[openssl-commits] [openssl] master update
The branch master has been updated via 201b305a2409d9eb13b5e4bfbd4967e04e155a60 (commit) from cb809437d391176a1c2e76f6da77a790c9382c4b (commit) - Log - commit 201b305a2409d9eb13b5e4bfbd4967e04e155a60 Author: Beat Bolli Date: Mon Jul 30 07:34:32 2018 +1000 apps/dsaparam.c generates code that is intended to be pasted or included into an existing source file: the function is static, and the code doesn't include dsa.h. Match the generated C source style of dsaparam. Adjust apps/dhparam.c to match, and rename the BIGNUMs to their more usual single-letter names. Add an error return in the generated C source. both: simplify the callback function Signed-off-by: Beat Bolli Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6797) --- Summary of changes: apps/dhparam.c | 35 +-- apps/dsaparam.c | 11 ++- 2 files changed, 15 insertions(+), 31 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index 44160fd..13f7675 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -309,33 +309,31 @@ int dhparam_main(int argc, char **argv) bits = DH_bits(dh); DH_get0_pqg(dh, , NULL, ); data = app_malloc(len, "print a BN"); -BIO_printf(out, "#ifndef HEADER_DH_H\n" -"# include \n" -"#endif\n" -"\n"); -BIO_printf(out, "DH *get_dh%d()\n{\n", bits); + +BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits); print_bignum_var(out, pbn, "dhp", bits, data); print_bignum_var(out, gbn, "dhg", bits, data); BIO_printf(out, "DH *dh = DH_new();\n" -"BIGNUM *dhp_bn, *dhg_bn;\n" +"BIGNUM *p, *g;\n" "\n" "if (dh == NULL)\n" "return NULL;\n"); -BIO_printf(out, "dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", +BIO_printf(out, "p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", bits, bits); -BIO_printf(out, "dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", +BIO_printf(out, "g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", bits, bits); -BIO_printf(out, "if (dhp_bn == NULL || dhg_bn == NULL\n" -"|| !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" +BIO_printf(out, "if (p == NULL || g == NULL\n" +"|| !DH_set0_pqg(dh, p, NULL, g)) {\n" "DH_free(dh);\n" -"BN_free(dhp_bn);\n" -"BN_free(dhg_bn);\n" +"BN_free(p);\n" +"BN_free(g);\n" "return NULL;\n" "}\n"); if (DH_get_length(dh) > 0) BIO_printf(out, "if (!DH_set_length(dh, %ld)) {\n" "DH_free(dh);\n" +"return NULL;\n" "}\n", DH_get_length(dh)); BIO_printf(out, "return dh;\n}\n"); OPENSSL_free(data); @@ -371,16 +369,9 @@ int dhparam_main(int argc, char **argv) static int dh_cb(int p, int n, BN_GENCB *cb) { -char c = '*'; - -if (p == 0) -c = '.'; -if (p == 1) -c = '+'; -if (p == 2) -c = '*'; -if (p == 3) -c = '\n'; +static const char symbols[] = ".+*\n"; +char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; + BIO_write(BN_GENCB_get_arg(cb), , 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 9d8af9e..b227b76 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -248,16 +248,9 @@ int dsaparam_main(int argc, char **argv) static int dsa_cb(int p, int n, BN_GENCB *cb) { -char c = '*'; +static const char symbols[] = ".+*\n"; +char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; -if (p == 0) -c = '.'; -if (p == 1) -c = '+'; -if (p == 2) -c = '*'; -if (p == 3) -c = '\n'; BIO_write(BN_GENCB_get_arg(cb), , 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 (commit) from 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit) - Log - commit 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 Author: Bryan Donlan Date: Tue Jul 17 13:38:17 2018 -0700 Remove DSA digest length checks when no digest is passed FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) (cherry picked from commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd) --- Summary of changes: crypto/dsa/dsa_pmeth.c | 18 -- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index a1cbaad..a82c4c9 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -76,13 +76,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; -if (dctx->md) { -if (tbslen != (size_t)EVP_MD_size(dctx->md)) -return 0; -} else { -if (tbslen != SHA_DIGEST_LENGTH) -return 0; -} +if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) +return 0; ret = DSA_sign(0, tbs, tbslen, sig, , dsa); @@ -100,13 +95,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; -if (dctx->md) { -if (tbslen != (size_t)EVP_MD_size(dctx->md)) -return 0; -} else { -if (tbslen != SHA_DIGEST_LENGTH) -return 0; -} +if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) +return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cb809437d391176a1c2e76f6da77a790c9382c4b (commit) via 665d9d1c0655d6f709c99e1211c1e11fcebfeecd (commit) from bd93f1ac2750450033dbfa76b5f1597b0145b585 (commit) - Log - commit cb809437d391176a1c2e76f6da77a790c9382c4b Author: Bryan Donlan Date: Tue Jul 17 13:04:09 2018 -0700 Add test for DSA signatures of raw digests of various sizes Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd Author: Bryan Donlan Date: Tue Jul 17 13:38:17 2018 -0700 Remove DSA digest length checks when no digest is passed FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) --- Summary of changes: crypto/dsa/dsa_pmeth.c | 18 +-- test/build.info| 6 +- test/dsa_no_digest_size_test.c | 245 + test/recipes/15-test_dsa.t | 3 +- 4 files changed, 256 insertions(+), 16 deletions(-) create mode 100644 test/dsa_no_digest_size_test.c diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index f66317b..b4ee5a7 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -77,13 +77,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; -if (dctx->md) { -if (tbslen != (size_t)EVP_MD_size(dctx->md)) -return 0; -} else { -if (tbslen != SHA_DIGEST_LENGTH) -return 0; -} +if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) +return 0; ret = DSA_sign(0, tbs, tbslen, sig, , dsa); @@ -101,13 +96,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; -if (dctx->md) { -if (tbslen != (size_t)EVP_MD_size(dctx->md)) -return 0; -} else { -if (tbslen != SHA_DIGEST_LENGTH) -return 0; -} +if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) +return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); diff --git a/test/build.info b/test/build.info index 8dbe0c2..04014e7 100644 --- a/test/build.info +++ b/test/build.info @@ -33,7 +33,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN rc2test rc4test rc5test \ destest mdc2test \ dhtest enginetest casttest \ - bftest ssltest_old dsatest exptest rsa_test \ + bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \ evp_test evp_extra_test igetest v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test \ conf_include_test \ @@ -152,6 +152,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[dsatest]=../include DEPEND[dsatest]=../libcrypto libtestutil.a + SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c + INCLUDE[dsa_no_digest_size_test]=../include + DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a + SOURCE[exptest]=exptest.c INCLUDE[exptest]=../include DEPEND[exptest]=../libcrypto libtestutil.a diff --git a/test/dsa_no_digest_size_test.c b/test/dsa_no_digest_size_test.c new file mode 100644 index 000..88c6036 --- /dev/null +++ b/test/dsa_no_digest_size_test.c @@ -0,0 +1,245 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "testutil.h" + +#include +#include +#include + +#ifndef OPENSSL_NO_DSA +#include + +static DSA *dsakey; + +/* + * These parameters are from test/recipes/04-test_pem_data/dsaparam.pem, + * converted using dsaparam -C + */ +static DSA *load_dsa_params(void) +{ +static unsigned char dsap_2048[] = { +0xAE, 0x35, 0x7D, 0x4E, 0x1D, 0x96, 0xE2, 0x9F, 0x00, 0x96, +0x60, 0x5A, 0x6E, 0x4D, 0x07, 0x8D, 0xA5, 0x7C, 0xBC, 0xF9, +0xAD, 0xD7, 0x9F, 0xD5, 0xE9, 0xEE, 0xA6, 0x33, 0x51, 0xDE, +0x7B, 0x72, 0xD2, 0x75, 0xAA, 0x71, 0x77, 0xF1, 0x63, 0xFB, +0xB6, 0xEC, 0x5A, 0xBA, 0x0D, 0x72, 0xA2, 0x1A, 0x1C, 0x64, +0xB8, 0xE5, 0x89, 0x09, 0x6D, 0xC9, 0x6F, 0x0B, 0x7F, 0xD2, +0xCE, 0x9F, 0xEF, 0x87, 0x5A, 0xB6, 0x67, 0x2F, 0xEF, 0xEE, +
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit) via 811162832e875576c13139493d949b3157a1c8cf (commit) from 9da6f31c7e61b484dda6c0a59d46c76410981e13 (commit) - Log - commit 3c0addb71c66adf729f48050c3a75f68c44b23b6 Author: Andy Polyakov Date: Fri Jul 20 13:23:42 2018 +0200 crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop. Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit 80ae7285e1994d35c84519bf9e038b11d9942875) Resolved conflicts: crypto/init.c commit 811162832e875576c13139493d949b3157a1c8cf Author: Andy Polyakov Date: Fri Jul 20 13:15:48 2018 +0200 crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit b86d57bb0b23253c720db38ab18ca97cb888f701) Resolved conflicts: crypto/cryptlib.c --- Summary of changes: crypto/cryptlib.c | 104 +- crypto/init.c | 54 ++-- 2 files changed, 122 insertions(+), 36 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index bf73244..3b878cd 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -23,29 +23,97 @@ extern unsigned int OPENSSL_ia32cap_P[4]; # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#include + +/* + * Purpose of these minimalistic and character-type-agnostic subroutines + * is to break dependency on MSVCRT (on Windows) and locale. This makes + * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- + * agnostic" means that they work with either wide or 8-bit characters, + * exploiting the fact that first 127 characters can be simply casted + * between the sets, while the rest would be simply rejected by ossl_is* + * subroutines. + */ +# ifdef _WIN32 +typedef WCHAR variant_char; + +static variant_char *ossl_getenv(const char *name) +{ +/* + * Since we pull only one environment variable, it's simpler to + * to just ignore |name| and use equivalent wide-char L-literal. + * As well as to ignore excessively long values... + */ +static WCHAR value[48]; +DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); + +return (len > 0 && len < 48) ? value : NULL; +} +# else +typedef char variant_char; +# define ossl_getenv getenv +# endif + +static int todigit(variant_char c) +{ +if (c >= '0' && c <= '9') +return c - '0'; +else if (c >= 'A' && c <= 'F') +return c - 'A' + 10; +else if (c >= 'a' && c <= 'f') +return c - 'a' + 10; + +/* return largest base value to make caller terminate the loop */ +return 16; +} + +static uint64_t ossl_strtouint64(const variant_char *str) +{ +uint64_t ret = 0; +unsigned int digit, base = 10; + +if (*str == '0') { +base = 8, str++; +if (*str == 'x' || *str == 'X') +base = 16, str++; +} + +while((digit = todigit(*str++)) < base) +ret = ret * base + digit; + +return ret; +} + +static variant_char *ossl_strchr(const variant_char *str, char srch) +{ variant_char c; + +while((c = *str)) { +if (c == srch) + return (variant_char *)str; +str++; +} + +return NULL; +} + # define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; + void OPENSSL_cpuid_setup(void) { static int trigger = 0; IA32CAP OPENSSL_ia32_cpuid(unsigned int *); IA32CAP vec; -char *env; +const variant_char *env; if (trigger) return; trigger = 1; -if ((env = getenv("OPENSSL_ia32cap"))) { +if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { int off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) -if (!sscanf(env + off, "%I64i", )) -vec = strtoul(env + off, NULL, 0); -# else -if (!sscanf(env + off, "%lli", (long long *))) -vec = strtoul(env + off, NULL, 0); -# endif + +vec = ossl_strtouint64(env + off); + if (off) { IA32CAP mask = vec; vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; @@ -64,15 +132,17 @@ void OPENSSL_cpuid_setup(void) vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); } -if ((env = strchr(env, ':'))) { -unsigned int vecx; +if ((env = ossl_strchr(env, ':')) != NULL) { +IA32CAP vecx; + env++; off = (env[0]
[openssl-commits] Build completed: openssl master.19151
Build openssl master.19151 completed Commit ebdddba320 by Andy Polyakov on 7/29/2018 12:52 PM: internal/tsan_assist.h: fix typo [to be squashed]. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3FRsji5o3tTO2lebZ3wr2NnGLOBoexb-2FkVVNe1Acnsy4vAwoKPpo-2BqvRlA6fIuhyhb-2FXmEh0gGVzTxumm7i2Jn39xnY0tNLn4Jqi3XzSDkF2Ei2VqaHQEgC1ZvmVC63FXAcoXXO-2F9IAehPz2idDMytdZ5v6RTUCBQZ4-2Fi6BaollkoOXwKQkC5aExgIUW2r4As-3D Build ID: 221313 Analysis Summary: New defects found: 0 Defects eliminated: 0 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2ZRS51r1beS405I5-2Bt7yA72N927qmu-2B0dYMqnwCyPNGvk1oDQuv0-2FdZNZNSGN7frBw0BjQ-2F3VuQKZ3hIgS5ZhIQSTU9rQuFWTNLJSVNGeyAI6OjuHvzaXHq37ecCw2BUwT-2ByWDcwpm5tWuaPlYr-2F-2FkyNFh4HfApcI2May2dCXDQL2rGmMFmOtGU6RM9TxHKVM-3D Build ID: 221310 Analysis Summary: New defects found: 0 Defects eliminated: 1 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits