[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Aug 12 13:15:42 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 5859bc62f3dc79aea2844f0349cfa9dcbd570dfb (commit)
via 056df45ed12527bea484c952227c09ad49e31d2d (commit)
via e9da86627a271d9d1ad04e47115d26fab4a21c1b (commit)
from 0b12fa75c9df5c2c9c2f5094514323360c0af981 (commit)
- Log -----------------------------------------------------------------
commit 5859bc62f3dc79aea2844f0349cfa9dcbd570dfb
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:38:11 2015 +0100
Return error for unsupported modes.
PR#3974
PR#3975
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 056df45ed12527bea484c952227c09ad49e31d2d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:37:44 2015 +0100
Fix memory leak if setup fails.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 891eac4604b5f05413e59602fae1f11136f4719a)
Conflicts:
crypto/cms/cms_enc.c
commit e9da86627a271d9d1ad04e47115d26fab4a21c1b
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:37:01 2015 +0100
Err isn't always malloc failure.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit a187e08d856690b5c1da3184d0ff560d572f893b)
Conflicts:
crypto/cms/cms_smime.c
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_smime.c | 2 +-
crypto/evp/evp_lib.c | 33 ++++++++++++++++++++++++++++-----
3 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..b14b4b6 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
ok = 1;
err:
- if (ec->key && !keep_key) {
+ if (ec->key && (!keep_key || !ok)) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
ec->key = NULL;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 5522a37..07e3472 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -754,7 +754,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
BIO *cmsbio;
int ret = 0;
if (!(cmsbio = CMS_dataInit(cms, dcont))) {
- CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index a53a27c..d2c9ae4 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -72,11 +72,21 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
- if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+ case EVP_CIPH_WRAP_MODE:
ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
ret = 1;
- } else
+ break;
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
ret = EVP_CIPHER_set_asn1_iv(c, type);
+ }
} else
ret = -1;
return (ret);
@@ -89,9 +99,22 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
- if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE)
- return 1;
- ret = EVP_CIPHER_get_asn1_iv(c, type);
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_WRAP_MODE:
+ ret = 1;
+ break;
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ break;
+ }
} else
ret = -1;
return (ret);
More information about the openssl-commits
mailing list