[openssl-commits] [openssl] master update
The branch master has been updated
via 201b305a2409d9eb13b5e4bfbd4967e04e155a60 (commit)
from cb809437d391176a1c2e76f6da77a790c9382c4b (commit)
- Log -
commit 201b305a2409d9eb13b5e4bfbd4967e04e155a60
Author: Beat Bolli
Date: Mon Jul 30 07:34:32 2018 +1000
apps/dsaparam.c generates code that is intended to be pasted or included
into an existing source file: the function is static, and the code
doesn't include dsa.h. Match the generated C source style of dsaparam.
Adjust apps/dhparam.c to match, and rename the BIGNUMs to their more
usual single-letter names. Add an error return in the generated C source.
both: simplify the callback function
Signed-off-by: Beat Bolli
Reviewed-by: Rich Salz
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/6797)
---
Summary of changes:
apps/dhparam.c | 35 +--
apps/dsaparam.c | 11 ++-
2 files changed, 15 insertions(+), 31 deletions(-)
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 44160fd..13f7675 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -309,33 +309,31 @@ int dhparam_main(int argc, char **argv)
bits = DH_bits(dh);
DH_get0_pqg(dh, , NULL, );
data = app_malloc(len, "print a BN");
-BIO_printf(out, "#ifndef HEADER_DH_H\n"
-"# include \n"
-"#endif\n"
-"\n");
-BIO_printf(out, "DH *get_dh%d()\n{\n", bits);
+
+BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
print_bignum_var(out, pbn, "dhp", bits, data);
print_bignum_var(out, gbn, "dhg", bits, data);
BIO_printf(out, "DH *dh = DH_new();\n"
-"BIGNUM *dhp_bn, *dhg_bn;\n"
+"BIGNUM *p, *g;\n"
"\n"
"if (dh == NULL)\n"
"return NULL;\n");
-BIO_printf(out, "dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d),
NULL);\n",
+BIO_printf(out, "p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
-BIO_printf(out, "dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d),
NULL);\n",
+BIO_printf(out, "g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
-BIO_printf(out, "if (dhp_bn == NULL || dhg_bn == NULL\n"
-"|| !DH_set0_pqg(dh, dhp_bn, NULL,
dhg_bn)) {\n"
+BIO_printf(out, "if (p == NULL || g == NULL\n"
+"|| !DH_set0_pqg(dh, p, NULL, g)) {\n"
"DH_free(dh);\n"
-"BN_free(dhp_bn);\n"
-"BN_free(dhg_bn);\n"
+"BN_free(p);\n"
+"BN_free(g);\n"
"return NULL;\n"
"}\n");
if (DH_get_length(dh) > 0)
BIO_printf(out,
"if (!DH_set_length(dh, %ld)) {\n"
"DH_free(dh);\n"
+"return NULL;\n"
"}\n", DH_get_length(dh));
BIO_printf(out, "return dh;\n}\n");
OPENSSL_free(data);
@@ -371,16 +369,9 @@ int dhparam_main(int argc, char **argv)
static int dh_cb(int p, int n, BN_GENCB *cb)
{
-char c = '*';
-
-if (p == 0)
-c = '.';
-if (p == 1)
-c = '+';
-if (p == 2)
-c = '*';
-if (p == 3)
-c = '\n';
+static const char symbols[] = ".+*\n";
+char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
+
BIO_write(BN_GENCB_get_arg(cb), , 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 9d8af9e..b227b76 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -248,16 +248,9 @@ int dsaparam_main(int argc, char **argv)
static int dsa_cb(int p, int n, BN_GENCB *cb)
{
-char c = '*';
+static const char symbols[] = ".+*\n";
+char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
-if (p == 0)
-c = '.';
-if (p == 1)
-c = '+';
-if (p == 2)
-c = '*';
-if (p == 3)
-c = '\n';
BIO_write(BN_GENCB_get_arg(cb), , 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 (commit)
from 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit)
- Log -
commit 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94
Author: Bryan Donlan
Date: Tue Jul 17 13:38:17 2018 -0700
Remove DSA digest length checks when no digest is passed
FIPS 186-4 does not specify a hard requirement on DSA digest lengths,
and in any case the current check rejects the FIPS recommended digest
lengths for key sizes != 1024 bits.
Fixes: #6748
Reviewed-by: Rich Salz
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6749)
(cherry picked from commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd)
---
Summary of changes:
crypto/dsa/dsa_pmeth.c | 18 --
1 file changed, 4 insertions(+), 14 deletions(-)
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index a1cbaad..a82c4c9 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -76,13 +76,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char
*sig,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
-if (dctx->md) {
-if (tbslen != (size_t)EVP_MD_size(dctx->md))
-return 0;
-} else {
-if (tbslen != SHA_DIGEST_LENGTH)
-return 0;
-}
+if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+return 0;
ret = DSA_sign(0, tbs, tbslen, sig, , dsa);
@@ -100,13 +95,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
-if (dctx->md) {
-if (tbslen != (size_t)EVP_MD_size(dctx->md))
-return 0;
-} else {
-if (tbslen != SHA_DIGEST_LENGTH)
-return 0;
-}
+if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+return 0;
ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via cb809437d391176a1c2e76f6da77a790c9382c4b (commit)
via 665d9d1c0655d6f709c99e1211c1e11fcebfeecd (commit)
from bd93f1ac2750450033dbfa76b5f1597b0145b585 (commit)
- Log -
commit cb809437d391176a1c2e76f6da77a790c9382c4b
Author: Bryan Donlan
Date: Tue Jul 17 13:04:09 2018 -0700
Add test for DSA signatures of raw digests of various sizes
Reviewed-by: Rich Salz
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6749)
commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd
Author: Bryan Donlan
Date: Tue Jul 17 13:38:17 2018 -0700
Remove DSA digest length checks when no digest is passed
FIPS 186-4 does not specify a hard requirement on DSA digest lengths,
and in any case the current check rejects the FIPS recommended digest
lengths for key sizes != 1024 bits.
Fixes: #6748
Reviewed-by: Rich Salz
Reviewed-by: Andy Polyakov
(Merged from https://github.com/openssl/openssl/pull/6749)
---
Summary of changes:
crypto/dsa/dsa_pmeth.c | 18 +--
test/build.info| 6 +-
test/dsa_no_digest_size_test.c | 245 +
test/recipes/15-test_dsa.t | 3 +-
4 files changed, 256 insertions(+), 16 deletions(-)
create mode 100644 test/dsa_no_digest_size_test.c
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index f66317b..b4ee5a7 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -77,13 +77,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char
*sig,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
-if (dctx->md) {
-if (tbslen != (size_t)EVP_MD_size(dctx->md))
-return 0;
-} else {
-if (tbslen != SHA_DIGEST_LENGTH)
-return 0;
-}
+if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+return 0;
ret = DSA_sign(0, tbs, tbslen, sig, , dsa);
@@ -101,13 +96,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
DSA_PKEY_CTX *dctx = ctx->data;
DSA *dsa = ctx->pkey->pkey.dsa;
-if (dctx->md) {
-if (tbslen != (size_t)EVP_MD_size(dctx->md))
-return 0;
-} else {
-if (tbslen != SHA_DIGEST_LENGTH)
-return 0;
-}
+if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+return 0;
ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
diff --git a/test/build.info b/test/build.info
index 8dbe0c2..04014e7 100644
--- a/test/build.info
+++ b/test/build.info
@@ -33,7 +33,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
rc2test rc4test rc5test \
destest mdc2test \
dhtest enginetest casttest \
- bftest ssltest_old dsatest exptest rsa_test \
+ bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
evp_test evp_extra_test igetest v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test \
conf_include_test \
@@ -152,6 +152,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[dsatest]=../include
DEPEND[dsatest]=../libcrypto libtestutil.a
+ SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
+ INCLUDE[dsa_no_digest_size_test]=../include
+ DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a
+
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include
DEPEND[exptest]=../libcrypto libtestutil.a
diff --git a/test/dsa_no_digest_size_test.c b/test/dsa_no_digest_size_test.c
new file mode 100644
index 000..88c6036
--- /dev/null
+++ b/test/dsa_no_digest_size_test.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include
+#include
+
+#include "testutil.h"
+
+#include
+#include
+#include
+
+#ifndef OPENSSL_NO_DSA
+#include
+
+static DSA *dsakey;
+
+/*
+ * These parameters are from test/recipes/04-test_pem_data/dsaparam.pem,
+ * converted using dsaparam -C
+ */
+static DSA *load_dsa_params(void)
+{
+static unsigned char dsap_2048[] = {
+0xAE, 0x35, 0x7D, 0x4E, 0x1D, 0x96, 0xE2, 0x9F, 0x00, 0x96,
+0x60, 0x5A, 0x6E, 0x4D, 0x07, 0x8D, 0xA5, 0x7C, 0xBC, 0xF9,
+0xAD, 0xD7, 0x9F, 0xD5, 0xE9, 0xEE, 0xA6, 0x33, 0x51, 0xDE,
+0x7B, 0x72, 0xD2, 0x75, 0xAA, 0x71, 0x77, 0xF1, 0x63, 0xFB,
+0xB6, 0xEC, 0x5A, 0xBA, 0x0D, 0x72, 0xA2, 0x1A, 0x1C, 0x64,
+0xB8, 0xE5, 0x89, 0x09, 0x6D, 0xC9, 0x6F, 0x0B, 0x7F, 0xD2,
+0xCE, 0x9F, 0xEF, 0x87, 0x5A, 0xB6, 0x67, 0x2F, 0xEF, 0xEE,
+
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit)
via 811162832e875576c13139493d949b3157a1c8cf (commit)
from 9da6f31c7e61b484dda6c0a59d46c76410981e13 (commit)
- Log -
commit 3c0addb71c66adf729f48050c3a75f68c44b23b6
Author: Andy Polyakov
Date: Fri Jul 20 13:23:42 2018 +0200
crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop.
Problem was that Windows threads that were terminating before libcrypto
was initialized were referencing uninitialized or possibly even
unrelated thread local storage index.
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6799)
(cherry picked from commit 80ae7285e1994d35c84519bf9e038b11d9942875)
Resolved conflicts:
crypto/init.c
commit 811162832e875576c13139493d949b3157a1c8cf
Author: Andy Polyakov
Date: Fri Jul 20 13:15:48 2018 +0200
crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor.
Reviewed-by: Rich Salz
(Merged from https://github.com/openssl/openssl/pull/6799)
(cherry picked from commit b86d57bb0b23253c720db38ab18ca97cb888f701)
Resolved conflicts:
crypto/cryptlib.c
---
Summary of changes:
crypto/cryptlib.c | 104 +-
crypto/init.c | 54 ++--
2 files changed, 122 insertions(+), 36 deletions(-)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index bf73244..3b878cd 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -23,29 +23,97 @@
extern unsigned int OPENSSL_ia32cap_P[4];
# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) &&
!defined(I386_ONLY)
-#include
+
+/*
+ * Purpose of these minimalistic and character-type-agnostic subroutines
+ * is to break dependency on MSVCRT (on Windows) and locale. This makes
+ * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type-
+ * agnostic" means that they work with either wide or 8-bit characters,
+ * exploiting the fact that first 127 characters can be simply casted
+ * between the sets, while the rest would be simply rejected by ossl_is*
+ * subroutines.
+ */
+# ifdef _WIN32
+typedef WCHAR variant_char;
+
+static variant_char *ossl_getenv(const char *name)
+{
+/*
+ * Since we pull only one environment variable, it's simpler to
+ * to just ignore |name| and use equivalent wide-char L-literal.
+ * As well as to ignore excessively long values...
+ */
+static WCHAR value[48];
+DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48);
+
+return (len > 0 && len < 48) ? value : NULL;
+}
+# else
+typedef char variant_char;
+# define ossl_getenv getenv
+# endif
+
+static int todigit(variant_char c)
+{
+if (c >= '0' && c <= '9')
+return c - '0';
+else if (c >= 'A' && c <= 'F')
+return c - 'A' + 10;
+else if (c >= 'a' && c <= 'f')
+return c - 'a' + 10;
+
+/* return largest base value to make caller terminate the loop */
+return 16;
+}
+
+static uint64_t ossl_strtouint64(const variant_char *str)
+{
+uint64_t ret = 0;
+unsigned int digit, base = 10;
+
+if (*str == '0') {
+base = 8, str++;
+if (*str == 'x' || *str == 'X')
+base = 16, str++;
+}
+
+while((digit = todigit(*str++)) < base)
+ret = ret * base + digit;
+
+return ret;
+}
+
+static variant_char *ossl_strchr(const variant_char *str, char srch)
+{ variant_char c;
+
+while((c = *str)) {
+if (c == srch)
+ return (variant_char *)str;
+str++;
+}
+
+return NULL;
+}
+
# define OPENSSL_CPUID_SETUP
typedef uint64_t IA32CAP;
+
void OPENSSL_cpuid_setup(void)
{
static int trigger = 0;
IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
IA32CAP vec;
-char *env;
+const variant_char *env;
if (trigger)
return;
trigger = 1;
-if ((env = getenv("OPENSSL_ia32cap"))) {
+if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) {
int off = (env[0] == '~') ? 1 : 0;
-# if defined(_WIN32)
-if (!sscanf(env + off, "%I64i", ))
-vec = strtoul(env + off, NULL, 0);
-# else
-if (!sscanf(env + off, "%lli", (long long *)))
-vec = strtoul(env + off, NULL, 0);
-# endif
+
+vec = ossl_strtouint64(env + off);
+
if (off) {
IA32CAP mask = vec;
vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
@@ -64,15 +132,17 @@ void OPENSSL_cpuid_setup(void)
vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
}
-if ((env = strchr(env, ':'))) {
-unsigned int vecx;
+if ((env = ossl_strchr(env, ':')) != NULL) {
+IA32CAP vecx;
+
env++;
off = (env[0]
[openssl-commits] Build completed: openssl master.19151
Build openssl master.19151 completed Commit ebdddba320 by Andy Polyakov on 7/29/2018 12:52 PM: internal/tsan_assist.h: fix typo [to be squashed]. Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3FRsji5o3tTO2lebZ3wr2NnGLOBoexb-2FkVVNe1Acnsy4vAwoKPpo-2BqvRlA6fIuhyhb-2FXmEh0gGVzTxumm7i2Jn39xnY0tNLn4Jqi3XzSDkF2Ei2VqaHQEgC1ZvmVC63FXAcoXXO-2F9IAehPz2idDMytdZ5v6RTUCBQZ4-2Fi6BaollkoOXwKQkC5aExgIUW2r4As-3D Build ID: 221313 Analysis Summary: New defects found: 0 Defects eliminated: 0 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2ZRS51r1beS405I5-2Bt7yA72N927qmu-2B0dYMqnwCyPNGvk1oDQuv0-2FdZNZNSGN7frBw0BjQ-2F3VuQKZ3hIgS5ZhIQSTU9rQuFWTNLJSVNGeyAI6OjuHvzaXHq37ecCw2BUwT-2ByWDcwpm5tWuaPlYr-2F-2FkyNFh4HfApcI2May2dCXDQL2rGmMFmOtGU6RM9TxHKVM-3D Build ID: 221310 Analysis Summary: New defects found: 0 Defects eliminated: 1 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
