[openssl-commits] [openssl] master update
Emilia Kasper
emilia at openssl.org
Tue Sep 1 18:02:34 UTC 2015
The branch master has been updated
via 08a721ac613d69217b474a61882971ae9d4586d1 (commit)
via 394f7b6fcc38132b8ccff0a3253b9dd15640cfc0 (commit)
via 25d6b3401ca40c9a2cbe5080449c1c2a37037777 (commit)
from 8db78781069697cfa30a2261413f33f5055a2838 (commit)
- Log -----------------------------------------------------------------
commit 08a721ac613d69217b474a61882971ae9d4586d1
Author: Emilia Kasper <emilia at openssl.org>
Date: Tue Sep 1 16:11:47 2015 +0200
apps/speed.c: fix memory leak
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 394f7b6fcc38132b8ccff0a3253b9dd15640cfc0
Author: Emilia Kasper <emilia at openssl.org>
Date: Tue Sep 1 14:56:58 2015 +0200
RT4002: check for NULL cipher in p12_crpt.c
The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 25d6b3401ca40c9a2cbe5080449c1c2a37037777
Author: Emilia Kasper <emilia at openssl.org>
Date: Tue Sep 1 13:19:15 2015 +0200
RT 3493: fix RSA test
- Pass in the right ciphertext length to ensure we're indeed testing
ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 6 ++----
crypto/pkcs12/p12_crpt.c | 3 +++
test/rsa_test.c | 32 ++++++++++++++++++++------------
3 files changed, 25 insertions(+), 16 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index b4722f1..297ea52 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -575,7 +575,6 @@ int speed_main(int argc, char **argv)
long c[ALGOR_NUM][SIZE_NUM], count = 0, save_count = 0;
unsigned char *buf_malloc = NULL, *buf2_malloc = NULL;
unsigned char *buf = NULL, *buf2 = NULL;
- unsigned char *save_buf = NULL, *save_buf2 = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
#ifndef NO_FORK
int multi = 0;
@@ -2183,8 +2182,8 @@ int speed_main(int argc, char **argv)
end:
ERR_print_errors(bio_err);
- OPENSSL_free(save_buf);
- OPENSSL_free(save_buf2);
+ OPENSSL_free(buf_malloc);
+ OPENSSL_free(buf2_malloc);
#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
RSA_free(rsa_key[i]);
@@ -2201,7 +2200,6 @@ int speed_main(int argc, char **argv)
EC_KEY_free(ecdh_b[i]);
}
#endif
-
return (ret);
}
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 08be40c..e7d5ac9 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -76,6 +76,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
unsigned char *salt;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+ if (cipher == NULL)
+ return 0;
+
/* Extract useful info from parameter */
pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
diff --git a/test/rsa_test.c b/test/rsa_test.c
index e971295..85c7440 100644
--- a/test/rsa_test.c
+++ b/test/rsa_test.c
@@ -297,22 +297,30 @@ int main(int argc, char *argv[])
} else
printf("OAEP encryption/decryption ok\n");
- /* Try decrypting corrupted ciphertexts */
+ /* Try decrypting corrupted ciphertexts. */
for (n = 0; n < clen; ++n) {
- int b;
- unsigned char saved = ctext[n];
- for (b = 0; b < 256; ++b) {
- if (b == saved)
- continue;
- ctext[n] = b;
- num = RSA_private_decrypt(num, ctext, ptext, key,
+ ctext[n] ^= 1;
+ num = RSA_private_decrypt(clen, ctext, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (num > 0) {
- printf("Corrupt data decrypted!\n");
- err = 1;
- }
+ if (num > 0) {
+ printf("Corrupt data decrypted!\n");
+ err = 1;
+ break;
}
+ ctext[n] ^= 1;
}
+
+ /* Test truncated ciphertexts, as well as negative length. */
+ for (n = -1; n < clen; ++n) {
+ num = RSA_private_decrypt(n, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ printf("Truncated data decrypted!\n");
+ err = 1;
+ break;
+ }
+ }
+
next:
RSA_free(key);
}
More information about the openssl-commits
mailing list