check DSA_sign() return value properly

2009-12-01 18:39:33 +00:00 · 2009-12-01 18:39:33 +00:00 · 6732e14278
commit 6732e14278
parent 499684404c
3 changed files with 23 additions and 1 deletions
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,

 	ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);

-	if (ret < 0)
+	if (ret <= 0)
 		return ret;
 	*siglen = sltmp;
 	return 1;
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1357,6 +1357,21 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
+
+#ifdef OPENSSL_RI_MAGIC
+	if (p == q)
+		return 0;
+	else
+		{
+		/* Bogus "cipher" to send out RI indicator */
+		static SSL_CIPHER ri =
+			{
+			0, NULL, OPENSSL_RI_MAGIC, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+			};
+		j = put_cb ? put_cb(&ri,p) : ssl_put_cipher_by_char(s,&ri,p);
+		p+=j;
+		}
+#endif
 	return(p-q);
 	}

--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@ -287,6 +287,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)

 #endif

+/* Renegotiation indicator "magic" ciphersuite from
+ * "draft-ietf-tls-renegotiation" (FIXME: put RFC# in here when ready)
+ * FIXME: put correct ciphersuite number in here when available.
+ */
+
+#define OPENSSL_RI_MAGIC				0x03000FEC
+
 /* PSK ciphersuites from 4279 */
 #define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
 #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B