Matt Caswell [Mon, 10 Sep 2018 10:51:30 +0000 (11:51 +0100)]
Updates NEWS for the 1.1.1 release
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7164)
It's actually not a real issue but caused by the absence of the default case
which does not occur in reality but which makes coverity see a code path where
pkey remains unassigned.
Reported by Coverity Scan (CID 1423323)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7158)
Richard Levitte [Thu, 6 Sep 2018 20:09:11 +0000 (22:09 +0200)]
ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroes
The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero
length INTEGER encoding for zeroes. For the sake of backward
compatibility, we allow those to be read without fault when using the
replacement types INT32 / UINT32 / INT64 / UINT64.
Fixes #7134
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7144)
Richard Levitte [Thu, 6 Sep 2018 20:52:38 +0000 (22:52 +0200)]
SipHash: add separate setter for the hash size
This was originally part of SipHash_Init. However, there are cases
where there isn't any key material to initialize from when setting the
hash size, and we do allow doing so with a EVP_PKEY control. The
solution is to provide a separate hash_size setter and to use it in
the corresponding EVP_PKEY_METHOD.
Fixes #7143
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7145)
Matt Caswell [Fri, 7 Sep 2018 14:17:34 +0000 (15:17 +0100)]
Do not reset SNI data in SSL_do_handshake()
PR #3783 introduce coded to reset the server side SNI state in
SSL_do_handshake() to ensure any erroneous config time SNI changes are
cleared. Unfortunately SSL_do_handshake() can be called mid-handshake
multiple times so this is the wrong place to do this and can mean that
any SNI data is cleared later on in the handshake too.
Therefore move the code to a more appropriate place.
Fixes #7014
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7149)
Ben Kaduk [Tue, 4 Sep 2018 17:30:00 +0000 (12:30 -0500)]
Simplify SSL_get_servername() to avoid session references
Ideally, SSL_get_servername() would do exactly as it is documented
and return exactly what the client sent (i.e., what we currently
are stashing in the SSL's ext.hostname), without needing to refer
to an SSL_SESSION object. For historical reasons, including the
parsed SNI value from the ClientHello originally being stored in the
SSL_SESSION's ext.hostname field, we have had references to the
SSL_SESSION in this function. We cannot fully excise them due to
the interaction between user-supplied callbacks and TLS 1.2 resumption
flows, where we call all callbacks but the client did not supply an
SNI value. Existing callbacks expect to receive a valid SNI value
in this case, so we must fake one up from the resumed session in
order to avoid breakage.
Otherwise, greatly simplify the implementation and just return the
value in the SSL, as sent by the client.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)
Ben Kaduk [Tue, 4 Sep 2018 16:44:07 +0000 (11:44 -0500)]
Restore historical SSL_get_servername() behavior
Commit 1c4aa31d79821dee9be98e915159d52cc30d8403 modified the state machine
to clean up stale ext.hostname values from SSL objects in the case when
SNI was not negotiated for the current handshake. This is natural from
the TLS perspective, since this information is an extension that the client
offered but we ignored, and since we ignored it we do not need to keep it
around for anything else.
However, as documented in https://github.com/openssl/openssl/issues/7014 ,
there appear to be some deployed code that relies on retrieving such an
ignored SNI value from the client, after the handshake has completed.
Because the 1.1.1 release is on a stable branch and should preserve the
published ABI, restore the historical behavior by retaining the ext.hostname
value sent by the client, in the SSL structure, for subsequent retrieval.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7115)
Matt Caswell [Thu, 6 Sep 2018 11:06:24 +0000 (12:06 +0100)]
Test that we can handle a PHA CertificateRequest after we sent close_notify
Even though we already sent close_notify the server may not have recieved
it yet and could issue a CertificateRequest to us. Since we've already
sent close_notify we can't send any reasonable response so we just ignore
it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
Matt Caswell [Tue, 4 Sep 2018 12:36:55 +0000 (13:36 +0100)]
Process KeyUpdate and NewSessionTicket messages after a close_notify
If we've sent a close_notify then we are restricted about what we can do
in response to handshake messages that we receive. However we can sensibly
process NewSessionTicket messages. We can also process a KeyUpdate message
as long as we also ignore any request for us to update our sending keys.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7114)
Jack Lloyd [Tue, 4 Sep 2018 15:25:29 +0000 (23:25 +0800)]
Add test case for SM2 evp verification
This test case is originally submitted in #6757, by Jack Lloyd. The test
case has been modified to use the a different method to set the ID when
computing the Z hash of SM2 signature.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7113)
Paul Yang [Tue, 4 Sep 2018 09:21:10 +0000 (17:21 +0800)]
Support setting SM2 ID
zero-length ID is allowed, but it's not allowed to skip the ID.
Fixes: #6534 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
Patrick Steuer [Thu, 6 Sep 2018 13:51:43 +0000 (15:51 +0200)]
fuzz/driver.c: appease -Wmissing-prototypes
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7138)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7090)
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)
`RSA_free()` and friends are called in case of error from
`RSA_new_method(ENGINE *e)` (or the respective equivalent functions).
For the rest of the description I'll talk about `RSA_*`, but the same
applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`.
If `RSA_new_method()` fails because the engine does not implement the
required method, when `RSA_free(RSA *r)` is called,
`r->meth == NULL` and a segfault happens while checking if
`r->meth->finish` is defined.
This commit fixes this issue by ensuring that `r->meth` is not NULL
before dereferencing it to check for `r->meth->finish`.
Fixes #7102 .
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7121)
Eric Curtin [Mon, 3 Sep 2018 14:23:37 +0000 (15:23 +0100)]
New openssl subject parser hard to debug
-subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com'
was a valid subject in openssl 1.0. Error received in 1.1 is:
problems making Certificate Request
Not very informative, I only figured this out because I compiled the
code and added logging.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7098)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7106)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7109)
key zeroisation for pvkfmt now done on all branch paths
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7107)
key zeroization fix for a branch path of tls13_final_finish_mac
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7110)
Richard Levitte [Mon, 3 Sep 2018 11:17:03 +0000 (13:17 +0200)]
openssl req: don't try to report bits
With the introduction of -pkeyopt, the number of bits may change
without |newkey| being updated. Unfortunately, there is no API to
retrieve the information from a EVP_PKEY_CTX either, so chances are
that we report incorrect information. For the moment, it's better not
to try to report the number of bits at all.
Fixes #7086
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7096)
Matt Caswell [Mon, 3 Sep 2018 10:57:33 +0000 (11:57 +0100)]
Clarify the return value of SSL_client_version()
The SSL_client_version() function returns the value held in the
legacy_version field of the ClientHello. This is never greater than
TLSv1.2, even if TLSv1.3 later gets negotiated.
Fixes #7079
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7095)
Matt Caswell [Mon, 13 Aug 2018 19:18:32 +0000 (20:18 +0100)]
Ignore EPIPE when sending NewSessionTickets in TLSv1.3
If a client sends data to a server and then immediately closes without
waiting to read the NewSessionTickets then the server can receive EPIPE
when trying to write the tickets and never gets the opportunity to read
the data that was sent. Therefore we ignore EPIPE when writing out the
tickets in TLSv1.3
Fixes #6904
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6944)
Jakub Wilk [Mon, 3 Sep 2018 09:09:51 +0000 (11:09 +0200)]
Fix example in crl(1) man page
The default input format is PEM, so explicit "-inform DER" is needed to
read DER-encoded CRL.
CLA: trivial
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7094)
Add make clean for evp demos and remove whitespace from a line.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7072)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7092)
Billy Brumley [Wed, 22 Aug 2018 09:27:34 +0000 (12:27 +0300)]
[test] throw error from wrapper function instead of an EC_METHOD specific one
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7028)
Billy Brumley [Wed, 22 Aug 2018 06:50:43 +0000 (09:50 +0300)]
[test] ECC: make sure negative tests pass for the right reasons
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7028)
wzhang [Wed, 8 Aug 2018 08:04:18 +0000 (01:04 -0700)]
Fix the comment of PEM_read_bio_ex
Add one more unit test case
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/6892)
They add a single item, so the names give a false impression of what
they do, making them hard to remember. Better to give them a somewhat
better name.
Fixes #6930
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6931)
Paul Kehrer [Sat, 1 Sep 2018 14:50:28 +0000 (10:50 -0400)]
add docs for OCSP_resp_get0_signature
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)
Paul Kehrer [Sat, 1 Sep 2018 04:05:55 +0000 (00:05 -0400)]
add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP
fixes #7081
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)
Eric Brown [Thu, 16 Aug 2018 15:34:39 +0000 (08:34 -0700)]
Remove redundant ASN1_INTEGER_set call
This trivial patch removes a duplicated call to ASN1_INTEGER_set.
Fixes Issue #6977
Signed-off-by: Eric Brown <browne@vmware.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6984)
Matt Caswell [Thu, 23 Aug 2018 13:37:01 +0000 (14:37 +0100)]
Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
Fixes #6490
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7044)
Erik Forsberg [Sun, 19 Aug 2018 17:24:44 +0000 (10:24 -0700)]
Fix ssl/t1_trce.c to parse certificate chains
Fixes #6994
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7009)
Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/6939)
ymlbright [Wed, 22 Aug 2018 03:22:11 +0000 (11:22 +0800)]
fix out-of-bounds write in sm2_crypt.c
asn1_encode has two form length octets: short form(1 byte), long form(1+n byte).
CLA: Trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7027)
-path is non-portable extension, fortunately it's possible to express
.git subdirectory exclusion with -prune.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7004)
Andy Polyakov [Fri, 10 Aug 2018 17:46:03 +0000 (19:46 +0200)]
rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA."
In [most common] case of p and q being of same width, it's possible to
replace CRT modulo operations with Montgomery reductions. And those are
even fixed-length Montgomery reductions...
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6915)
Andy Polyakov [Fri, 10 Aug 2018 17:31:22 +0000 (19:31 +0200)]
crypto/bn: add more fixed-top routines.
Add bn_{mul|sqr}_fixed_top, bn_from_mont_fixed_top, bn_mod_sub_fixed_top.
Switch to bn_{mul|sqr}_fixed_top in bn_mul_mont_fixed_top and remove
memset in bn_from_montgomery_word.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6915)
parasssh [Thu, 23 Aug 2018 05:42:11 +0000 (22:42 -0700)]
Fix typos in documentation.
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7038)
Matthias Kraft [Fri, 15 Jun 2018 10:36:03 +0000 (12:36 +0200)]
Extend dladdr() for AIX, consequence from changes for openssl#6368.
The shared libraries are now stored as members of archives, as it is usual
on AIX. To correctly address this the custom dladdr()-implementation as
well as the dlfcn_load() routine need to be able to cope with such a
construct: libname.a(libname.so).
Signed-off-by: Matthias Kraft <Matthias.Kraft@softwareag.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6872)
Andy Polyakov [Mon, 20 Aug 2018 07:38:36 +0000 (09:38 +0200)]
man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6998)
Andy Polyakov [Fri, 17 Aug 2018 21:04:03 +0000 (23:04 +0200)]
asn1/asn_moid.c: overhaul do_create.
Original could allocate nid and then bail out on malloc failure. Instead
allocate first *then* attempt to create object.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6998)
Matt Caswell [Wed, 22 Aug 2018 13:10:48 +0000 (14:10 +0100)]
Fix BoringSSL external test failures
We recently turned on the TLSv1.3 downgrade sentinels by default.
Unfortunately we are using a very old version of the BoringSSL test
runner which uses an old draft implementation of TLSv1.3 that also
uses the downgrade sentinels by default. The two implementations do
not play well together and were causing spurious test failures. Until
such time as we update the BoringSSL test runner we disable the failing
tests:
SendFallbackSCSV
In this test the client is OpenSSL and the server is the boring test runner.
The client and server fail to negotiate TLSv1.3 because the test runner is
using an old draft TLSv1.3 version. The server does however add the
TLSv1.3->TLSv1.2 downgrade sentinel in the ServerHello random. Since we
recently turned on checking of the downgrade sentinels on the client side
this causes the connection to fail.
VersionNegotiationExtension-TLS11
In this test the test runner is the client and OpenSSL is the server. The
test modifies the supported_versions extension sent by the client to only
include TLSv1.1 (and some other spurious versions), even though the client
does actually support TLSv1.2. The server successfully selects TLSv1.1, but
adds the TLSv1.3->TLSv1.1 downgrade sentinel. This behaviour was recently
switched on by default. The test runner then checks the downgrade sentinel
and aborts the connection because it knows that it really supports TLSv1.2.
The same as VersionNegotiationExtension-TLS11 but for TLSv1 and SSLv3.
ConflictingVersionNegotiation
In this test the client is the test runner, and OpenSSL is the server. The
client offers TLSv1.2 in ClientHello.version, but also adds a
supported_versions extension that only offers TLSv1.1. The
supported_versions extension takes precedence and the server (correctly)
selects TLSv1.1. However it also adds the TLSv1.3->TLSv1.1 downgrade
sentinel. On the client side it knows it actually offered TLSv1.2 and so the
downgrade sentinel check fails.
[extended tests]
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7013)
Matt Caswell [Mon, 20 Aug 2018 14:12:39 +0000 (15:12 +0100)]
Use the same min-max version range on the client consistently
We need to ensure that the min-max version range we use when constructing
the ClientHello is the same range we use when we validate the version
selected by the ServerHello. Otherwise this may appear as a fallback or
downgrade.
Fixes #6964
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7013)
rand_lib.c: Don't open random devices while cleaning up.
Fixes #7022
In pull request #6432 a change was made to keep the handles to the
random devices opened in order to avoid reseeding problems for
applications in chroot environments.
As a consequence, the handles of the random devices were leaked at exit
if the random generator was not used by the application. This happened,
because the call to RAND_set_rand_method(NULL) in rand_cleanup_int()
triggered a call to the call_once function do_rand_init, which opened
the random devices via rand_pool_init().
Thanks to GitHub user @bwelling for reporting this issue.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7023)
Jakub Wilk [Tue, 21 Aug 2018 16:30:34 +0000 (18:30 +0200)]
Fix typos in documentation
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7021)
Tomas Mraz [Tue, 14 Aug 2018 13:03:16 +0000 (15:03 +0200)]
Allow TLS-1.3 ciphersuites in @SECLEVEL=3 and above
The TLS-1.3 ciphersuites must not be blocked by @SECLEVEL=3 even
though they are not explicitly marked as using DH/ECDH.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6959)
Pauli [Tue, 21 Aug 2018 23:20:18 +0000 (09:20 +1000)]
Zero memory in CRYPTO_secure_malloc.
This commit destroys the free list pointers which would otherwise be
present in the returned memory blocks. This in turn helps prevent
information leakage from the secure memory area.
Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory:
before the secure memory system is initialised or if it isn't implemented.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7011)
projects / openssl / log