From c962479bdf4379bcd21733e55bb8d3e6cabca055 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 21 Apr 2001 12:06:01 +0000 Subject: [PATCH] Fix ASN1 bug when decoding OTHER type. Various S/MIME DSA related fixes. --- CHANGES | 11 +++++++++++ crypto/asn1/tasn_dec.c | 9 +++++++-- crypto/asn1/x_pubkey.c | 2 +- crypto/dsa/dsa.h | 3 ++- crypto/dsa/dsa_err.c | 1 + crypto/dsa/dsa_ossl.c | 15 +++++++++++++++ 6 files changed, 37 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 1efb5920b7..c11d25b968 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,16 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + +) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + + +) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this + needs to match any other type at all we need to manually clear the + tag cache. + [Steve Henson] + +) Changes to the "openssl engine" utility to include; - verbosity levels ('-v', '-vv', and '-vvv') that provide information about an ENGINE's available control commands. @@ -88,6 +98,7 @@ that they do not hold after the first thread unsets add_do_not_lock). [Bodo Moeller] +>>>>>>> 1.823 +) Implement binary inversion algorithm for BN_mod_inverse in addition to the algorithm using long divison. The binary algorithm can be used only if the modulus is odd. On 32-bit systems, it is faster diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 7237f7e93c..bd0a7d50a2 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -611,8 +611,13 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl } else if(ret == -1) return -1; /* SEQUENCE, SET and "OTHER" are left in encoded form */ if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { + /* Clear context cache for type OTHER because the auto clear when + * we have a exact match wont work + */ + if(utype == V_ASN1_OTHER) { + asn1_tlc_clear(ctx); /* SEQUENCE and SET must be constructed */ - if((utype != V_ASN1_OTHER) && !cst) { + } else if(!cst) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; } @@ -899,7 +904,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i } } } - + if(i & 0x80) { ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); asn1_tlc_clear(ctx); diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index c4a849aff1..9f28daf781 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -198,7 +198,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) a=key->algor; if (ret->type == EVP_PKEY_DSA) { - if (a->parameter->type == V_ASN1_SEQUENCE) + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ret->pkey.dsa->write_params=0; cp=p=a->parameter->value.sequence->data; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 739cef1cb7..58cf7b5c76 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -229,6 +229,7 @@ DH *DSA_dup_DH(const DSA *r); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_DSA_strings(void); /* Error codes for the DSA functions. */ @@ -250,9 +251,9 @@ DH *DSA_dup_DH(const DSA *r); /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_MISSING_PARAMETERS 101 #ifdef __cplusplus } #endif #endif - diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 9f28db69ed..2956c36d63 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -86,6 +86,7 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, {0,NULL} }; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 7346817337..f91a3a9959 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -106,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -168,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -225,6 +235,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BIGNUM u1,u2,t1; BN_MONT_CTX *mont=NULL; int ret = -1; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + return -1; + } if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); -- GitLab