[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Kurt Roeckx kurt at openssl.org
Wed Oct 7 18:40:32 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52 (commit)
       via  738b8e6bc2331ae9230411d88b8a100614f80457 (commit)
       via  6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31 (commit)
      from  cba874539596a3f6563c4b462793a99965bcf1e1 (commit)


- Log -----------------------------------------------------------------
commit cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Tue May 5 11:20:39 2015 +0200

    Move BN_CTX_start() call so the error case can always call BN_CTX_end().
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231
    
    (cherry picked from commit 99c203337574d967c86ffbfa13f40ace51048485)

commit 738b8e6bc2331ae9230411d88b8a100614f80457
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Wed May 6 09:55:28 2015 +0200

    Properly check return type of DH_compute_key()
    
    It returns -1 on error, not 0.
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231
    
    (cherry picked from commit d6e92c0bd6c36fc68291e79ef5753fd7f0420695)

commit 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date:   Wed May 6 11:31:27 2015 +0200

    Set flags to 0 before calling BN_with_flags()
    
    BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
    overwrites everything else.
    
    Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    MR #1231
    
    (cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_gcd.c   | 2 ++
 crypto/dh/dhtest.c   | 4 ++--
 crypto/dsa/dsa_gen.c | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab..ce59fe7 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pB = &local_B;
+        local_B.flags = 0;
         BN_with_flags(pB, B, BN_FLG_CONSTTIME);
         if (!BN_nnmod(B, pB, A, ctx))
             goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
          * BN_div_no_branch will be called eventually.
          */
         pA = &local_A;
+        local_A.flags = 0;
         BN_with_flags(pA, A, BN_FLG_CONSTTIME);
 
         /* (D, M) := (A/B, A%B) ... */
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index c9dd76b..6fe8ff4 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -533,9 +533,9 @@ static int run_rfc5114_tests(void)
          * Work out shared secrets using both sides and compare with expected
          * values.
          */
-        if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+        if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1)
             goto bad_err;
-        if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+        if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1)
             goto bad_err;
 
         if (memcmp(Z1, td->Z, td->Z_len))
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 9d3b59e..6bc86dd 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -179,10 +179,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
 
+    BN_CTX_start(ctx);
+
     if ((mont = BN_MONT_CTX_new()) == NULL)
         goto err;
 
-    BN_CTX_start(ctx);
     r0 = BN_CTX_get(ctx);
     g = BN_CTX_get(ctx);
     W = BN_CTX_get(ctx);


More information about the openssl-commits mailing list