[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Fri Jun 3 19:33:44 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 96f1de5bf40af27db3df91c106d799fa86165eb9 (commit)
via f3cab0b11ffd1e1816f34a2880493ff1a3313f49 (commit)
from 782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit)
- Log -----------------------------------------------------------------
commit 96f1de5bf40af27db3df91c106d799fa86165eb9
Author: Matt Caswell <matt at openssl.org>
Date: Fri Jun 3 15:53:54 2016 +0100
BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit f3cab0b11ffd1e1816f34a2880493ff1a3313f49
Author: Jonas Maebe <jonas.maebe at elis.ugent.be>
Date: Sun Dec 8 17:24:18 2013 +0100
cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell
RT#3198
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/b_print.c | 12 +++++++++---
crypto/engine/eng_cryptodev.c | 23 ++++++++++++++++-------
2 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 90248fa..987fe06 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -423,9 +423,15 @@ _dopr(char **sbuffer,
break;
}
}
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
+ /*
+ * We have to truncate if there is no dynamic buffer and we have filled the
+ * static buffer.
+ */
+ if (buffer == NULL) {
+ *truncated = (currlen > *maxlen - 1);
+ if (*truncated)
+ currlen = *maxlen - 1;
+ }
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
return 0;
*retlen = currlen - 1;
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 8fb9c33..5a2ca6d 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -26,6 +26,7 @@
*
*/
+#include <string.h>
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
@@ -1064,8 +1065,7 @@ static void zapparams(struct crypt_kop *kop)
int i;
for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
- if (kop->crk_param[i].crp_p)
- free(kop->crk_param[i].crp_p);
+ OPENSSL_free(kop->crk_param[i].crp_p);
kop->crk_param[i].crp_p = NULL;
kop->crk_param[i].crp_nbits = 0;
}
@@ -1078,16 +1078,25 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
int fd, ret = -1;
if ((fd = get_asym_dev_crypto()) < 0)
- return (ret);
+ return ret;
if (r) {
- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+ kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen);
+ if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
+ return ret;
+ memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen);
kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
kop->crk_oparams++;
}
if (s) {
- kop->crk_param[kop->crk_iparams + 1].crp_p =
- calloc(slen, sizeof(char));
+ kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen);
+ /* No need to free the kop->crk_iparams parameter if it was allocated,
+ * callers of this routine have to free allocated parameters through
+ * zapparams both in case of success and failure
+ */
+ if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
+ return ret;
+ memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen);
kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
kop->crk_oparams++;
}
@@ -1100,7 +1109,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
ret = 0;
}
- return (ret);
+ return ret;
}
static int
More information about the openssl-commits
mailing list