Commit graph

432 commits

Author SHA1 Message Date
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c Don't allocate r/s in DSA_SIG and ECDSA_SIG
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-20 14:02:54 +01:00
Ben Laurie
24bf6f3c7f Deal with API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-24 14:40:33 +01:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
FdaSilvaYY
823146d65f Useless header include of openssl/rand.h
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
Matt Caswell
b84e12266f Fix the build and tests following constification of DH, DSA, RSA
Misc fixes following the constification of the DH, DSA and RSA
getters.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-16 13:34:44 +01:00
Richard Levitte
fd809cfdbd Constify the parameter getters for RSA, DSA and DH
Including documentation changes

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
TJ Saunders
bbaa9dd850 Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
7ca3ea22c1 Reorder the setter arguments to more consistently match that of other APIs,
per review comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
6a571a18dd Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
Cesar Pereida
47ae05ba62 Set flag BN_FLG_CONSTTIME earlier
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 15:26:57 +01:00
Cesar Pereida
033dc8fad0 Remove kq and set BN_FLG_CONSTTIME in k for BN_mod_inverse
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 15:26:57 +01:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
Matt Caswell
f943e640ef Simplify dsa_ossl.c
The dsa_ossl.c file defined a couple of multi-line macros, but then only
used each one once. The macros just serve to complicate the code and make
it more difficult to understand what is really going on. Hence they are
removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:08:15 +01:00
Cesar Pereida
399944622d Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 11:08:15 +01:00
Kurt Roeckx
578b551441 Specifiy size of arrays
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1139
2016-06-04 15:08:32 +02:00
Rich Salz
b8a9af6881 Remove/rename some old files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:29:57 -04:00
FdaSilvaYY
b2b361f6af Raise an Err when CRYPTO_THREAD_lock_new fails
Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-01 13:14:49 +01:00
Dr. Stephen Henson
f72f00d495 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:06:16 +01:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
FdaSilvaYY
aca6dae94b Remove useless NULL checks
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:37:02 +01:00
Matt Caswell
569d064609 Add some error messages for malloc fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
6ef020c988 Better checks for malloc failure in various METHOD functions
A number of the METHOD functions weren't properly handling malloc failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
d2e9e32018 Copyright consolidation 07/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:26 -04:00
Matt Caswell
10a57adc60 Remove some dead code
Commit e1d9f1ab39 left some dead code behind. This removes it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-29 09:23:45 +01:00
FdaSilvaYY
2bbf0baa95 Add checks on CRYPTO_new_ex_data return value...
with some adaptation to new multi-threading API.

Once reference, lock, meth and flag fields are setup,
DSA_free/DH_free can be called directly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/996)
2016-04-28 14:37:41 -04:00
Matt Caswell
f08e803450 Check that we were actually allocated BIGNUMs in dsa_builtin_paramgen2
Calls to BN_CTX_get() can fail so we should check that they were
successful.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-28 13:13:09 +01:00
Viktor Dukhovni
4a397f5168 Fix set0 reuse test
We must test for new object == current object, not !=.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-27 16:16:34 -04:00
Richard Levitte
1da12e34ed RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised.  Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:

    RSA_get0_key(rsa, NULL, &e, NULL);
    RSA_get0_factors(rsa, &p, &q);
    /* calculate new d */
    RSA_set0_key(rsa, NULL, NULL, d);

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-27 15:07:53 +02:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Matt Caswell
998f2cb8c4 Fix double free bug in error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
0aeddcfa61 Make DH opaque
Move the dh_st structure into an internal header file and provide
relevant accessors for the internal fields.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-09 10:10:55 +01:00
Matt Caswell
aa05e7caea Rename get/set_app_data to get0/set0_app_data
Also fixed a style issue

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
a517f7fcdc Various DSA opacity fixups
Numerous fixups based on feedback of the DSA opacity changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
6e9fa57c6d Make DSA_METHOD opaque
Move the dsa_method structure out of the public header file, and provide
getter and setter functions for creating and modifying custom DSA_METHODs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Matt Caswell
1258396d73 Make the DSA structure opaque
Move the dsa_st structure out of the public header file. Add some accessor
functions to enable access to the internal fields, and update all internal
usage to use the new functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-03 00:23:56 +01:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Dr. Stephen Henson
99cccf3643 constify DSA_SIG_get0()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 19:56:56 +00:00
Dr. Stephen Henson
40f43f8a2e move DSA_SIG definition into C source file
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 14:53:50 +00:00
Dr. Stephen Henson
706a13f112 Make DSA_SIG opaque.
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 17:02:16 +00:00
Alessandro Ghedini
d188a53617 Convert CRYPTO_LOCK_{DH,DSA,RSA} to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Dr. Stephen Henson
e1d9f1ab39 Remove kinv/r fields from DSA structure.
The kinv/r fields in the DSA structure are not used by OpenSSL internally
and should not be used in general.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 22:15:04 +00:00
FdaSilvaYY
17fa4e8eda GH715: Missed some null-check-removals. follow commits 412bafdcf5, and 7c96dbcdab
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-28 17:40:08 -05:00
Rich Salz
7c96dbcdab GH715: ENGINE_finish can take NULL
Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 15:19:42 -05:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Dr. Stephen Henson
dfb10af92e Remove DSA negative integer workaround code.
Remove DSA private key code which tolerates broken implementations which
use negative integers.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-19 18:54:50 +00:00
Dr. Stephen Henson
ab4a81f69e Remove broken DSA private key workarounds.
Remove old code that handled various invalid DSA formats in ancient
software.

This also fixes a double free bug when parsing malformed DSA private keys.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

CVE-2016-0705

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-19 18:54:50 +00:00