Commit graph

362 commits

Author SHA1 Message Date
Rich Salz
3be39dc1e3 RT4044: Remove .cvsignore files.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-15 11:58:27 -04:00
Kurt Roeckx
728bcd59d3 d2i: don't update input pointer on failure
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
MR #1005
(cherry picked from commit a46c9789ce)
2015-09-15 00:07:54 +02:00
Tim Zhang
41fe7d2380 Fix the comment for POINT_CONVERSION_UNCOMPRESSED
The |z| value should be 0x04 not 0x02

RT#3838

Signed-off-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 91d2728b38)
2015-09-01 23:53:48 +01:00
Matt Caswell
5438e17de0 Fix warning when compiling with no-ec2m
EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 8d11b7c7ee)
2015-08-04 10:47:54 +01:00
Matt Caswell
7cb79c7afb EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 68886be7e2)
2015-06-10 10:49:06 +01:00
Billy Brumley
bec1093cce fix copy paste error in ec_GF2m function prototypes
RT#3858

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 71f6130b7a)
2015-05-26 10:14:19 +02:00
Richard Levitte
bf42354620 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
2015-05-23 06:25:12 +02:00
Matt Caswell
5bea7975a6 Add sanity check to print_bin function
Add a sanity check to the print_bin function to ensure that the |off|
argument is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3deeeeb61b)
2015-04-30 23:21:53 +01:00
Emilia Kasper
07977739f0 NISTZ256: use EC_POINT API and check errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6038354cf8)
2015-04-27 19:50:19 +02:00
Emilia Kasper
c7e78b6bed NISTZ256: don't swallow malloc errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a4d5269e6d)
2015-04-27 18:06:01 +02:00
Emilia Kasper
df6c736fbd NISTZ256: set Z_is_one to boolean 0/1 as is customary.
Cosmetic, no real effect.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4446044a79)
2015-04-27 16:50:05 +02:00
Emilia Kasper
c30a1b3b33 Error checking and memory leak fixes in NISTZ256.
Thanks to Brian Smith for reporting these issues.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-27 16:37:19 +02:00
Emilia Kasper
9ed55313a7 Fix error checking and memory leaks in NISTZ256 precomputation.
Thanks to Brian Smith for reporting these issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 53dd4ddf71)
2015-04-24 17:47:01 +02:00
Emilia Kasper
7238a82c8a Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Also add a few comments about constant-timeness.

Thanks to Brian Smith for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-24 17:35:56 +02:00
Douglas E Engert
3d5bb773ec Ensure EC private keys retain leading zeros
RFC5915 requires the use of the I2OSP primitive as defined in RFC3447
for storing an EC Private Key. This converts the private key into an
OCTETSTRING and retains any leading zeros. This commit ensures that those
leading zeros are present if required.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 30cd4ff294)

Conflicts:
	crypto/ec/ec_asn1.c
2015-03-31 16:38:20 +01:00
Andy Polyakov
c8ece537e3 ec/asm/ecp_nistz256-x86_64.pl: update commentary with before-after performance data.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b06a6f7cc44baa0c17207a8f72c4ac360be7b555)
2015-03-28 15:56:28 +01:00
Matt Caswell
18029a3d07 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 12:58:35 +00:00
Andy Polyakov
94be83127b Avoid reading an unused byte after the buffer
Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9fbbdd73c5)
2015-03-14 18:24:58 +01:00
Matt Caswell
4d2207f097 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
ba5d0113e8 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Dr. Stephen Henson
6fa805f516 FIPS build fixes.
PR#3673

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 00:12:39 +00:00
Matt Caswell
83975c80bb Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.2 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
323d39e87f Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
f3b6ee30f4 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:49 +00:00
Andy Polyakov
319d5c7a58 ec/ecp_nistz256.c: further harmonization with latest rules.
Conflicts:
	crypto/ec/ecp_nistz256.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:26 +00:00
Andy Polyakov
e1e7dc5085 ec/ecp_nistz256.c: harmonize with latest indent script.
Conflicts:
	crypto/ec/ecp_nistz256.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:27:52 +00:00
Matt Caswell
cc6e2a5936 Fix strange formatting by indent
Conflicts:
	crypto/hmac/hmac.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:58 +00:00
Matt Caswell
65a6a1ff45 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:44 +00:00
Matt Caswell
bc2d623c0e Fix source where indent will not be able to cope
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:24:04 +00:00
Matt Caswell
c695ebe2a0 Additional comment changes for reformat of 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:58 +00:00
Matt Caswell
e19d4a99b8 Further comment amendments to preserve formatting prior to source reformat
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:50 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:04 +00:00
Andy Polyakov
c02e2d6a71 ecp_nistz256-x86_64.pl: fix occasional failures.
RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 9e557ab262)
2015-01-04 23:22:06 +01:00
Emilia Kasper
0e1c318ece Build fixes
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-12-17 14:27:49 +01:00
Matt Caswell
a38ae11c48 Add OPENSSL_NO_ECDH guards
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit af6e2d51bf)
2014-12-16 14:17:12 +00:00
Matt Caswell
6f71d7da64 When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8d02bebddf)
2014-11-20 15:21:37 +00:00
Matt Caswell
5b3a5e3e90 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf9)
2014-11-12 20:29:27 +00:00
Andy Polyakov
9fa9370b6f crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b10)
2014-09-22 00:11:04 +02:00
Dr. Stephen Henson
12f14b1d8f Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f72)
2014-09-22 00:10:53 +02:00
Andy Polyakov
27918b7c25 crypto/ec: harmonize new code with FIPS module.
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22 00:07:44 +02:00
Andy Polyakov
3842a64d36 Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06fce)
2014-09-22 00:07:44 +02:00
Andy Polyakov
8aed2a7548 Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179aa)
2014-09-22 00:07:44 +02:00
Andy Polyakov
11d8abb331 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE
2014-09-22 00:07:44 +02:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4)
2014-09-08 17:23:37 -04:00
Emilia Kasper
7f7c05ca63 Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
2014-08-27 19:50:15 +02:00
Matt Caswell
2083f7c465 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
2014-08-27 19:50:15 +02:00
Adam Langley
1f2b943254 RT3065: ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
2014-08-27 19:50:15 +02:00
Bodo Moeller
267e6f3cc0 Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
2014-08-13 17:40:33 +02:00
Dr. Stephen Henson
bc792813f0 Only use FIPS EC methods in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1433cac53c)
2014-08-07 02:11:53 +01:00