test that needed to be removed since ECDSA-MD5 is not a valid fetchable algorithm (in any OpenSSL provider). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #28040)
The deserialization functions for SHA2 and SHA3 digest contexts did not sufficiently validate the incoming data. Corruption in transmission or on saved disk data could cause a out-of-bounds memory access if buffer sizes did not match expected values. Add sanity checks to the SHA2 and SHA3 deserialization functions to validate buffer-related fields before they are used. The serialization format for these digests has been changed to place these critical fields early in the stream to enable this validation. Additionally, add a note to the EVP_DigestInit man page to warn users that deserialization should only be performed on trusted data. The checks we implement are not meant to address processing of untrusted data maliciously crafted by an attacker. Application that need to store data or transmit it through untrusted media SHOULD implement proper encryption and message authentication on their own using things like CMS or other appropriate secure message containers. These check have been added also to quiet a bit security researchers that try to find any way to claim CVE bounties even in completely unlikely or invalid scenarios. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from #29404)
Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #29414)
Used types are only available if OPENSSL_NO_DEPRECATED_3_0 is not defined. Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #29414)
This was an internal function and should not be here. Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #29414)
This test tries to use all stub macros and compare return values to verify that OPENSSL_ENGINE_STUBS define works. Fixes openssl/project#1762 Signed-off-by: Milan Broz <gmazyland@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from #29414)
... with perl truthiness in mind Most of all, this means not having undue expectations that its value is numerical (this is particularly true when HARNESS_VERBOSE isn't given by the user, and this script's default is "yes"). We do this by ensuring that $tap_verbosity is turned into an appropriate number if HARNESS_VERBOSE's value isn't numerical. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #29443)
The `openssl rehash` should be used instead. Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #29427)
When the array is empty then copy.pl fails, because there is nothing to copy. The empty check was done on a different variable. Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #29427)
This avoids crash if a legacy BIO callback is set and BIO_sendmmsg() or BIO_recvmmsg() is used. Reported by Stanislav Fort (Aisle Research) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Norbert Pocs <norbertp@openssl.org> (Merged from #29395)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )