Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-23 16:22:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openssl/openssl-CVE-2013-0169.9.patch

101 lines
2.9 KiB
Diff
Raw Normal View History

Security fix
2013-04-11 17:24:48 +04:00
From 33f44acbbe83ab718ae15c0d2c6a57e802705a36 Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Fri, 1 Feb 2013 10:10:32 +0100
Subject: [PATCH] s3/s3_cbc.c: allow for compilations with NO_SHA256|512.
(cherry picked from commit
d5371324d978e4096bf99b9d0fe71b2cb65d9dc8)
---
ssl/s3_cbc.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index de3b433..dc3fd3e 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -338,7 +338,9 @@ static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
l2n(sha1->h3, md_out);
l2n(sha1->h4, md_out);
}
+#define LARGEST_DIGEST_CTX SHA_CTX
+#ifndef OPENSSL_NO_SHA256
static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
@@ -349,7 +351,11 @@ static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
l2n(sha256->h[i], md_out);
}
}
+#undef LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA256_CTX
+#endif
+#ifndef OPENSSL_NO_SHA512
static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
@@ -360,6 +366,9 @@ static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
l2n8(sha512->h[i], md_out);
}
}
+#undef LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
+#endif
/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
* which ssl3_cbc_digest_record supports. */
@@ -369,10 +378,14 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
{
case NID_md5:
case NID_sha1:
+#ifndef OPENSSL_NO_SHA256
case NID_sha224:
case NID_sha256:
+#endif
+#ifndef OPENSSL_NO_SHA512
case NID_sha384:
case NID_sha512:
+#endif
return 1;
default:
return 0;
@@ -411,7 +424,7 @@ void ssl3_cbc_digest_record(
char is_sslv3)
{
union { double align;
- unsigned char c[sizeof(SHA512_CTX)]; } md_state;
+ unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
void (*md_final_raw)(void *ctx, unsigned char *md_out);
void (*md_transform)(void *ctx, const unsigned char *block);
unsigned md_size, md_block_size = 64;
@@ -449,6 +462,7 @@ void ssl3_cbc_digest_record(
md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
md_size = 20;
break;
+#ifndef OPENSSL_NO_SHA256
case NID_sha224:
SHA224_Init((SHA256_CTX*)md_state.c);
md_final_raw = tls1_sha256_final_raw;
@@ -461,6 +475,8 @@ void ssl3_cbc_digest_record(
md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
md_size = 32;
break;
+#endif
+#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX*)md_state.c);
md_final_raw = tls1_sha512_final_raw;
@@ -477,6 +493,7 @@ void ssl3_cbc_digest_record(
md_block_size = 128;
md_length_size = 16;
break;
+#endif
default:
/* ssl3_cbc_record_digest_supported should have been
* called first to check that the hash function is
--
1.7.9.5
Reference in a new issue Copy permalink