The branch OpenSSL_1_0_1-stable has been updated via 50e56c1d8c681b8e8a070487645370f0f7c1ee9e (commit) via 2d172503687dd4c05193edf4d8242625fedc5806 (commit) via aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2 (commit) from 396e30044910df29b81a416de42a94eb4355cd70 (commit)
- Log ----------------------------------------------------------------- commit 50e56c1d8c681b8e8a070487645370f0f7c1ee9e Author: Dr. Stephen Henson <st...@openssl.org> Date: Sat Aug 1 15:38:11 2015 +0100 Return error for unsupported modes. PR#3974 PR#3975 Reviewed-by: Matt Caswell <m...@openssl.org> Conflicts: crypto/evp/evp_lib.c commit 2d172503687dd4c05193edf4d8242625fedc5806 Author: Dr. Stephen Henson <st...@openssl.org> Date: Sat Aug 1 15:37:44 2015 +0100 Fix memory leak if setup fails. Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 891eac4604b5f05413e59602fae1f11136f4719a) Conflicts: crypto/cms/cms_enc.c commit aa701624b1b1fd0fa4ad692b86b25e0e79a7eaa2 Author: Dr. Stephen Henson <st...@openssl.org> Date: Sat Aug 1 15:37:01 2015 +0100 Err isn't always malloc failure. Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit a187e08d856690b5c1da3184d0ff560d572f893b) Conflicts: crypto/cms/cms_smime.c ----------------------------------------------------------------------- Summary of changes: crypto/cms/cms_enc.c | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/evp/evp_lib.c | 33 +++++++++++++++++++++++++++------ 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 85ae928..b14b4b6 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -195,7 +195,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ok = 1; err: - if (ec->key && !keep_key) { + if (ec->key && (!keep_key || !ok)) { OPENSSL_cleanse(ec->key, ec->keylen); OPENSSL_free(ec->key); ec->key = NULL; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 8b37560..f45693a 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -714,7 +714,7 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) BIO *cmsbio; int ret = 0; if (!(cmsbio = CMS_dataInit(cms, dcont))) { - CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE); + CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB); return 0; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index d4d2b4b..b16d623 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -67,9 +67,19 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_set_asn1_iv(c, type); - else + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_set_asn1_iv(c, type); + } + } else ret = -1; return (ret); } @@ -80,9 +90,20 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_get_asn1_iv(c, type); - else + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_get_asn1_iv(c, type); + break; + } + } else ret = -1; return (ret); } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits