[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Tue Aug 11 21:30:13 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 396e30044910df29b81a416de42a94eb4355cd70 (commit)
via 402634f8aaf2f2c83b2cc648a0ae376247b029f4 (commit)
from b11980d79a52ec08844f08bea0e66c04b691840b (commit)
- Log -----------------------------------------------------------------
commit 396e30044910df29b81a416de42a94eb4355cd70
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 11 19:38:39 2015 +0100
Fix "make test" seg fault with SCTP enabled
When config'd with "sctp" running "make test" causes a seg fault. This is
actually due to the way ssltest works - it dives under the covers and frees
up BIOs manually and so some BIOs are NULL when the SCTP code does not
expect it. The simplest fix is just to add some sanity checks to make sure
the BIOs aren't NULL before we use them.
This problem occurs in master and 1.0.2. The fix has also been applied to
1.0.1 to keep the code in sync.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(cherry picked from commit f75d5171be0b3b5419c8974133e1573cf976a8bb)
commit 402634f8aaf2f2c83b2cc648a0ae376247b029f4
Author: Matt Caswell <matt at openssl.org>
Date: Tue Aug 11 19:36:43 2015 +0100
Fix missing return value checks in SCTP
There are some missing return value checks in the SCTP code. In master this
was causing a compilation failure when config'd with
"--strict-warnings sctp".
Reviewed-by: Tim Hudson <tjh at openssl.org>
(cherry picked from commit d8e8590ed90eba6ef651d09d77befb14f980de2c)
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_both.c | 7 +++++--
ssl/d1_clnt.c | 16 ++++++++++++----
ssl/d1_srvr.c | 18 +++++++++++++-----
3 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 8dd8ea3..d453c07 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1490,9 +1490,12 @@ int dtls1_shutdown(SSL *s)
{
int ret;
#ifndef OPENSSL_NO_SCTP
- if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+ BIO *wbio;
+
+ wbio = SSL_get_wbio(s);
+ if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
!(s->shutdown & SSL_SENT_SHUTDOWN)) {
- ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+ ret = BIO_dgram_sctp_wait_for_dry(wbio);
if (ret < 0)
return -1;
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 377c1e6..a9c4ed0 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -350,11 +350,15 @@ int dtls1_connect(SSL *s)
sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey),
labelbuffer,
sizeof(labelbuffer), NULL, 0,
- 0);
+ 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
@@ -484,9 +488,13 @@ int dtls1_connect(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 41c7dc5..d716f0a 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -405,9 +405,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
- sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
@@ -628,9 +632,13 @@ int dtls1_accept(SSL *s)
snprintf((char *)labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
DTLS1_SCTP_AUTH_LABEL);
- SSL_export_keying_material(s, sctpauthkey,
+ if (SSL_export_keying_material(s, sctpauthkey,
sizeof(sctpauthkey), labelbuffer,
- sizeof(labelbuffer), NULL, 0, 0);
+ sizeof(labelbuffer), NULL, 0, 0) <= 0) {
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
+ }
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
sizeof(sctpauthkey), sctpauthkey);
More information about the openssl-commits
mailing list