Commit graph

346 commits

Author SHA1 Message Date
Matt Caswell
18029a3d07 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 12:58:35 +00:00
Andy Polyakov
94be83127b Avoid reading an unused byte after the buffer
Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9fbbdd73c5)
2015-03-14 18:24:58 +01:00
Matt Caswell
4d2207f097 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
ba5d0113e8 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Dr. Stephen Henson
6fa805f516 FIPS build fixes.
PR#3673

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 00:12:39 +00:00
Matt Caswell
83975c80bb Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.2 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
323d39e87f Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:48 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
f3b6ee30f4 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:49 +00:00
Andy Polyakov
319d5c7a58 ec/ecp_nistz256.c: further harmonization with latest rules.
Conflicts:
	crypto/ec/ecp_nistz256.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:26 +00:00
Andy Polyakov
e1e7dc5085 ec/ecp_nistz256.c: harmonize with latest indent script.
Conflicts:
	crypto/ec/ecp_nistz256.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:27:52 +00:00
Matt Caswell
cc6e2a5936 Fix strange formatting by indent
Conflicts:
	crypto/hmac/hmac.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:58 +00:00
Matt Caswell
65a6a1ff45 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:44 +00:00
Matt Caswell
bc2d623c0e Fix source where indent will not be able to cope
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:24:04 +00:00
Matt Caswell
c695ebe2a0 Additional comment changes for reformat of 1.0.2
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:58 +00:00
Matt Caswell
e19d4a99b8 Further comment amendments to preserve formatting prior to source reformat
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:50 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:04 +00:00
Andy Polyakov
c02e2d6a71 ecp_nistz256-x86_64.pl: fix occasional failures.
RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 9e557ab262)
2015-01-04 23:22:06 +01:00
Emilia Kasper
0e1c318ece Build fixes
Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2014-12-17 14:27:49 +01:00
Matt Caswell
a38ae11c48 Add OPENSSL_NO_ECDH guards
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit af6e2d51bf)
2014-12-16 14:17:12 +00:00
Matt Caswell
6f71d7da64 When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8d02bebddf)
2014-11-20 15:21:37 +00:00
Matt Caswell
5b3a5e3e90 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf9)
2014-11-12 20:29:27 +00:00
Andy Polyakov
9fa9370b6f crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b10)
2014-09-22 00:11:04 +02:00
Dr. Stephen Henson
12f14b1d8f Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f72)
2014-09-22 00:10:53 +02:00
Andy Polyakov
27918b7c25 crypto/ec: harmonize new code with FIPS module.
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22 00:07:44 +02:00
Andy Polyakov
3842a64d36 Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06fce)
2014-09-22 00:07:44 +02:00
Andy Polyakov
8aed2a7548 Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179aa)
2014-09-22 00:07:44 +02:00
Andy Polyakov
11d8abb331 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE
2014-09-22 00:07:44 +02:00
Kurt Roeckx
57c932dafd RT2626: Change default_bits from 1K to 2K
This is a more comprehensive fix.  It changes all
keygen apps to use 2K keys. It also changes the
default to use SHA256 not SHA1.  This is from
Kurt's upstream Debian changes.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 44e0c2bae4)
2014-09-08 17:23:37 -04:00
Emilia Kasper
7f7c05ca63 Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
2014-08-27 19:50:15 +02:00
Matt Caswell
2083f7c465 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
2014-08-27 19:50:15 +02:00
Adam Langley
1f2b943254 RT3065: ec_private_key_dont_crash
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
2014-08-27 19:50:15 +02:00
Bodo Moeller
267e6f3cc0 Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
2014-08-13 17:40:33 +02:00
Dr. Stephen Henson
bc792813f0 Only use FIPS EC methods in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1433cac53c)
2014-08-07 02:11:53 +01:00
Bodo Moeller
d5213519c0 Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org
2014-08-01 17:27:59 +02:00
Billy Brumley
4ccc2c19e2 "EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57ce)
2014-07-21 22:28:09 +01:00
Libor Krystek
a5d03c54ab Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 2014-06-03 23:17:21 +01:00
David Ramos
e34af3ec2b Double free in i2o_ECPublicKey
PR: 3338
2014-05-04 00:50:42 +01:00
mancha
3f1b3d9675 Fix eckey_priv_encode()
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-24 19:31:49 +00:00
Dr. Stephen Henson
0a9f7780e5 Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:23:21 +00:00
Dr. Stephen Henson
bc35b8e435 make update 2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
a257865303 Fix for some platforms where "char" is unsigned.
(cherry picked from commit 08b433540416c5bc9a874ba0343e35ba490c65f1)
2013-11-11 22:18:07 +00:00
Dr. Stephen Henson
5c4ff8ad37 Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
e1e6c4dae7 Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
1747fd1cc6 Add support for ECDH KARI.
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
(cherry picked from commit 88e20b8584)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
a119822b90 Add support for X9.62 KDF.
Add X9.62 KDF to EC EVP_PKEY_METHOD.
(cherry picked from commit 25af7a5dbc)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d6dc5c506a Add control to retrieve signature MD.
(cherry picked from commit 810639536c)
2013-10-01 14:01:17 +01:00
Bodo Moeller
485d7d5904 Fix overly lenient comparisons:
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
2013-09-16 14:50:48 +02:00
Matt Caswell
4e5b9645e8 Make binary curve ASN.1 work in FIPS mode.
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
(cherry picked from commit 94782e0e9c)
2013-03-26 16:58:29 +00:00
Dr. Stephen Henson
04347839ea enhance EC method to support setting curve type when generating keys and add parameter encoding option
(cherry picked from commit 24edfa9df9)
2013-03-20 15:54:05 +00:00