[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Dr. Stephen Henson
steve at openssl.org
Fri Aug 14 12:41:57 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 50e56c1d8c681b8e8a070487645370f0f7c1ee9e (commit)
via 2d172503687dd4c05193edf4d8242625fedc5806 (commit)
via aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2 (commit)
from 396e30044910df29b81a416de42a94eb4355cd70 (commit)
- Log -----------------------------------------------------------------
commit 50e56c1d8c681b8e8a070487645370f0f7c1ee9e
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:38:11 2015 +0100
Return error for unsupported modes.
PR#3974
PR#3975
Reviewed-by: Matt Caswell <matt at openssl.org>
Conflicts:
crypto/evp/evp_lib.c
commit 2d172503687dd4c05193edf4d8242625fedc5806
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:37:44 2015 +0100
Fix memory leak if setup fails.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 891eac4604b5f05413e59602fae1f11136f4719a)
Conflicts:
crypto/cms/cms_enc.c
commit aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Sat Aug 1 15:37:01 2015 +0100
Err isn't always malloc failure.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit a187e08d856690b5c1da3184d0ff560d572f893b)
Conflicts:
crypto/cms/cms_smime.c
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_smime.c | 2 +-
crypto/evp/evp_lib.c | 33 +++++++++++++++++++++++++++------
3 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..b14b4b6 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
ok = 1;
err:
- if (ec->key && !keep_key) {
+ if (ec->key && (!keep_key || !ok)) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
ec->key = NULL;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8b37560..f45693a 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -714,7 +714,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
BIO *cmsbio;
int ret = 0;
if (!(cmsbio = CMS_dataInit(cms, dcont))) {
- CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index d4d2b4b..b16d623 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -67,9 +67,19 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->set_asn1_parameters != NULL)
ret = c->cipher->set_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_set_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_set_asn1_iv(c, type);
+ }
+ } else
ret = -1;
return (ret);
}
@@ -80,9 +90,20 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->get_asn1_parameters != NULL)
ret = c->cipher->get_asn1_parameters(c, type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret = EVP_CIPHER_get_asn1_iv(c, type);
- else
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+ switch (EVP_CIPHER_CTX_mode(c)) {
+
+ case EVP_CIPH_GCM_MODE:
+ case EVP_CIPH_CCM_MODE:
+ case EVP_CIPH_XTS_MODE:
+ ret = -1;
+ break;
+
+ default:
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ break;
+ }
+ } else
ret = -1;
return (ret);
}
More information about the openssl-commits
mailing list