[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Oct 17 07:14:07 UTC 2019
The branch master has been updated
via d6d74cf4a44f08ed63d942b103198a1e3294295a (commit)
via 6a36f209bcfbc958e30d544c3031ed002dbfe582 (commit)
from f6dead1b72a04b113b4b198ac98a8b9b994ad86f (commit)
- Log -----------------------------------------------------------------
commit d6d74cf4a44f08ed63d942b103198a1e3294295a
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Oct 15 16:45:12 2019 +0200
For provided ciphers, EVP_CIPHER_CTX_ctrl() with EVP_CTRL_INIT always returns 1
This control command should never be used with provided methods, but
since this is publically available, someone might still make the
mistake. We make sure it returns 1 so as not to be overly
disruptive.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10163)
commit 6a36f209bcfbc958e30d544c3031ed002dbfe582
Author: Richard Levitte <levitte at openssl.org>
Date: Sun Oct 13 13:00:46 2019 +0200
EVP_{CIPHER,MD}_CTX_ctrl(): make extra sure to return 0 or 1
The previous fix was incomplete.
Fixes #10106
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10163)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/digest.c | 2 +-
crypto/evp/evp_enc.c | 20 ++++++++++++++------
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index c2a6e83ad5..e59f082818 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -680,7 +680,7 @@ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
p2, p1);
break;
default:
- return EVP_CTRL_RET_UNSUPPORTED;
+ goto conclude;
}
if (set_params)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 18adc5b586..86506d3a4c 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1089,10 +1089,18 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
ptr, sz);
break;
+ case EVP_CTRL_INIT:
+ /*
+ * TODO(3.0) EVP_CTRL_INIT is purely legacy, no provider counterpart
+ * As a matter of fact, this should be dead code, but some caller
+ * might still do a direct control call with this command, so...
+ * Legacy methods return 1 except for exceptional circumstances, so
+ * we do the same here to not be disruptive.
+ */
+ return 1;
case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
- case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */
default:
- return EVP_CTRL_RET_UNSUPPORTED;
+ goto end;
case EVP_CTRL_GET_IV:
set_params = 0;
params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
@@ -1134,12 +1142,12 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
ptr, sz);
ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
if (ret <= 0)
- return ret;
+ goto end;
params[0] =
OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz);
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
if (ret <= 0)
- return 0;
+ goto end;
return sz;
#ifndef OPENSSL_NO_RC2
case EVP_CTRL_GET_RC2_KEY_BITS:
@@ -1154,7 +1162,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->provctx, params);
else
ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
- goto conclude;
+ goto end;
/* TODO(3.0): Remove legacy code below */
legacy:
@@ -1165,7 +1173,7 @@ legacy:
ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
- conclude:
+ end:
if (ret == EVP_CTRL_RET_UNSUPPORTED) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
More information about the openssl-commits
mailing list