[openssl-commits] [openssl] master update

Kurt Roeckx kurt at openssl.org
Wed Oct 7 17:00:09 UTC 2015 

The branch master has been updated
       via  8314146ac57059f6d4095ef23e30ccdeb4699938 (commit)
       via  c804d23d73bb2f3f6ffe29fbda4dd2fa151fa243 (commit)
       via  99c203337574d967c86ffbfa13f40ace51048485 (commit)
       via  d6e92c0bd6c36fc68291e79ef5753fd7f0420695 (commit)
       via  f92768e6f5259069bd21dbed2b98b3423c1dfca4 (commit)
      from  68a166285102a7cf5dadee763243ae575c5cee77 (commit)


- Log -----------------------------------------------------------------
commit 8314146ac57059f6d4095ef23e30ccdeb4699938
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Wed May 6 10:15:28 2015 +0200

    Don't check pointer we just freed, always set it to NULL.
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231

commit c804d23d73bb2f3f6ffe29fbda4dd2fa151fa243
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Tue May 5 11:20:39 2015 +0200

    Move BN_CTX_start() call so the error case can always call BN_CTX_end().
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231

commit 99c203337574d967c86ffbfa13f40ace51048485
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Tue May 5 11:20:39 2015 +0200

    Move BN_CTX_start() call so the error case can always call BN_CTX_end().
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231

commit d6e92c0bd6c36fc68291e79ef5753fd7f0420695
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Wed May 6 09:55:28 2015 +0200

    Properly check return type of DH_compute_key()
    
    It returns -1 on error, not 0.
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231

commit f92768e6f5259069bd21dbed2b98b3423c1dfca4
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Wed May 6 11:31:27 2015 +0200

    Set flags to 0 before calling BN_with_flags()
    
    BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
    overwrites everything else.
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/tasn_fre.c | 3 +--
 crypto/bn/bn_gcd.c     | 2 ++
 crypto/dsa/dsa_gen.c   | 3 ++-
 crypto/rsa/rsa_eay.c   | 3 ++-
 test/dhtest.c          | 4 ++--
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index e219e2c..bd955d9 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -249,6 +249,5 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
         ASN1_STRING_free((ASN1_STRING *)*pval);
         break;
     }
-    if (*pval)
-        *pval = NULL;
+    *pval = NULL;
 }
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 17c6cf5..0264319 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -599,6 +599,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pB = &local_B;
+        local_B.flags = 0;
         BN_with_flags(pB, B, BN_FLG_CONSTTIME);
         if (!BN_nnmod(B, pB, A, ctx))
             goto err;
@@ -626,6 +627,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pA = &local_A;
+        local_A.flags = 0;
         BN_with_flags(pA, A, BN_FLG_CONSTTIME);
 
         /* (D, M) := (A/B, A%B) ... */
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 97110ef..056e500 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -145,10 +145,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
 
+    BN_CTX_start(ctx);
+
     if ((mont = BN_MONT_CTX_new()) == NULL)
         goto err;
 
-    BN_CTX_start(ctx);
     r0 = BN_CTX_get(ctx);
     g = BN_CTX_get(ctx);
     W = BN_CTX_get(ctx);
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 511ecb8..837e915 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -717,6 +717,8 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
     BIGNUM *dmp1, *dmq1, *c, *pr1;
     int ret = 0;
 
+    BN_CTX_start(ctx);
+
     local_dmp1 = BN_new();
     local_dmq1 = BN_new();
     local_c = BN_new();
@@ -724,7 +726,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
     if (!local_dmp1 || !local_dmq1 || !local_c || !local_r1)
         goto err;
 
-    BN_CTX_start(ctx);
     r1 = BN_CTX_get(ctx);
     m1 = BN_CTX_get(ctx);
     vrfy = BN_CTX_get(ctx);
diff --git a/test/dhtest.c b/test/dhtest.c
index 9ce92ee..896af85 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -515,9 +515,9 @@ static int run_rfc5114_tests(void)
          * Work out shared secrets using both sides and compare with expected
          * values.
          */
-        if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+        if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1)
             goto bad_err;
-        if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+        if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1)
             goto bad_err;
 
         if (memcmp(Z1, td->Z, td->Z_len))

More information about the openssl-commits mailing list