Update OpenSSL to 1.0.1g and statically link OpenVPN with it

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 09:56:37 +0200
commit: e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree: 240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/ecdsa/ecs_sign.c
parent: 6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/main/openssl/crypto/ecdsa/ecs_sign.c b/main/openssl/crypto/ecdsa/ecs_sign.c
index 353d5af5..ea79a24b 100644
--- a/main/openssl/crypto/ecdsa/ecs_sign.c
+++ b/main/openssl/crypto/ecdsa/ecs_sign.c
@@ -58,6 +58,7 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/rand.h>
+#include <openssl/err.h>
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
@@ -102,5 +103,12 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
 	if (ecdsa == NULL)
 		return 0;
-	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 
+	if (EC_KEY_get_nonce_from_hash(eckey))
+		{
+		/* You cannot precompute the ECDSA nonce if it is required to
+		 * depend on the message. */
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
+		return 0;
+		}
+	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
 }
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 09:56:37 +0200
commit	e436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree	240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/ecdsa/ecs_sign.c
parent	6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)