[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue May 26 09:44:07 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via cdc47dcf195b309f48abf11a81b957cf697da162 (commit)
via 9cab86ee0a12d640e5698a5a1995ad1583aac214 (commit)
via e40d7c1f3a31fa614760f7a9b75ae40ece5ff8bd (commit)
from 3ae6186564c7820547319b8003a442b38f64835c (commit)
- Log -----------------------------------------------------------------
commit cdc47dcf195b309f48abf11a81b957cf697da162
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:05:28 2015 +0100
Don't check for a negative SRP extension size
The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b)
commit 9cab86ee0a12d640e5698a5a1995ad1583aac214
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:02:57 2015 +0100
Fix error check in GOST engine
The return value of i2d functions can be negative if an error occurs.
Therefore don't assign the return value to an unsigned type and *then*
check if it is negative.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 90e7cdff3aa66779486914f88333f6601f0c1cf4)
commit e40d7c1f3a31fa614760f7a9b75ae40ece5ff8bd
Author: Matt Caswell <matt at openssl.org>
Date: Mon May 25 23:57:41 2015 +0100
Handle unsigned struct timeval members
The members of struct timeval on OpenVMS are unsigned. The logic for
calculating timeouts needs adjusting to deal with this.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_dgram.c | 13 +++++++------
engines/ccgost/gost94_keyx.c | 6 ++++--
ssl/t1_lib.c | 2 +-
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index ac03a6d..dc4479f 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -303,16 +303,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
- timeleft.tv_sec -= timenow.tv_sec;
- timeleft.tv_usec -= timenow.tv_usec;
- if (timeleft.tv_usec < 0) {
+ if (timeleft.tv_usec < timenow.tv_usec) {
+ timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
timeleft.tv_sec--;
- timeleft.tv_usec += 1000000;
+ } else {
+ timeleft.tv_usec -= timenow.tv_usec;
}
-
- if (timeleft.tv_sec < 0) {
+ if (timeleft.tv_sec < timenow.tv_sec) {
timeleft.tv_sec = 0;
timeleft.tv_usec = 1;
+ } else {
+ timeleft.tv_sec -= timenow.tv_sec;
}
/*
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index 85f4bc8..ce57f17 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx;
int key_is_ephemeral = 1;
+ int tmp_outlen;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */
@@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
- if (*outlen <= 0) {
+ tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
+ if (tmp_outlen <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
}
+ *outlen = tmp_outlen;
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8cde013..bf11f93 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2120,7 +2120,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
}
# ifndef OPENSSL_NO_SRP
else if (type == TLSEXT_TYPE_srp) {
- if (size <= 0 || ((len = data[0])) != (size - 1)) {
+ if (size == 0 || ((len = data[0])) != (size - 1)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
More information about the openssl-commits
mailing list