diff --git a/ChangeLog.txt b/ChangeLog.txt index 97af0ede4c..9518b336cf 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -7,6 +7,26 @@ Entries may not always be in chronological/commit order. See license at the end of file. */ +2025-01-18 09:33 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) + * contrib/hbssl/evp.c + * clear key and iv buffers before passing them to EVP_BytesToKey() + otherwise some uninitialized bytes are accessed and valgrind reports + uninitialized memory access + + * contrib/hbssl/evpciph.c + ! fixed typo in index in my previous commit + + * contrib/hbssl/tests/digest.prg + ! use OPENSSL_VERSION_NUMBER() instead OPENSSL_VERSION() to retrieve + OpenSSL version number + + * contrib/hbssl/tests/inetssl.prg + * updated to use 2048 RSA certificates instead of 1024 ones which are + no more supported by modern OpenSSL libraries + + * contrib/hbssl/tests/pem.prg + * cleaned output + 2025-01-18 05:03 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rdd/dbfnsx/dbfnsx1.c * src/rtl/dates.c diff --git a/contrib/hbssl/evp.c b/contrib/hbssl/evp.c index a2d3e0a555..0e133ba7d3 100644 --- a/contrib/hbssl/evp.c +++ b/contrib/hbssl/evp.c @@ -96,6 +96,9 @@ HB_FUNC( EVP_BYTESTOKEY ) unsigned char key[ EVP_MAX_KEY_LENGTH ]; unsigned char iv[ EVP_MAX_IV_LENGTH ]; + memset( key, 0, sizeof( key ) ); + memset( iv, 0, sizeof( iv ) ); + hb_retni( EVP_BytesToKey( cipher, ( HB_SSL_CONST EVP_MD * ) md, ( HB_SSL_CONST unsigned char * ) hb_parc( 3 ) /* salt */, diff --git a/contrib/hbssl/evpciph.c b/contrib/hbssl/evpciph.c index 6c21c4ac6a..19b50b8cae 100644 --- a/contrib/hbssl/evpciph.c +++ b/contrib/hbssl/evpciph.c @@ -1030,7 +1030,7 @@ HB_FUNC( EVP_SEALINIT ) npubk = ( int ) hb_arrayLen( pArray = hb_param( 5, HB_IT_ARRAY ) ); for( tmp = 1; tmp <= npubk; ++tmp ) { - if( hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp + 1 ) ) == NULL ) + if( hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp ) ) == NULL ) { npubk = 0; break; diff --git a/contrib/hbssl/tests/digest.prg b/contrib/hbssl/tests/digest.prg index cb543384f0..04f4696f0e 100644 --- a/contrib/hbssl/tests/digest.prg +++ b/contrib/hbssl/tests/digest.prg @@ -17,7 +17,7 @@ PROCEDURE Main() OpenSSL_add_all_digests() OpenSSL_add_all_ciphers() - ? "Version built against:", hb_NumToHex( OPENSSL_VERSION() ) + ? "Version built against:", hb_NumToHex( OPENSSL_VERSION_NUMBER() ) ? "Version loaded:", hb_NumToHex( SSLeay() ) ctx := EVP_MD_CTX_create() diff --git a/contrib/hbssl/tests/inetssl.prg b/contrib/hbssl/tests/inetssl.prg index 727a45af9b..dfe783bff4 100644 --- a/contrib/hbssl/tests/inetssl.prg +++ b/contrib/hbssl/tests/inetssl.prg @@ -156,12 +156,12 @@ STATIC FUNCTION LoadCertificates( ssl_ctx, cCertFile, cKeyFile ) /* Server using hb_inetSSL_ACCEPT() needs certificates, they can be generated using the following command: - openssl req -x509 -nodes -days 365 -newkey rsa:1024 \ + openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -out -keyout */ IF ! hb_FileExists( cCertFile ) .AND. ! hb_FileExists( cKeyFile ) ? "SERVER: generating certificates..." - hb_run( "openssl req -x509 -nodes -days 365 -newkey rsa:1024 " + ; + hb_run( "openssl req -x509 -nodes -days 365 -newkey rsa:2048 " + ; "-out " + cCertFile + " -keyout " + cKeyFile ) ENDIF diff --git a/contrib/hbssl/tests/pem.prg b/contrib/hbssl/tests/pem.prg index 32bf8d9b70..504ea0ffe4 100644 --- a/contrib/hbssl/tests/pem.prg +++ b/contrib/hbssl/tests/pem.prg @@ -12,8 +12,8 @@ PROCEDURE Main() SSL_init() - ? ERR_load_PEM_strings() - ? OpenSSL_add_all_algorithms() + ERR_load_PEM_strings() + OpenSSL_add_all_algorithms() bioe := BIO_new_fd( 1, HB_BIO_NOCLOSE ) @@ -66,6 +66,7 @@ B0NDIZKbaPJHHPb9Ne7nQECzv0/kzmAley9UMTZ1M7fq6KYemR0LsA== STATIC FUNCTION cb_function( lWrite ) ? "Callback (func)", lWrite + ? RETURN "test"