Re: [openssl.org #2497] [PATCH] Improve RSAOaep Error Handling

Tue, 12 Apr 2011 13:39:52 -0700 

Gilles,

Sorry about that. Here's the updated patch, with that extra variable
removed.

00000 -0700
+++ rsa_oaep.c 2011-04-12 13:29:15.000000000 -0700
@@ -188,7 +188,7 @@
  unsigned char cnt[4];
  EVP_MD_CTX c;
  unsigned char md[EVP_MAX_MD_SIZE];
- int mdlen;
+ int mdlen = 0;
 
  EVP_MD_CTX_init(&c);
  mdlen = EVP_MD_size(dgst);
@@ -200,17 +200,17 @@
   cnt[1] = (unsigned char)((i >> 16) & 255);
   cnt[2] = (unsigned char)((i >> 8)) & 255;
   cnt[3] = (unsigned char)(i & 255);
-  EVP_DigestInit_ex(&c,dgst, NULL);
-  EVP_DigestUpdate(&c, seed, seedlen);
-  EVP_DigestUpdate(&c, cnt, 4);
+  if (!EVP_DigestInit_ex(&c,dgst, NULL)) return -1;
+  if (!EVP_DigestUpdate(&c, seed, seedlen)) return -1;
+  if (!EVP_DigestUpdate(&c, cnt, 4)) return -1;
   if (outlen + mdlen <= len)
    {
-   EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+   if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) return -1;
    outlen += mdlen;
    }
   else
    {
-   EVP_DigestFinal_ex(&c, md, NULL);
+   if (!EVP_DigestFinal_ex(&c, md, NULL)) return -1;
    memcpy(mask + outlen, md, len - outlen);
    outlen = len;
    }



On 4/12/11 12:36 PM, "Gilles Espinasse via RT" <[email protected]> wrote:

>
>----- Original Message -----
>From: "Tim Jackson via RT" <[email protected]>
>Cc: <[email protected]>
>Sent: Tuesday, April 12, 2011 9:13 AM
>Subject: [openssl.org #2497] [PATCH] Improve RSAOaep Error Handling
>
>
>> Currently, OpenSSL doesn't check the return code of EVP_DigestFinal_ex()
>in rsa_oaep.c. However, EVP_DigestFinal_ex can return an error, which
>leads
>to confusion for the caller of RSA Oaep. This patch makes it so we return
>an
>error code if something goes wrong. This compiles against 1.0.0d.
>>
>> diff -ur ../openssl-1.0.0d/crypto/rsa/rsa_oaep.c
>>src/crypto/rsa/rsa_oaep.c
>> --- ../openssl-1.0.0d/crypto/rsa/rsa_oaep.c 2009-06-26
>16:14:11.000000000 -0700
>> +++ src/crypto/rsa/rsa_oaep.c 2011-03-25 11:23:40.000000000 -0700
>> @@ -188,7 +188,7 @@
>>   unsigned char cnt[4];
>>   EVP_MD_CTX c;
>>   unsigned char md[EVP_MAX_MD_SIZE];
>> - int mdlen;
>> + int mdlen = 0, result = 0;
>>
>
>A new 'result' variable is added that later remain unused.
>
>
>Gilles
>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Reply via email to