[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Wed May 20 15:32:50 UTC 2020


The branch master has been updated
       via  7486c718e54cc762edc5f1c7c526ab83d0f97ef7 (commit)
       via  1d05eb55caa8965a151360c2469c463ecd990987 (commit)
       via  cbeb0bfa961412eebfbdf1e72900f05527e81e15 (commit)
      from  ddec332f329a432a45c0131d83f3bfb46114532b (commit)


- Log -----------------------------------------------------------------
commit 7486c718e54cc762edc5f1c7c526ab83d0f97ef7
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue May 19 10:52:53 2020 +0200

    t1_trce: Fix remaining places where the 24 bit shift overflow happens
    
    [extended tests]
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11857)

commit 1d05eb55caa8965a151360c2469c463ecd990987
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue May 19 10:51:53 2020 +0200

    Avoid potential overflow to the sign bit when shifting left 24 places
    
    Although there are platforms where int is 64 bit, 2GiB large BIGNUMs
    instead of 4GiB should be "big enough for everybody".
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11857)

commit cbeb0bfa961412eebfbdf1e72900f05527e81e15
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Tue May 19 10:51:19 2020 +0200

    Cast the unsigned char to unsigned int before shifting left
    
    This is needed to avoid automatic promotion to signed int.
    
    Fixes #11853
    
    [extended tests]
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11857)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/bn_mpi.c  |  2 +-
 crypto/pem/pvkfmt.c |  8 ++++----
 ssl/t1_trce.c       | 21 ++++++++++++++++-----
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
index 504cddffec..d2be44e2bd 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
     int neg = 0;
     BIGNUM *a = NULL;
 
-    if (n < 4) {
+    if (n < 4 || (d[0] & 0x80) != 0) {
         BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
         return NULL;
     }
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index e2f5702880..6d85a8a4e1 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -36,10 +36,10 @@ static unsigned int read_ledword(const unsigned char **in)
 {
     const unsigned char *p = *in;
     unsigned int ret;
-    ret = *p++;
-    ret |= (*p++ << 8);
-    ret |= (*p++ << 16);
-    ret |= (*p++ << 24);
+    ret = (unsigned int)*p++;
+    ret |= (unsigned int)*p++ << 8;
+    ret |= (unsigned int)*p++ << 16;
+    ret |= (unsigned int)*p++ << 24;
     *in = p;
     return ret;
 }
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 72e7b376c0..58695a0b69 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -670,7 +670,10 @@ static int ssl_print_random(BIO *bio, int indent,
 
     if (*pmsglen < 32)
         return 0;
-    tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+    tm = ((unsigned int)p[0] << 24)
+         | ((unsigned int)p[1] << 16)
+         | ((unsigned int)p[2] << 8)
+         | (unsigned int)p[3];
     p += 4;
     BIO_indent(bio, indent, 80);
     BIO_puts(bio, "Random:\n");
@@ -875,8 +878,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
             break;
         if (extlen != 4)
             return 0;
-        max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
-                         | ext[3];
+        max_early_data = ((unsigned int)ext[0] << 24)
+                         | ((unsigned int)ext[1] << 16)
+                         | ((unsigned int)ext[2] << 8)
+                         | (unsigned int)ext[3];
         BIO_indent(bio, indent + 2, 80);
         BIO_printf(bio, "max_early_data=%u\n", max_early_data);
         break;
@@ -1379,7 +1384,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
     }
     if (msglen < 4)
         return 0;
-    tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    tick_life = ((unsigned int)msg[0] << 24)
+                | ((unsigned int)msg[1] << 16)
+                | ((unsigned int)msg[2] << 8)
+                | (unsigned int)msg[3];
     msglen -= 4;
     msg += 4;
     BIO_indent(bio, indent + 2, 80);
@@ -1390,7 +1398,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
         if (msglen < 4)
             return 0;
         ticket_age_add =
-            (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3];
+            ((unsigned int)msg[0] << 24)
+            | ((unsigned int)msg[1] << 16)
+            | ((unsigned int)msg[2] << 8)
+            | (unsigned int)msg[3];
         msglen -= 4;
         msg += 4;
         BIO_indent(bio, indent + 2, 80);


More information about the openssl-commits mailing list