[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Kurt Roeckx
kurt at openssl.org
Wed Oct 7 18:40:32 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52 (commit)
via 738b8e6bc2331ae9230411d88b8a100614f80457 (commit)
via 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31 (commit)
from cba874539596a3f6563c4b462793a99965bcf1e1 (commit)
- Log -----------------------------------------------------------------
commit cc1cdc5df5e80883de20d6f59ecfc4505bbb3e52
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date: Tue May 5 11:20:39 2015 +0200
Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR #1231
(cherry picked from commit 99c203337574d967c86ffbfa13f40ace51048485)
commit 738b8e6bc2331ae9230411d88b8a100614f80457
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date: Wed May 6 09:55:28 2015 +0200
Properly check return type of DH_compute_key()
It returns -1 on error, not 0.
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR #1231
(cherry picked from commit d6e92c0bd6c36fc68291e79ef5753fd7f0420695)
commit 6481be7346baea1ce0dcfe0a1ff28b0f44e9ce31
Author: Pascal Cuoq <cuoq at trust-in-soft.com>
Date: Wed May 6 11:31:27 2015 +0200
Set flags to 0 before calling BN_with_flags()
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.
Signed-off-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
MR #1231
(cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_gcd.c | 2 ++
crypto/dh/dhtest.c | 4 ++--
crypto/dsa/dsa_gen.c | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 97c55ab..ce59fe7 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -583,6 +583,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pB = &local_B;
+ local_B.flags = 0;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, pB, A, ctx))
goto err;
@@ -610,6 +611,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
* BN_div_no_branch will be called eventually.
*/
pA = &local_A;
+ local_A.flags = 0;
BN_with_flags(pA, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index c9dd76b..6fe8ff4 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -533,9 +533,9 @@ static int run_rfc5114_tests(void)
* Work out shared secrets using both sides and compare with expected
* values.
*/
- if (!DH_compute_key(Z1, dhB->pub_key, dhA))
+ if (DH_compute_key(Z1, dhB->pub_key, dhA) == -1)
goto bad_err;
- if (!DH_compute_key(Z2, dhA->pub_key, dhB))
+ if (DH_compute_key(Z2, dhA->pub_key, dhB) == -1)
goto bad_err;
if (memcmp(Z1, td->Z, td->Z_len))
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 9d3b59e..6bc86dd 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -179,10 +179,11 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
if ((ctx = BN_CTX_new()) == NULL)
goto err;
+ BN_CTX_start(ctx);
+
if ((mont = BN_MONT_CTX_new()) == NULL)
goto err;
- BN_CTX_start(ctx);
r0 = BN_CTX_get(ctx);
g = BN_CTX_get(ctx);
W = BN_CTX_get(ctx);
More information about the openssl-commits
mailing list