Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.
This commit is contained in:
Dr. Stephen Henson
parent
94480b57db
commit
a25f33d28a
10
CHANGES
10
CHANGES
@ -4,6 +4,10 @@
|
|||||||
|
|
||||||
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
|
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) The function EVP_PKEY_sign() returns <=0 on error: check return code
|
||||||
|
correctly.
|
||||||
|
[Julia Lawall <julia@diku.dk>]
|
||||||
|
|
||||||
*) Update verify callback code in apps/s_cb.c and apps/verify.c, it
|
*) Update verify callback code in apps/s_cb.c and apps/verify.c, it
|
||||||
needlessly dereferenced structures, used obsolete functions and
|
needlessly dereferenced structures, used obsolete functions and
|
||||||
didn't handle all updated verify codes correctly.
|
didn't handle all updated verify codes correctly.
|
||||||
@ -819,6 +823,12 @@
|
|||||||
|
|
||||||
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
|
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) The functions ENGINE_ctrl(), OPENSSL_isservice(),
|
||||||
|
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
|
||||||
|
fixes for a few places where the return code is not checked
|
||||||
|
correctly.
|
||||||
|
[Julia Lawall <julia@diku.dk>]
|
||||||
|
|
||||||
*) Add --strict-warnings option to Configure script to include devteam
|
*) Add --strict-warnings option to Configure script to include devteam
|
||||||
warnings in other configurations.
|
warnings in other configurations.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|||||||
@ -649,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits)
|
|||||||
|
|
||||||
/* Generating random byte sequence. */
|
/* Generating random byte sequence. */
|
||||||
if (len > (int)sizeof(buf)) goto err;
|
if (len > (int)sizeof(buf)) goto err;
|
||||||
if (!RAND_bytes(buf, len)) goto err;
|
if (RAND_bytes(buf, len) <= 0) goto err;
|
||||||
|
|
||||||
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
|
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
|
||||||
for (i = 0; i < len && !buf[i]; ++i);
|
for (i = 0; i < len && !buf[i]; ++i);
|
||||||
|
|||||||
@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
|
|||||||
|
|
||||||
/* Get original receipt request details */
|
/* Get original receipt request details */
|
||||||
|
|
||||||
if (!CMS_get1_ReceiptRequest(osi, &rr))
|
if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
|
||||||
{
|
{
|
||||||
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
|
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
|
||||||
goto err;
|
goto err;
|
||||||
@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
|
|||||||
|
|
||||||
/* Get original receipt request details */
|
/* Get original receipt request details */
|
||||||
|
|
||||||
if (!CMS_get1_ReceiptRequest(si, &rr))
|
if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
|
||||||
{
|
{
|
||||||
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
|
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
|
||||||
goto err;
|
goto err;
|
||||||
|
|||||||
@ -860,7 +860,7 @@ void OPENSSL_showfatal (const char *fmta,...)
|
|||||||
|
|
||||||
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
|
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
|
||||||
/* this -------------v--- guards NT-specific calls */
|
/* this -------------v--- guards NT-specific calls */
|
||||||
if (GetVersion() < 0x80000000 && OPENSSL_isservice())
|
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
|
||||||
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
|
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
|
||||||
const TCHAR *pmsg=buf;
|
const TCHAR *pmsg=buf;
|
||||||
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
|
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
|
||||||
|
|||||||
@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
|
|||||||
}
|
}
|
||||||
/* Force the result of the control command to 0 or 1, for the reasons
|
/* Force the result of the control command to 0 or 1, for the reasons
|
||||||
* mentioned before. */
|
* mentioned before. */
|
||||||
if (ENGINE_ctrl(e, num, i, p, f))
|
if (ENGINE_ctrl(e, num, i, p, f) > 0)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||||||
* usage of these commands is consistent across applications and
|
* usage of these commands is consistent across applications and
|
||||||
* that certain applications don't understand it one way, and
|
* that certain applications don't understand it one way, and
|
||||||
* others another. */
|
* others another. */
|
||||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
|
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||||||
if(flags & ENGINE_CMD_FLAG_STRING)
|
if(flags & ENGINE_CMD_FLAG_STRING)
|
||||||
{
|
{
|
||||||
/* Same explanation as above */
|
/* Same explanation as above */
|
||||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
|
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||||||
}
|
}
|
||||||
/* Force the result of the control command to 0 or 1, for the reasons
|
/* Force the result of the control command to 0 or 1, for the reasons
|
||||||
* mentioned before. */
|
* mentioned before. */
|
||||||
if(ENGINE_ctrl(e, num, l, NULL, NULL))
|
if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
|
||||||
return 1;
|
return 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -222,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|
|||||||
ERR_R_MALLOC_FAILURE);
|
ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!RAND_bytes(salt, sLen))
|
if (RAND_bytes(salt, sLen) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
maskedDBLen = emLen - hLen - 1;
|
maskedDBLen = emLen - hLen - 1;
|
||||||
|
|||||||
@ -155,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
|
|||||||
__FILE__, __LINE__);
|
__FILE__, __LINE__);
|
||||||
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
|
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
|
||||||
{
|
{
|
||||||
if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
|
if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2707,7 +2707,7 @@ int ssl3_send_client_verify(SSL *s)
|
|||||||
s->method->ssl3_enc->cert_verify_mac(s,
|
s->method->ssl3_enc->cert_verify_mac(s,
|
||||||
NID_id_GostR3411_94,
|
NID_id_GostR3411_94,
|
||||||
data);
|
data);
|
||||||
if (!EVP_PKEY_sign(pctx,signbuf,&sigsize,data,32)) {
|
if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
|
||||||
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
|
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
|
||||||
ERR_R_INTERNAL_ERROR);
|
ERR_R_INTERNAL_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user