diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-26 14:49:54 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-29 12:12:33 +0200 |
commit | 4fdb8acdaef4c3cb1d855e992ada0e63fee520a6 (patch) | |
tree | 4b2a796fadb3060c6952c5521c292da209b4adfb /deps/openssl/openssl/crypto/dsa/dsa_sign.c | |
parent | 626d7abdb43b672a6153510561afdd8856b7770f (diff) | |
download | android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.tar.gz android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.tar.bz2 android-node-v8-4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.zip |
deps: downgrade openssl to v1.0.0f
Several people have reported issues with IIS and Resin servers (or maybe
SSL terminators sitting in front of those servers) that are fixed by
downgrading OpenSSL. The AESNI performance improvements were nice but
stability is more important. Downgrade OpenSSL from 1.0.1e to 1.0.0f.
Fixes #5360 (and others).
Diffstat (limited to 'deps/openssl/openssl/crypto/dsa/dsa_sign.c')
-rw-r--r-- | deps/openssl/openssl/crypto/dsa/dsa_sign.c | 50 |
1 files changed, 13 insertions, 37 deletions
diff --git a/deps/openssl/openssl/crypto/dsa/dsa_sign.c b/deps/openssl/openssl/crypto/dsa/dsa_sign.c index c3cc3642ce..17555e5892 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_sign.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_sign.c @@ -61,54 +61,30 @@ #include "cryptlib.h" #include <openssl/dsa.h> #include <openssl/rand.h> -#include <openssl/bn.h> DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD) - && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD); - return NULL; - } -#endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD) - && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + DSA_SIG *s; + RAND_seed(dgst, dlen); + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) { - DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD); - return 0; + *siglen=0; + return(0); } -#endif - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); } -DSA_SIG *DSA_SIG_new(void) - { - DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); - if (!sig) - return NULL; - sig->r = NULL; - sig->s = NULL; - return sig; - } - -void DSA_SIG_free(DSA_SIG *sig) +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - if (sig) - { - if (sig->r) - BN_free(sig->r); - if (sig->s) - BN_free(sig->s); - OPENSSL_free(sig); - } + return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } |