From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 1 Dec 2009 18:39:33 +0000 (+0000)
Subject: check DSA_sign() return value properly
X-Git-Tag: OpenSSL-fips-2_0-rc1~1416
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=6732e14278fafe80408ec48974c4b232f75a6739

check DSA_sign() return value properly
---

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 84b77e3bfc..4ce91e20c6 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -132,7 +132,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 
 	ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
 
-	if (ret < 0)
+	if (ret <= 0)
 		return ret;
 	*siglen = sltmp;
 	return 1;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b3b356d5ab..b611c7cf01 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1357,6 +1357,21 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
 		j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
+
+#ifdef OPENSSL_RI_MAGIC
+	if (p == q)
+		return 0;
+	else
+		{
+		/* Bogus "cipher" to send out RI indicator */
+		static SSL_CIPHER ri =
+			{
+			0, NULL, OPENSSL_RI_MAGIC, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+			};
+		j = put_cb ? put_cb(&ri,p) : ssl_put_cipher_by_char(s,&ri,p);
+		p+=j;
+		}
+#endif
 	return(p-q);
 	}
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index b3cc8f098b..fb6e817176 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -287,6 +287,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 
 #endif
 
+/* Renegotiation indicator "magic" ciphersuite from
+ * "draft-ietf-tls-renegotiation" (FIXME: put RFC# in here when ready)
+ * FIXME: put correct ciphersuite number in here when available.
+ */
+
+#define OPENSSL_RI_MAGIC				0x03000FEC
+
 /* PSK ciphersuites from 4279 */
 #define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
 #define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B