[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Jun 23 16:27:43 UTC 2017


The branch master has been updated
       via  25ffeb11ea86bdc76db150c504550602a9acc9bc (commit)
       via  cfba06758ea8ab49118dedd88fd3b2437aebf7b7 (commit)
       via  e3908501ca32e6629eed046f2ec44b66ecd1854b (commit)
      from  019e47ce564e9d57ed85c4ebe0672518b6a349f5 (commit)


- Log -----------------------------------------------------------------
commit 25ffeb11ea86bdc76db150c504550602a9acc9bc
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 23 11:40:47 2017 +0100

    Fix another EVP_DigestVerify() instance
    
    Following on from the previous commit this fixes another instance where
    we need to treat a -ve return from EVP_DigestVerify() as a bad signature.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3756)

commit cfba06758ea8ab49118dedd88fd3b2437aebf7b7
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 23 11:29:04 2017 +0100

    Treat all failures from EVP_DigestVerify() as a bad signature
    
    Prior to 72ceb6a we treated all failures from the call to
    EVP_DigestVerifyFinal() as if it were a bad signature, and failures in
    EVP_DigestUpdate() as an internal error. After that commit we replaced
    this with the one-shot function EVP_DigestVerify() and treated a 0 return
    as a bad signature and a negative return as an internal error. However,
    some signature errors can be negative (e.g. according to the docs if the
    form of the signature is wrong). Therefore we should treat all <=0
    returns as a bad signature.
    
    This fixes a boringssl test failure.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3756)

commit e3908501ca32e6629eed046f2ec44b66ecd1854b
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Jun 23 10:10:51 2017 +0100

    Fix the constant time 64 test
    
    We were adding more tests than we had data for due to use of
    sizeof instead of OSSL_NELEM. I also changed the 8 bit tests
    for consistency, although they were already working.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3755)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c  | 6 +-----
 ssl/statem/statem_lib.c   | 5 +----
 test/constant_time_test.c | 4 ++--
 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 711680e..7ab30bd 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2272,11 +2272,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
         rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),
                               PACKET_remaining(&signature), tbs, tbslen);
         OPENSSL_free(tbs);
-        if (rv < 0) {
-            al = SSL_AD_INTERNAL_ERROR;
-            SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
-            goto err;
-        } else if (rv == 0) {
+        if (rv <= 0) {
             al = SSL_AD_DECRYPT_ERROR;
             SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
             goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 63d8953..5cd17f2 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -459,10 +459,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
         }
     } else {
         j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
-        if (j < 0) {
-            SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB);
-            goto f_err;
-        } else if (j == 0) {
+        if (j <= 0) {
             al = SSL_AD_DECRYPT_ERROR;
             SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE);
             goto f_err;
diff --git a/test/constant_time_test.c b/test/constant_time_test.c
index 422c04c..fdd4075 100644
--- a/test/constant_time_test.c
+++ b/test/constant_time_test.c
@@ -332,6 +332,6 @@ void register_tests(void)
     ADD_TEST(test_sizeofs);
     ADD_ALL_TESTS(test_binops, OSSL_NELEM(test_values));
     ADD_ALL_TESTS(test_signed, OSSL_NELEM(signed_test_values));
-    ADD_ALL_TESTS(test_8values, sizeof(test_values_8));
-    ADD_ALL_TESTS(test_64values, sizeof(test_values_64));
+    ADD_ALL_TESTS(test_8values, OSSL_NELEM(test_values_8));
+    ADD_ALL_TESTS(test_64values, OSSL_NELEM(test_values_64));
 }


More information about the openssl-commits mailing list