[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Dr. Stephen Henson steve at openssl.org
Fri Nov 25 20:53:06 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  cbc8a839959418d8a2c2e3ec6bdf394852c9501e (commit)
       via  fb3b70c0bdc676f857e438754345487d5da1c84e (commit)
      from  825930389eec03116da88017fc9e46334196b79c (commit)


- Log -----------------------------------------------------------------
commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Nov 22 21:59:21 2016 +0000

    Fix ctrl operation for SHA1/MD5SHA1.
    
    This makes S/MIME and CMS signing in MIME format for SHA1 work again.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit a5abd438f85737ffa56320b67c5ef5525fc495c3)

commit fb3b70c0bdc676f857e438754345487d5da1c84e
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Nov 22 22:07:16 2016 +0000

    add CMS SHA1 signing test
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit c6d67f09f34d8203c5bad7171ed45ec8771c9764)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/m_md5_sha1.c    | 7 ++++++-
 crypto/evp/m_sha1.c        | 7 ++++++-
 test/recipes/80-test_cms.t | 8 ++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c
index 1213ff6..2d98886 100644
--- a/crypto/evp/m_md5_sha1.c
+++ b/crypto/evp/m_md5_sha1.c
@@ -52,11 +52,16 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
     unsigned char padtmp[48];
     unsigned char md5tmp[MD5_DIGEST_LENGTH];
     unsigned char sha1tmp[SHA_DIGEST_LENGTH];
-    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    struct md5_sha1_ctx *mctx;
 
     if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
         return 0;
 
+    mctx = EVP_MD_CTX_md_data(ctx);
+
     /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
     if (mslen != 48)
         return 0;
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 4f00956..8f30077 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -36,11 +36,16 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
     unsigned char padtmp[40];
     unsigned char sha1tmp[SHA_DIGEST_LENGTH];
 
-    SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx);
+    SHA_CTX *sha1;
 
     if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
         return 0;
 
+    sha1 = EVP_MD_CTX_md_data(ctx);
+
     /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
     if (mslen != 48)
         return 0;
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 40fcf7c..264c7d6 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -107,6 +107,14 @@ my @smime_pkcs7_tests = (
 	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
     ],
 
+    [ "signed content S/MIME format, RSA key SHA1",
+      [ "-sign", "-in", $smcont, "-md", "sha1",
+	"-certfile", catfile($smdir, "smroot.pem"),
+	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
+      [ "-verify", "-in", "test.cms",
+	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+    ],
+
     [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
       [ "-sign", "-in", $smcont, "-nodetach",
 	"-signer", catfile($smdir, "smrsa1.pem"),


More information about the openssl-commits mailing list