Commit graph

61 commits

Author SHA1 Message Date
Dr. Stephen Henson
77470e989c Replace overrides.
Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-01 22:04:25 +00:00
Dr. Stephen Henson
6ea04154dc Extract compression form in EC_KEY_oct2key().
Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
Dr. Stephen Henson
6903e2e7e9 Extended EC_METHOD customisation support.
Add support for optional overrides of various private key operations
in EC_METHOD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-28 22:54:53 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Richard Levitte
8a41fa6f9e Initialize variable
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-05 10:14:22 +01:00
Dr. Stephen Henson
7fc7d1a7bd Add EC_KEY_priv2buf()
Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
d810700b80 update EC ASN1 and print routines
Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 00:33:33 +00:00
Dr. Stephen Henson
be2e334fce Add EC_GROUP_order_bits, EC_GROUP_get0_order and EC_GROUP_get0_cofactor
New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 22:18:30 +00:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Dr. Stephen Henson
981bd8a2f2 New EC functions.
New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-16 14:17:53 +00:00
Dr. Stephen Henson
91e7bcc264 Use NULL comparison
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:20 +00:00
Dr. Stephen Henson
cf517a6d3d add ECDSA_size to ec_asn1.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Dr. Stephen Henson
7236e3c8f7 Add ECDSA_SIG accessor.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Dr. Stephen Henson
2d3d00dcd8 Move ECDSA_SIG ASN.1 to crypto/ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:18 +00:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Kurt Roeckx
a46c9789ce d2i: don't update input pointer on failure
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
MR #1005
2015-09-14 23:53:03 +02:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Rich Salz
75ebbd9aa4 Use p==NULL not !p (in if statements, mainly)
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-11 10:06:38 -04:00
Rich Salz
25aaa98aa2 free NULL cleanup -- coda
After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-01 14:37:16 -04:00
Rich Salz
b548a1f11c free null cleanup finale
Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 10:02:07 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
2ace745022 free NULL cleanup 8
Do not check for NULL before calling a free routine.  This addresses:
    ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
    ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
    ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
    ASN1_UTCTIME_free M_ASN1_free_of

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 11:31:07 -04:00
Douglas E Engert
30cd4ff294 Ensure EC private keys retain leading zeros
RFC5915 requires the use of the I2OSP primitive as defined in RFC3447
for storing an EC Private Key. This converts the private key into an
OCTETSTRING and retains any leading zeros. This commit ensures that those
leading zeros are present if required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-31 16:33:29 +01:00
Rich Salz
8fdc3734c0 free NULL cleanup.
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25 18:35:24 -04:00
Rich Salz
0dfb9398bb free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 07:52:24 -04:00
Dr. Stephen Henson
f422a51486 Remove old ASN.1 code.
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Matt Caswell
5e5d53d341 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Matt Caswell
535bc8faf6 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
9e442d4850 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Emilia Kasper
f34a57202b Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Matt Caswell
f063e30fe9 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Adam Langley
0388ac4c99 RT3065: ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:34 +02:00
David Ramos
16ba70746b Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:46:20 +01:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
2013-03-26 16:56:50 +00:00
Dr. Stephen Henson
b331016124 New option to disable characteristic two fields in EC code. 2011-02-12 17:23:32 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Bodo Möller
772e3c07b4 Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
2006-12-19 15:11:37 +00:00
Bodo Möller
5e3225cc44 Introduce limits to prevent malicious keys being able to
cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
2006-09-28 13:45:34 +00:00
Nils Larsch
8c5a2bd6bb add additional checks + cleanup
Submitted by: David Hartman <david_hartman@symantec.com>
2006-01-29 23:12:22 +00:00
Nils Larsch
8b15c74018 give EC_GROUP_new_by_nid a more meanigful name:
EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name
2005-05-10 11:37:47 +00:00
Nils Larsch
7dc17a6cf0 give EC_GROUP_*_nid functions a more meaningful name
EC_GROUP_get_nid -> EC_GROUP_get_curve_name
	EC_GROUP_set_nid -> EC_GROUP_set_curve_name
2005-05-08 22:09:12 +00:00
Bodo Möller
aa4ce7315f Fix various incorrect error function codes.
("perl util/ck_errf.pl */*.c */*/*.c" still reports many more.)
2005-04-26 18:53:22 +00:00
Geoff Thorpe
ca982e4870 Fix realloc usage in ec_curve.c
Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2004-05-04 20:08:55 +00:00
Geoff Thorpe
37af03d311 General improvements to the ec_asn1.c code. This squashes at least one bug
(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe
2003-11-10 18:09:18 +00:00
Bodo Möller
f2aa055ec6 treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c) 2003-02-21 16:06:39 +00:00
Bodo Möller
62e3163b1b ECPublicKey_set_octet_string and ECPublicKey_get_octet_string
behaviour was not quite consistent with the conventions
for d2i and i2d functions as far as handling of the 'out'
or 'in' pointer is concerned.

This patch changes this behaviour, and renames the functions to
o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the
external encoding is just a raw object string without any DER icing).

Submitted by: Nils Larsch
2003-02-21 13:58:23 +00:00
Bodo Möller
82516e3baf cofactor is optional in parameter encodings
Submitted by: Nils Larsch
2003-01-25 15:28:49 +00:00