Commit graph

283 commits

Author SHA1 Message Date
Alessandro Ghedini
b62a2f8a37 Remove useless code
RT#4081

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 070c23325a)
2015-10-23 20:32:59 +02:00
Alessandro Ghedini
e90f1d9b74 Fix memory leaks and other mistakes on errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3f6c769187)
2015-10-23 19:58:54 +02:00
Pascal Cuoq
cc1cdc5df5 Move BN_CTX_start() call so the error case can always call BN_CTX_end().
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231

(cherry picked from commit 99c2033375)
2015-10-07 20:36:54 +02:00
Ismo Puustinen
6f997dc365 GH367: use random data if seed too short.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-29 12:48:43 -04:00
Rich Salz
6be18a2219 This undoes GH367 for non-master
Was only approved for master, to avoid compatibility issues on
previous releases.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-18 15:56:23 -04:00
Rich Salz
3be39dc1e3 RT4044: Remove .cvsignore files.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-15 11:58:27 -04:00
Ben Kaduk
df1565ed9c GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 36ac7bc8a9)
2015-08-31 13:46:30 -04:00
Ismo Puustinen
1d7df236dc GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f00a10b897)
2015-08-28 11:22:34 -04:00
Martin Vejnar
374fd385c2 RT3774: double-free in DSA
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit fa4629b6a2)
2015-07-29 21:21:35 -04:00
Richard Levitte
bf42354620 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
2015-05-23 06:25:12 +02:00
Viktor Dukhovni
3b38646d13 Code style: space after 'if'
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-04-16 13:50:01 -04:00
Matt Caswell
8f8e4e4f52 Fix RAND_(pseudo_)?_bytes returns
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:41:28 +00:00
Matt Caswell
20223855e4 Fix dsa_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0c7ca4033d)
2015-03-12 09:29:48 +00:00
Dr. Stephen Henson
bfa34f551c Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4)
2015-03-08 16:29:28 +00:00
Matt Caswell
83975c80bb Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.2 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
f3b6ee30f4 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:49 +00:00
Matt Caswell
cc6e2a5936 Fix strange formatting by indent
Conflicts:
	crypto/hmac/hmac.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:58 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:04 +00:00
Dr. Stephen Henson
85cfc188c0 Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 684400ce19)
2015-01-05 14:36:06 +00:00
Matt Caswell
f33ce36aff RT3192: spurious error in DSA verify
This is funny; Ben commented in the source, Matt opend a ticket,
and Rich is doing the submit.  Need more code-review? :)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit eb63bce040)
2014-09-09 17:10:57 -04:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4)
2014-09-08 17:23:37 -04:00
Adam Langley
e19c93811f RT3061: Don't SEGFAULT when trying to export a public DSA key as a private key.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-22 15:21:12 +02:00
Dr. Stephen Henson
dc427fc8e2 Return correct enveloped data type in ASN1 methods.
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
(cherry picked from commit 41b920ef01)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d6dc5c506a Add control to retrieve signature MD.
(cherry picked from commit 810639536c)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
3fa23ff0f1 Add FIPS 186-2 DSA parameter generation algorithm.
Backport support for FIPS 186-2 DSA parameter generation from
HEAD. Redirect to FIPS in FIPS mode and workaround prototype error.
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
5999d45a5d DH keys have an (until now) unused 'q' parameter. When creating from DSA copy
q across and if q present generate DH key in the correct range. (from HEAD)
2011-11-14 14:16:09 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
e34a303ce1 make depend 2011-09-16 23:15:22 +00:00
Dr. Stephen Henson
0ae7c43fa5 Improved error checking for DRBG calls.
New functionality to allow default DRBG type to be set during compilation
or during runtime.
2011-09-16 23:08:57 +00:00
Dr. Stephen Henson
955e28006d make EVP_dss() work for DSA signing 2011-06-20 20:05:13 +00:00
Dr. Stephen Henson
3a5b97b7f1 Don't set default public key methods in FIPS mode so applications
can switch between modes.
2011-06-20 19:41:13 +00:00
Dr. Stephen Henson
ed9b0e5cba Redirect DH key and parameter generation. 2011-06-09 15:21:46 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead
of assuming they will always suceed.
2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
889c2282a5 allow SHA384, SHA512 with DSA 2011-05-08 12:38:51 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable)
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
2011-03-23 00:06:04 +00:00
Dr. Stephen Henson
5080fbbef0 Since FIPS 186-3 specifies we use the leftmost bits of the digest
we shouldn't reject digest lengths larger than SHA256: the FIPS
algorithm tests include SHA384 and SHA512 tests.
2011-02-01 12:53:47 +00:00
Dr. Stephen Henson
a7508fec1a Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of
DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().
2011-01-25 16:55:27 +00:00
Dr. Stephen Henson
c31945e682 recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) 2011-01-25 16:02:27 +00:00
Dr. Stephen Henson
7fa27d9ac6 Add additional parameter to dsa_builtin_paramgen to output the generated
seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0
2011-01-19 14:46:42 +00:00
Dr. Stephen Henson
7770da4b41 PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:25:23 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
26029d9c4c PR: 2241
Submitted By: Artemy Lebedev <vagran.ast@gmail.com>

Typo.
2010-04-20 12:53:05 +00:00
Dr. Stephen Henson
1699389a46 Tolerate PKCS#8 DSA format with negative private key. 2010-01-22 20:17:30 +00:00
Dr. Stephen Henson
6125e07d79 check DSA_sign() return value properly 2009-12-01 18:41:50 +00:00
Dr. Stephen Henson
c90a1ae0c9 make update 2009-10-18 14:44:51 +00:00
Dr. Stephen Henson
1a3914fe0c Seed PRNG with DSA and ECDSA digests for additional protection against
possible PRNG state duplication.
2009-09-09 12:14:36 +00:00
Dr. Stephen Henson
6c29853bf2 PR: 1644
Submitted by: steve@openssl.org

Fix to make DHparams_dup() et al work in C++.

For 1.0 fix the final argument to ASN1_dup() so it is void *. Replace some
*_dup macros with functions.
2009-09-06 15:49:12 +00:00
Dr. Stephen Henson
2c11ec308b PR: 2029
Submitted by: Tomas Mraz <tmraz@redhat.com>
Checked by: steve@openssl.org

Fix so that the legacy digest EVP_dss1() still works.
2009-09-02 15:51:28 +00:00