summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa/dsa_ameth.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Error check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()tb2024-04-131-4/+8
| | | | | | | | | | These are four versions of near identical code: PKCS#7 and CMS controls for DSA and EC. The checks are rather incomplete and should probably be merged somehow (see the Ed25519 version in ecx_methods(). For now, only replace X509_ALGOR_set0() with its internal by_nid() version and, while there, spell NULL correctly. ok jca
* Unwrap a line for consistency with other copy-pasted versionstb2024-04-131-3/+2
|
* Replace .pkey_base_id with a .base_method pointertb2024-01-041-6/+6
| | | | | | | | | | | | | | | | Every EVP_PKEY_ASN1_METHOD is either an ASN.1 method or an alias. As such it resolves to an underlying ASN.1 method (in one step). This information can be stored in a base_method pointer in allusion to the pkey_base_id, which is the name for the nid (aka pkey_id aka type) of the underlying method. For an ASN.1 method, the base method is itself, so the base method is set as a pointer to itself. For an alias it is of course a pointer to the underlying method. Then obviously ameth->pkey_base_id is the same as ameth->base_method->pkey_id, so rework all ASN.1 methods to follow that. ok jsing
* Split ameth arrays into individual methodstb2024-01-041-61/+57
| | | | | | | | | | | | For some reason DSA, GOST, and RSA had their ASN.1 methods stored in an array. This is clumsy and the only benefit is that one saves a few externs in p_lib.c. They were also arranged by ascending NID because of bsearch() madness. Split them up and arrange the methods by name, which is much saner and simpler. ok jsing
* Drop silly int_ prefix from _free() and _size()tb2023-08-121-5/+5
|
* Free {priv,pub}_key before assigning to ittb2023-08-121-1/+4
| | | | | | | | While it isn't the case for the default implementations, custom DH and DSA methods could conceivably populate private and public keys, which in turn would result in leaks in the pub/priv decode methods. ok jsing
* Readability tweak for key parameters in DSAtb2023-08-121-2/+2
| | | | ok jsing
* Simplify and unify missing_parameters() for DH and DSAtb2023-08-121-6/+3
| | | | ok jsing
* Improve variable names in {dh,dsa}_{pub,priv}_{de,en}code()tb2023-08-111-57/+57
| | | | | | | | Use aint for the ASN1_INTEGER holding the key and astr for the ASN1_STRING holding the parameters. This frees up key and params for their DER encoded versions, matching the naming we use elsewhere much more closely. ok jsing
* Use params{,_len} in {dh,dsa}_params_{en,de}code()tb2023-08-111-5/+5
|
* Use key/key_len in old_dsa_priv_{en,de}code()tb2023-08-111-5/+5
| | | | ok jsing
* Add back an empty line that I didn't really want to removetb2023-08-111-1/+2
|
* Align dh and dsa decoding functions with encodingtb2023-08-111-79/+94
| | | | | | | | | This adds some missing error checks and fixes and unifies error codes which were (as usual) all over the place or just plain nonsense. Use an auxiliary variable for d2i invocations even though it is not really needed here. ok jsing
* Convert {dh,dsa}_{pub,priv}_encode() to single exittb2023-08-101-42/+47
| | | | | | | Use the same variable names throughout these functions and unify them some more. ok jsing
* Clean up {dh,dsa}_pub_encode()tb2023-08-101-19/+26
| | | | | | | This brings these two messy functions into more usual shape. There is a lot more that can be done in here. It is a step in the right direction. ok jsing
* Various fixes in {dh,dsa}_priv_encode()tb2023-08-101-19/+24
| | | | | | | | | | Avoid creating an ASN1_STRING with negative length, set type, data and length via ASN1_STRING_type_new() and ASN1_STRING_set0() instead of doing this manually. Check return value for i2d_ASN1_INTEGER() and use an intermediate ASN1_OBJECT instead of nested function calls. Finally, clear sensitive data with freezero(). ok jsing
* Mop up remaining uses of ASN1_bn_print()tb2023-07-071-48/+13
| | | | | | | This removes lots of silly buffers and will allow us to make this API go away. ok jsing
* Simplify the consistency checks in old_dsa_priv_decode()tb2023-03-041-24/+13
| | | | | | | | We have long had expensive checks for DSA domain parameters in old_dsa_priv_decode(). These were implemented in a more complicated way than necesary. ok beck jsing
* Small readability tweak in old_dsa_priv_decode()tb2023-03-041-3/+3
| | | | | | Explicitly check against NULL and turn early return into goto err. ok beck jsing
* Add dsa_check_key() calls on DSA decodingtb2023-03-041-18/+17
| | | | | | | | | | | | When decoding a public or a private key, use dsa_check_key() to ensure consistency of the DSA parameters. We do not always have sufficient information to do that, so this is not always possible. This adds new checks and replaces incomplete existing ones. On decoding the private key we will now only calculate the corresponding public key, if the sizes are sensible. This avoids potentially expensive operations. ok beck jsing
* Clean up and simplify BIGNUM handling in DSA code.jsing2023-01-111-11/+22
| | | | | | | | | | | This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls BN_free() instead of BN_clear_free() (which does the same thing). Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the BN_CTX that is already available. ok tb@
* Make internal header file names consistenttb2022-11-261-5/+5
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Prepare to provide EVP_PKEY_security_bits()tb2022-06-271-1/+8
| | | | | | | This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
* KNF nitstb2022-05-071-7/+7
|
* Avoid infinite loop on parsing DSA private keystb2022-04-071-3/+24
| | | | | | | | | | | | | | DSA private keys with ill-chosen g could cause an infinite loop on deserializing. Add a few sanity checks that ensure that g is according to the FIPS 186-4: check 1 < g < p and g^q == 1 (mod p). This is enough to ascertain that g is a generator of a multiplicative group of order q once we know that q is prime (which is checked a bit later). Issue reported with reproducers by Hanno Boeck. Additional variants and analysis by David Benjamin. ok beck jsing
* Remove accidentally committed debug code.tb2022-02-241-3/+1
|
* Add sanity checks on p and q in old_dsa_priv_decode()tb2022-02-241-1/+15
| | | | | | | | | | | | | | | | | | dsa_do_verify() has checks on dsa->p and dsa->q that ensure that p isn't overly long and that q has one of the three allowed lengths specified in FIPS 186-3, namely 160, 224, or 256. Do these checks on deserialization of DSA keys without parameters. This means that we will now reject keys we would previously deserialize. Such keys are useless in that signatures generated by them would be rejected by both LibreSSL and OpenSSL. This avoids a timeout flagged in oss-fuzz #26899 due to a ridiculous DSA key whose q has size 65KiB. The timeout comes from additional checks on DSA keys added by miod in dsa_ameth.c r1.18, especially checking such a humungous number for primality is expensive. ok jsing
* Minor cleanup and simplification in dsa_pub_encode()tb2022-01-151-15/+8
| | | | | | | | | This function has a weird dance of allocating an ASN1_STRING in an inner scope and assigning it to a void pointer in an outer scope for passing it to X509_PUBKEY_set0_param() and ASN1_STRING_free() on error. This can be simplified and streamlined. ok inoguchi
* Simplify DSAPublicKey_ittb2022-01-141-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | This was obtained by porting the OpenSSL commit below and then using expand_crypto_asn1.go to unroll the new ASN.1 macros - actually the ones from 987157f6f63 which fixed the omission of dsa_cb() in the first commit. ok inoguchi jsing commit ea6b07b54c1f8fc2275a121cdda071e2df7bd6c1 Author: Dr. Stephen Henson <steve@openssl.org> Date: Thu Mar 26 14:35:49 2015 +0000 Simplify DSA public key handling. DSA public keys could exist in two forms: a single Integer type or a SEQUENCE containing the parameters and public key with a field called "write_params" deciding which form to use. These forms are non standard and were only used by functions containing "DSAPublicKey" in the name. Simplify code to only use the parameter form and encode the public key component directly in the DSA public key method. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Prepare the move of DSA_SIG, DSA_METHOD and DSA to dsa_locl.h bytb2022-01-071-1/+2
| | | | | | including the local header where it will be needed. discussed with jsing
* Include evp_locl.h where it will be needed once most structs fromtb2021-12-121-1/+2
| | | | | | evp.h will be moved to evp_locl.h in an upcoming bump. ok inoguchi
* Add DSA CMS support.jsing2019-11-011-1/+25
| | | | | | From OpenSSL 1.1.1d. ok tb@
* Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.tb2019-01-201-3/+3
| | | | | | | From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* Add consts to EVP_PKEY_asn1_set_private()tb2018-08-241-2/+2
| | | | | | | | | Requires adding a const to the priv_decode() member of EVP_PKEY_ASN1_METHOD and adjusting all *_priv_decode() functions. All this is already documented this way. tested in a bulk build by sthen ok jsing
* After removing support for broken PKCS#8 formats (it was high time),tb2018-08-241-2/+2
| | | | | | | | we can add const to PKCS8_pkey_get0(). In order for this to work, we need to sprinkle a few consts here and there. tested in a bulk by sthen ok jsing
* Convert a handful of X509_*() functions to take const as in OpenSSL.tb2018-05-011-5/+5
| | | | | tested in a bulk by sthen ok jsing
* Send the function codes from the error functions to the bit bucket,beck2017-01-291-23/+23
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
* Split out BN_div and BN_mod into ct and nonct versions for Internal use.beck2017-01-211-2/+2
| | | | ok jsing@
* Make explicit _ct and _nonct versions of bn_mod_exp funcitons thatbeck2017-01-211-3/+3
| | | | | | | | | | | | matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
* unifdef OPENSSL_NO_CMSjsing2016-10-191-24/+1
|
* Remove support for ancient, broken DSA implementations.doug2016-03-011-60/+20
| | | | | | | | | | | | | | | Based on a few OpenSSL commits: Remove ancient DSA workarounds commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed Remove workaround for broken DSA implementations using negative integers commit dfb10af92e9663ce4eefaa1d6b678817fa85344d Typo in error name (EVP_R_DECODE_ERROR -> DSA_R_DECODE_ERROR) commit f6fb7f1856d443185c23f1a5968c08b4269dd37d ok beck@
* When loading a DSA key from an raw (without DH parameters) ASN.1 serialization,miod2015-09-101-2/+48
| | | | | | | | | | | | | perform some consistency checks on its `p' and `q' values, and return an error if the checks failed. Thanks for Georgi Guninski (guninski at guninski dot com) for mentioning the possibility of a weak (non prime) q value and providing a test case. See https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html for a longer discussion. ok bcook@ beck@
* Coverity CID 21733 (unchecked allocation), 78823 (leak on error).miod2015-02-141-1/+6
| | | | ok doug@ jsing@
* Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.beck2015-02-111-1/+24
|
* get rid of OPENSSL_NO_CMS code we do not use.beck2015-02-111-24/+1
| | | | ok miod@
* dsa_priv_decode(): only destroy the object we've created, and with themiod2014-07-131-3/+5
| | | | | | appropriate function. Checking for privkey != NULL is not enough since privkey points to a member of ndsa if ndsa != NULL. dsa_priv_encode(): possible double free in error path.
* if (x) FOO_free(x) -> FOO_free(x).miod2014-07-121-11/+7
| | | | | | | Improves readability, keeps the code smaller so that it is warmer in your cache. review & ok deraadt@
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-4/+6
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+4
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* ASN1_STRING_free can handle NULL, so callers don't need to check. ok miodtedu2014-07-091-7/+4
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 04:03:33 +0000