[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
Matt Caswell
matt at openssl.org
Tue May 26 09:44:19 UTC 2015
The branch OpenSSL_1_0_1-stable has been updated
via 029e8f3ac9d54133c37145ad8d86208f0ffa26fa (commit)
via 28ea6ad61277a498c859eea75385b28629206f50 (commit)
via 4ae1c7771d940981ba465788266cd4fc00a304c4 (commit)
from dbcf8e331966f6c05e37f601128724e4540402cd (commit)
- Log -----------------------------------------------------------------
commit 029e8f3ac9d54133c37145ad8d86208f0ffa26fa
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:05:28 2015 +0100
Don't check for a negative SRP extension size
The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b)
commit 28ea6ad61277a498c859eea75385b28629206f50
Author: Matt Caswell <matt at openssl.org>
Date: Tue May 26 00:02:57 2015 +0100
Fix error check in GOST engine
The return value of i2d functions can be negative if an error occurs.
Therefore don't assign the return value to an unsigned type and *then*
check if it is negative.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 90e7cdff3aa66779486914f88333f6601f0c1cf4)
commit 4ae1c7771d940981ba465788266cd4fc00a304c4
Author: Matt Caswell <matt at openssl.org>
Date: Mon May 25 23:57:41 2015 +0100
Handle unsigned struct timeval members
The members of struct timeval on OpenVMS are unsigned. The logic for
calculating timeouts needs adjusting to deal with this.
RT#3862
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_dgram.c | 13 +++++++------
engines/ccgost/gost94_keyx.c | 6 ++++--
ssl/t1_lib.c | 2 +-
3 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 8035213..e3e3dd0 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
/* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
- timeleft.tv_sec -= timenow.tv_sec;
- timeleft.tv_usec -= timenow.tv_usec;
- if (timeleft.tv_usec < 0) {
+ if (timeleft.tv_usec < timenow.tv_usec) {
+ timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
timeleft.tv_sec--;
- timeleft.tv_usec += 1000000;
+ } else {
+ timeleft.tv_usec -= timenow.tv_usec;
}
-
- if (timeleft.tv_sec < 0) {
+ if (timeleft.tv_sec < timenow.tv_sec) {
timeleft.tv_sec = 0;
timeleft.tv_usec = 1;
+ } else {
+ timeleft.tv_sec -= timenow.tv_sec;
}
/*
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index 85f4bc8..ce57f17 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx;
int key_is_ephemeral = 1;
+ int tmp_outlen;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */
@@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
}
ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
- *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
- if (*outlen <= 0) {
+ tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
+ if (tmp_outlen <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err;
}
+ *outlen = tmp_outlen;
if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1ad2507..36ea9b0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1134,7 +1134,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
}
# ifndef OPENSSL_NO_SRP
else if (type == TLSEXT_TYPE_srp) {
- if (size <= 0 || ((len = data[0])) != (size - 1)) {
+ if (size == 0 || ((len = data[0])) != (size - 1)) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
More information about the openssl-commits
mailing list