generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix error check in GOST engine

Browse Source 
The return value of i2d functions can be negative if an error occurs.
Therefore don't assign the return value to an unsigned type and *then*
check if it is negative.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 90e7cdff3aa66779486914f88333f6601f0c1cf4)
This commit is contained in:
Matt Caswell 2015-05-26 00:02:57 +01:00
parent 4ae1c7771d
commit 28ea6ad612
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
engines/ccgost/gost94_keyx.c
View File

@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx);
gost_ctx cctx; gost_ctx cctx;
int key_is_ephemeral = 1; int key_is_ephemeral = 1;
int tmp_outlen;
EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx);
/* Do not use vizir cipher parameters with cryptopro */ /* Do not use vizir cipher parameters with cryptopro */
@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
} }
ASN1_OBJECT_free(gkt->key_agreement_info->cipher); ASN1_OBJECT_free(gkt->key_agreement_info->cipher);
gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid);
*outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL);
if (*outlen <= 0) { if (tmp_outlen <= 0) {
GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT,
GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO);
goto err; goto err;
} }
*outlen = tmp_outlen;
if (!key_is_ephemeral) { if (!key_is_ephemeral) {
/* Set control "public key from client certificate used" */ /* Set control "public key from client certificate used" */
if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <=