[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Emilia Kasper emilia at openssl.org
Tue Sep 1 18:08:44 UTC 2015


The branch OpenSSL_1_0_2-stable has been updated
       via  59793f5c1e0138928d9e5fc24c743d8e38d450e1 (commit)
       via  5f623eb61655688501cb1817a7ad0592299d894a (commit)
      from  542591740667b17642ad300c357b5d8045c8ccda (commit)


- Log -----------------------------------------------------------------
commit 59793f5c1e0138928d9e5fc24c743d8e38d450e1
Author: Emilia Kasper <emilia at openssl.org>
Date:   Tue Sep 1 14:56:58 2015 +0200

    RT4002: check for NULL cipher in p12_crpt.c
    
    The NULL cipher case can't actually happen because we have no
    EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
    PKCS12_PBE_keyivgen. But make the code more obviously correct.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 394f7b6fcc38132b8ccff0a3253b9dd15640cfc0)

commit 5f623eb61655688501cb1817a7ad0592299d894a
Author: Emilia Kasper <emilia at openssl.org>
Date:   Tue Sep 1 13:19:15 2015 +0200

    RT 3493: fix RSA test
    
    - Pass in the right ciphertext length to ensure we're indeed testing
      ciphertext corruption (and not truncation).
    - Only test one mutation per byte to not make the test too slow.
    - Add a separate test for truncated ciphertexts.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 25d6b3401ca40c9a2cbe5080449c1c2a37037777)

-----------------------------------------------------------------------

Summary of changes:
 crypto/pkcs12/p12_crpt.c |  3 +++
 crypto/rsa/rsa_test.c    | 32 ++++++++++++++++++++------------
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 3a166e6..9c2dcab 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -77,6 +77,9 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
     const unsigned char *pbuf;
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
+    if (cipher == NULL)
+        return 0;
+
     /* Extract useful info from parameter */
     if (param == NULL || param->type != V_ASN1_SEQUENCE ||
         param->value.sequence == NULL) {
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
index e971295..85c7440 100644
--- a/crypto/rsa/rsa_test.c
+++ b/crypto/rsa/rsa_test.c
@@ -297,22 +297,30 @@ int main(int argc, char *argv[])
         } else
             printf("OAEP encryption/decryption ok\n");
 
-        /* Try decrypting corrupted ciphertexts */
+        /* Try decrypting corrupted ciphertexts. */
         for (n = 0; n < clen; ++n) {
-            int b;
-            unsigned char saved = ctext[n];
-            for (b = 0; b < 256; ++b) {
-                if (b == saved)
-                    continue;
-                ctext[n] = b;
-                num = RSA_private_decrypt(num, ctext, ptext, key,
+            ctext[n] ^= 1;
+            num = RSA_private_decrypt(clen, ctext, ptext, key,
                                           RSA_PKCS1_OAEP_PADDING);
-                if (num > 0) {
-                    printf("Corrupt data decrypted!\n");
-                    err = 1;
-                }
+            if (num > 0) {
+                printf("Corrupt data decrypted!\n");
+                err = 1;
+                break;
             }
+            ctext[n] ^= 1;
         }
+
+        /* Test truncated ciphertexts, as well as negative length. */
+        for (n = -1; n < clen; ++n) {
+            num = RSA_private_decrypt(n, ctext, ptext, key,
+                                      RSA_PKCS1_OAEP_PADDING);
+            if (num > 0) {
+                printf("Truncated data decrypted!\n");
+                err = 1;
+                break;
+            }
+        }
+
  next:
         RSA_free(key);
     }


More information about the openssl-commits mailing list