[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Tue May 31 12:09:08 UTC 2016


The branch master has been updated
       via  f72f00d49549c6620d7101f5e9bf7963da6df9ee (commit)
       via  cc7113e8def99702ed59594e9eb7fea0bd1db518 (commit)
      from  a7cbe963c3c486e336babf224f68f294c55489cf (commit)


- Log -----------------------------------------------------------------
commit f72f00d49549c6620d7101f5e9bf7963da6df9ee
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri May 27 14:18:40 2016 +0100

    Parameter copy sanity checks.
    
    Don't copy parameters is they're already present in the destination.
    Return error if an attempt is made to copy different parameters to
    destination. Update documentation.
    
    If key type is not initialised return missing parameters
    
    RT#4149
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

commit cc7113e8def99702ed59594e9eb7fea0bd1db518
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Fri May 27 13:37:11 2016 +0100

    return error in ct_move_scts()
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_ameth.c        | 2 +-
 crypto/dsa/dsa_ameth.c      | 2 +-
 crypto/ec/ec_ameth.c        | 2 +-
 crypto/evp/p_lib.c          | 8 ++++++++
 doc/crypto/EVP_PKEY_cmp.pod | 4 +++-
 ssl/ssl_lib.c               | 2 +-
 6 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 222cb20..b7b3717 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -437,7 +437,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 
 static int dh_missing_parameters(const EVP_PKEY *a)
 {
-    if (!a->pkey.dh->p || !a->pkey.dh->g)
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
         return 1;
     return 0;
 }
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 1bb11a9..a53247c 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -266,7 +266,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
 {
     DSA *dsa;
     dsa = pkey->pkey.dsa;
-    if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
         return 1;
     return 0;
 }
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 684da95..6567a2f 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -292,7 +292,7 @@ static int ec_security_bits(const EVP_PKEY *pkey)
 
 static int ec_missing_parameters(const EVP_PKEY *pkey)
 {
-    if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
         return 1;
     return 0;
 }
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 0b7884f..0b50d32 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -84,6 +84,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
         EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
         goto err;
     }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
     if (from->ameth && from->ameth->param_copy)
         return from->ameth->param_copy(to, from);
  err:
diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
index 4e1f78b..7c9e582 100644
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
 doesn't use parameters.
 
 The function EVP_PKEY_copy_parameters() copies the parameters from key
-B<from> to key B<to>.
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.
 
 The function EVP_PKEY_cmp_parameters() compares the parameters of keys
 B<a> and B<b>.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 83ad9ef..3799db1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3853,7 +3853,7 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t or
 err:
     if (sct != NULL)
         sk_SCT_push(src, sct); /* Put the SCT back */
-    return scts_moved;
+    return -1;
 }
 
 /*


More information about the openssl-commits mailing list