Comments (17)
Documentation changes, mostly yes. Confirming that every single *_free() function properly handles NULL... less so.
All our free functions should properly handle NULL. If they don't that's a bug IMO. I have no problem with a generic statement somewhere saying that all free functions properly handle NULL. Perhaps a good place would be in the "Library conventions" section of this page:
https://www.openssl.org/docs/manmaster/man7/ossl-guide-libraries-introduction.html
from openssl.
No worries about pronouns. I've just opened a PR. The change is ready from our side (mine, Jordan's). The tests completed fine. They were run in CI pipeline yesterday in my forked repo.
from openssl.
It certainly seems like a reasonable idea, would you be willing to submit a patch for this?
from openssl.
Documentation changes, mostly yes. Confirming that every single *_free()
function properly handles NULL... less so.
from openssl.
Yes, I'm referring specifically to documentation for the api calls you are interested in checking.
I'll assign this to you as a community issue
from openssl.
I've done the work, but I realized (and confirmed) that I would need to do corporate paperwork to contribute it. I'm looking into having somebody who has already done the paperwork take it over.
A central statement in a library conventions page would be good, but it should probably also be on each man page since that's where one will look first. It's already there on about half of them.
BTW, my inspection said that OPENSSL_INIT_free()
and OSS_LIB_CTX_free()
in FIPS-140 mode did not handle NULL.
from openssl.
BTW, my inspection said that OPENSSL_INIT_free() and OSS_LIB_CTX_free() in FIPS-140 mode did not handle NULL.
Interesting. They definitely should handle NULL. However OPENSSL_INIT_free() is not a public API function so this doesn't impact anything from a public docs perspective.
The FIPS version of OSSL_LIB_CTX_free() is also not the version of OSSL_LIB_CTX_free() which is the public API function. My analysis suggests that in any case it does (kind of accidentally) handle NULL correctly anyway. It should handle it more explicitly (ossl_lib_ctx_is_default(ctx) returns 0; this ctx->ischild
bit isn't compiled in FIPS; context_deinit
returns NULL if its passed NULL)
from openssl.
BTW, my inspection said that
OPENSSL_INIT_free()
andOSS_LIB_CTX_free()
in FIPS-140 mode did not handle NULL.
OSSL_LIB_CTX_free() handles NULL even with FIPS_MODULE defined (which is purely internal code so does not matter anyway). The reason is that both context_deinit() and OPENSSL_free() handle NULL argument gracefully.
You're right that OPENSSL_INIT_free() needs to be fixed. (#24681)
from openssl.
Ah, indeed. I didn't look at it deeply enough.
It works in non-FIPS-140 mode because ossl_lib_ctx_is_default()
returns true and so OSSL_LIB_CTX_free()
returns before reaching the if (ctx->child)
.
It works in FIPS-140 mode because the if (ctx->child)
is ifdef'ed out and then the underlying functions handle it as you say.
from openssl.
(Sigh, and that's exactly what Matt said, but I didn't notice that there were two comments.)
from openssl.
I derived my list of functions to inspect from the public documentation. OPENSSL_INIT_free()
is documented here:
https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_INIT_free.html
from openssl.
make that: https://www.openssl.org/docs/manmaster/man3/OPENSSL_INIT_free.html
from openssl.
I derived my list of functions to inspect from the public documentation
Oh - you're right! I misread the code. Yeah that definitely needs fixing.
from openssl.
My coworker Vita Bátrla @batrla has already done the relevant corporate paperwork and will be taking over this change. Thanks, Vita!
from openssl.
@jordanbrown 0if you could have them add a comment here, i'm happy to reassign it
from openssl.
Hi Neil, I'm going to work with Jordan and get a PR filed (probably next week).
from openssl.
Thank you, and I apologize, I didn't even think about my pronouns above
from openssl.
Related Issues (20)
- OSSL_STORE_LOADER_free() has conflicting documentation HOT 5
- iteration 19 evokes undefined behaviour [gentoo] HOT 7
- Unable to load PKCS7 object with EC key HOT 2
- Error finalizing cipher loop" when running openssl speed -evp -decrypt for AES-GCM HOT 7
- Issue while installing the riscv-pk -- ../pk/pk.c:188: Error: unknown CSR `senvcfg' HOT 2
- Unable to install OpenSSL on Wndows 11 HOT 4
- s_client seems not using client certificate when connecting via proxy HOT 5
- v3.3.0: CMS + EC keys + PKCS#11 does not work HOT 4
- no NDK arm-linux-androideabi-gcc on $PATH at (eval 12) line 143 error in windows and make[1]: *** [Makefile:3285: apps/libapps.a] Error 127 error when using wsl in windows HOT 10
- Provide a way to access OpenSSL source code via plain HTTP now that ftp.openssl.org is no more HOT 8
- Are RC5 and MDC2 algorithms are disabled by default in OpenSSL 3.3.0? HOT 1
- s_client/s_server: Read PSK from file instead of taking it as CLI parameter HOT 3
- How to visualize providers function call paths?
- 3.3.1: ${prefix} missing in /usr/lib/pkg-config HOT 13
- Base 64 decoding truncation
- memory leak in OPENSSL_config HOT 5
- `apps/openssl.cnf` default is to not enforce TLS. Should default to: enforce TLS HOT 7
- `SSL_get_ex_data_X509_STORE_CTX_idx` does not respect `OSSL_LIB_CTX` HOT 3
- OpenSSL 3.0.8 - How to fallback to default provider when property fips=yes set and FIPS provider is loaded
- OS Zoo CI currently broken HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.