提交 c962479b 编写于 作者: D Dr. Stephen Henson

Fix ASN1 bug when decoding OTHER type.

Various S/MIME DSA related fixes.
上级 b31ccc36
...@@ -11,6 +11,16 @@ ...@@ -11,6 +11,16 @@
*) applies to 0.9.6a (/0.9.6b) and 0.9.7 *) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only +) applies to 0.9.7 only
+) Fix various bugs related to DSA S/MIME verification. Handle missing
parameters in DSA public key structures and return an error in the
DSA routines if parameters are absent.
[Steve Henson]
+) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
needs to match any other type at all we need to manually clear the
tag cache.
[Steve Henson]
+) Changes to the "openssl engine" utility to include; +) Changes to the "openssl engine" utility to include;
- verbosity levels ('-v', '-vv', and '-vvv') that provide information - verbosity levels ('-v', '-vv', and '-vvv') that provide information
about an ENGINE's available control commands. about an ENGINE's available control commands.
...@@ -88,6 +98,7 @@ ...@@ -88,6 +98,7 @@
that they do not hold after the first thread unsets add_do_not_lock). that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller] [Bodo Moeller]
>>>>>>> 1.823
+) Implement binary inversion algorithm for BN_mod_inverse in addition +) Implement binary inversion algorithm for BN_mod_inverse in addition
to the algorithm using long divison. The binary algorithm can be to the algorithm using long divison. The binary algorithm can be
used only if the modulus is odd. On 32-bit systems, it is faster used only if the modulus is odd. On 32-bit systems, it is faster
......
...@@ -611,8 +611,13 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl ...@@ -611,8 +611,13 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
} else if(ret == -1) return -1; } else if(ret == -1) return -1;
/* SEQUENCE, SET and "OTHER" are left in encoded form */ /* SEQUENCE, SET and "OTHER" are left in encoded form */
if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
/* Clear context cache for type OTHER because the auto clear when
* we have a exact match wont work
*/
if(utype == V_ASN1_OTHER) {
asn1_tlc_clear(ctx);
/* SEQUENCE and SET must be constructed */ /* SEQUENCE and SET must be constructed */
if((utype != V_ASN1_OTHER) && !cst) { } else if(!cst) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED); ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
return 0; return 0;
} }
...@@ -899,7 +904,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i ...@@ -899,7 +904,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
} }
} }
} }
if(i & 0x80) { if(i & 0x80) {
ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
asn1_tlc_clear(ctx); asn1_tlc_clear(ctx);
......
...@@ -198,7 +198,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) ...@@ -198,7 +198,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
a=key->algor; a=key->algor;
if (ret->type == EVP_PKEY_DSA) if (ret->type == EVP_PKEY_DSA)
{ {
if (a->parameter->type == V_ASN1_SEQUENCE) if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
{ {
ret->pkey.dsa->write_params=0; ret->pkey.dsa->write_params=0;
cp=p=a->parameter->value.sequence->data; cp=p=a->parameter->value.sequence->data;
......
...@@ -229,6 +229,7 @@ DH *DSA_dup_DH(const DSA *r); ...@@ -229,6 +229,7 @@ DH *DSA_dup_DH(const DSA *r);
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.
*/ */
void ERR_load_DSA_strings(void);
/* Error codes for the DSA functions. */ /* Error codes for the DSA functions. */
...@@ -250,9 +251,9 @@ DH *DSA_dup_DH(const DSA *r); ...@@ -250,9 +251,9 @@ DH *DSA_dup_DH(const DSA *r);
/* Reason codes. */ /* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_MISSING_PARAMETERS 101
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif #endif
...@@ -86,6 +86,7 @@ static ERR_STRING_DATA DSA_str_functs[]= ...@@ -86,6 +86,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
static ERR_STRING_DATA DSA_str_reasons[]= static ERR_STRING_DATA DSA_str_reasons[]=
{ {
{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
{0,NULL} {0,NULL}
}; };
......
...@@ -106,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ...@@ -106,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
int i,reason=ERR_R_BN_LIB; int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL; DSA_SIG *ret=NULL;
if (!dsa->p || !dsa->q || !dsa->g)
{
reason=DSA_R_MISSING_PARAMETERS;
goto err;
}
BN_init(&m); BN_init(&m);
BN_init(&xr); BN_init(&xr);
s=BN_new(); s=BN_new();
...@@ -168,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) ...@@ -168,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
BIGNUM k,*kinv=NULL,*r=NULL; BIGNUM k,*kinv=NULL,*r=NULL;
int ret=0; int ret=0;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
return 0;
}
if (ctx_in == NULL) if (ctx_in == NULL)
{ {
if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx=BN_CTX_new()) == NULL) goto err;
...@@ -225,6 +235,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, ...@@ -225,6 +235,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
BIGNUM u1,u2,t1; BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL; BN_MONT_CTX *mont=NULL;
int ret = -1; int ret = -1;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
return -1;
}
if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&u1); BN_init(&u1);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册