The password_callback() function does not necessarily NULL terminate
the password buffer, the caller must use the returned length but the
srp app uses this function as if it was doing NULL termination.
This made the -passin and -passout options of "openssl srp"
fail inexpicably and randomly or even crash.
Fixed by enlarging the buffer by one, so that the maximum password length
remains unchanged, and adding NULL termination upon return.
[Rearrange code for coding style compliance in process.]
This backport of 0e83981d61.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3579)
In apps/apps.c, one can set up an engine with setup_engine().
However, we freed the structural reference immediately, which means
that for engines that don't already have a structural reference
somewhere else (because it has registered at least one cipher or digest
algorithm method, and therefore gets a functional reference through the
ENGINE_set_default() call), we end up returning an invalid reference.
Instead, the function release_engine() is added, and called at the end
of the routines that call setup_engine().
Originally, the ENGINE API wasn't designed for this to happen, an
engine had to register at least one algorithm method, and was
especially expected to register the algorithms corresponding to the
key types that could be stored and hidden in hardware. However, it
turns out that some engines will not register those algorithms with
the ENGINE_set_{algo}, ENGINE_set_cipher or ENGINE_set_digest
functions, as they only want the methods to be used for keys, not as
general crypto accelerator methods. That may cause ENGINE_set_default()
to do nothing, and no functional reference is therefore made, leading
to a premature deallocation of the engine and it thereby becoming
unavailable when trying to fetch a key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1644)
This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not
possible to do no-tls1_1 or no-tls1_2 in 1.0.2).
Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows
that disabling TLS1.0 should force the disabling of tlsext.
Also a few missing ifdef guards.
GitHub Iusse#935
Reviewed-by: Rich Salz <rsalz@openssl.org>
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)
Conflicts:
crypto/bio/bss_dgram.c
Diego Santa Cruz
Bernd Edlinger
Richard Levitte
Matt Caswell
Viktor Dukhovni
Ben Laurie