Submitted by: Julia Lawall <julia@diku.dk>
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(), CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix so the return code is checked correctly.
This commit is contained in:
Dr. Stephen Henson
parent
94480b57db
commit
a25f33d28a
8 changed files with 21 additions and 11 deletions
10
CHANGES
10
CHANGES
|
|
@ -4,6 +4,10 @@
|
|||
|
||||
Changes between 0.9.8k and 1.0 [xx XXX xxxx]
|
||||
|
||||
*) The function EVP_PKEY_sign() returns <=0 on error: check return code
|
||||
correctly.
|
||||
[Julia Lawall <julia@diku.dk>]
|
||||
|
||||
*) Update verify callback code in apps/s_cb.c and apps/verify.c, it
|
||||
needlessly dereferenced structures, used obsolete functions and
|
||||
didn't handle all updated verify codes correctly.
|
||||
|
|
@ -819,6 +823,12 @@
|
|||
|
||||
Changes between 0.9.8k and 0.9.8l [xx XXX xxxx]
|
||||
|
||||
*) The functions ENGINE_ctrl(), OPENSSL_isservice(),
|
||||
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
|
||||
fixes for a few places where the return code is not checked
|
||||
correctly.
|
||||
[Julia Lawall <julia@diku.dk>]
|
||||
|
||||
*) Add --strict-warnings option to Configure script to include devteam
|
||||
warnings in other configurations.
|
||||
[Steve Henson]
|
||||
|
|
|
|||
|
|
@ -649,7 +649,7 @@ static ASN1_INTEGER *create_nonce(int bits)
|
|||
|
||||
/* Generating random byte sequence. */
|
||||
if (len > (int)sizeof(buf)) goto err;
|
||||
if (!RAND_bytes(buf, len)) goto err;
|
||||
if (RAND_bytes(buf, len) <= 0) goto err;
|
||||
|
||||
/* Find the first non-zero byte and creating ASN1_INTEGER object. */
|
||||
for (i = 0; i < len && !buf[i]; ++i);
|
||||
|
|
|
|||
|
|
@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
|
|||
|
||||
/* Get original receipt request details */
|
||||
|
||||
if (!CMS_get1_ReceiptRequest(osi, &rr))
|
||||
if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
|
||||
{
|
||||
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
|
||||
goto err;
|
||||
|
|
@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
|
|||
|
||||
/* Get original receipt request details */
|
||||
|
||||
if (!CMS_get1_ReceiptRequest(si, &rr))
|
||||
if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
|
||||
{
|
||||
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
|
||||
goto err;
|
||||
|
|
|
|||
|
|
@ -860,7 +860,7 @@ void OPENSSL_showfatal (const char *fmta,...)
|
|||
|
||||
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
|
||||
/* this -------------v--- guards NT-specific calls */
|
||||
if (GetVersion() < 0x80000000 && OPENSSL_isservice())
|
||||
if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
|
||||
{ HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
|
||||
const TCHAR *pmsg=buf;
|
||||
ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
|
|||
}
|
||||
/* Force the result of the control command to 0 or 1, for the reasons
|
||||
* mentioned before. */
|
||||
if (ENGINE_ctrl(e, num, i, p, f))
|
||||
if (ENGINE_ctrl(e, num, i, p, f) > 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||
* usage of these commands is consistent across applications and
|
||||
* that certain applications don't understand it one way, and
|
||||
* others another. */
|
||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
|
||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||
if(flags & ENGINE_CMD_FLAG_STRING)
|
||||
{
|
||||
/* Same explanation as above */
|
||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
|
||||
if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
|
|||
}
|
||||
/* Force the result of the control command to 0 or 1, for the reasons
|
||||
* mentioned before. */
|
||||
if(ENGINE_ctrl(e, num, l, NULL, NULL))
|
||||
if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -222,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|
|||
ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!RAND_bytes(salt, sLen))
|
||||
if (RAND_bytes(salt, sLen) <= 0)
|
||||
goto err;
|
||||
}
|
||||
maskedDBLen = emLen - hLen - 1;
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@ int dtls1_enc(SSL *s, int send)
|
|||
__FILE__, __LINE__);
|
||||
else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
|
||||
{
|
||||
if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
|
||||
if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2707,7 +2707,7 @@ int ssl3_send_client_verify(SSL *s)
|
|||
s->method->ssl3_enc->cert_verify_mac(s,
|
||||
NID_id_GostR3411_94,
|
||||
data);
|
||||
if (!EVP_PKEY_sign(pctx,signbuf,&sigsize,data,32)) {
|
||||
if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
|
||||
SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
|
|
|
|||
Loading…
Reference in a new issue