[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue May 26 09:43:55 UTC 2015
The branch master has been updated
via 9c89d290834f3ed9146eeb8b64fe5de817679a0b (commit)
via 90e7cdff3aa66779486914f88333f6601f0c1cf4 (commit)
via fc52ac9028b9492fb086ba35a3352ea46e03ecfc (commit)
from f8a35ccc576b026e9ca0ccaedba3740627d67a04 (commit)
- Log -----------------------------------------------------------------
commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:05:28 2015 +0100
Don't check for a negative SRP extension size
The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 90e7cdff3aa66779486914f88333f6601f0c1cf4
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:02:57 2015 +0100
Fix error check in GOST engine
The return value of i2d functions can be negative if an error occurs.
Therefore don't assign the return value to an unsigned type and *then*
check if it is negative.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc
Author: Matt Caswell <matt at openssl.org>
Date: Mon May 25 23:57:41 2015 +0100
Handle unsigned struct timeval members
The members of struct timeval on OpenVMS are unsigned. The logic for
calculating timeouts needs adjusting to deal with this.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_dgram.c | 13 +++++++------
engines/ccgost/gost94_keyx.c | 6 ++++--
ssl/t1_lib.c | 2 +-
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 58725a1..5eade50 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -305,16 +305,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
- timeleft.tv_sec -= timenow.tv_sec;
- timeleft.tv_usec -= timenow.tv_usec;
- if (timeleft.tv_usec < 0) {
+ if (timeleft.tv_usec < timenow.tv_usec) {
+ timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
timeleft.tv_sec--;
- timeleft.tv_usec += 1000000;
+ } else {
+ timeleft.tv_usec -= timenow.tv_usec;
}
-
- if (timeleft.tv_sec < 0) {
+ if (timeleft.tv_sec < timenow.tv_sec) {
timeleft.tv_sec = 0;
timeleft.tv_usec = 1;
+ } else {
+ timeleft.tv_sec -= timenow.tv_sec;
}
/*
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index db7d402..b529c8e 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -105,6 +105,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx;
int key_is_ephemeral = 1;
+ int tmp_outlen;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */
@@ -175,12 +176,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
- if (*outlen <= 0) {
+ tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
+ if (tmp_outlen <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
}
+ *outlen = tmp_outlen;
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ce010ca..a161dcc 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2047,7 +2047,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
#ifndef OPENSSL_NO_SRP
else if (type == TLSEXT_TYPE_srp) {
- if (size <= 0 || ((len = data[0])) != (size - 1)) {
+ if (size == 0 || ((len = data[0])) != (size - 1)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
More information about the openssl-commits
mailing list