[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Feb 19 19:07:19 UTC 2016
The branch master has been updated
via dfb10af92e9663ce4eefaa1d6b678817fa85344d (commit)
via ab4a81f69ec88d06c9d8de15326b9296d7f498ed (commit)
from aa474d1fb172aabb29dad04cb6aaeca601a4378c (commit)
- Log -----------------------------------------------------------------
commit dfb10af92e9663ce4eefaa1d6b678817fa85344d
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Feb 18 13:18:48 2016 +0000
Remove DSA negative integer workaround code.
Remove DSA private key code which tolerates broken implementations which
use negative integers.
Reviewed-by: Emilia Käsper <emilia at openssl.org>
commit ab4a81f69ec88d06c9d8de15326b9296d7f498ed
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Thu Feb 18 13:09:24 2016 +0000
Remove broken DSA private key workarounds.
Remove old code that handled various invalid DSA formats in ancient
software.
This also fixes a double free bug when parsing malformed DSA private keys.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
CVE-2016-0705
Reviewed-by: Emilia Käsper <emilia at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ameth.c | 61 +++++++++-----------------------------------------
1 file changed, 11 insertions(+), 50 deletions(-)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index e76da93..5c45078 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -192,53 +192,18 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
ASN1_INTEGER *privkey = NULL;
BN_CTX *ctx = NULL;
- STACK_OF(ASN1_TYPE) *ndsa = NULL;
DSA *dsa = NULL;
+ int ret = 0;
+
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
- /* Check for broken DSA PKCS#8, UGH! */
- if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
- ASN1_TYPE *t1, *t2;
- if ((ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)) == NULL)
- goto decerr;
- if (sk_ASN1_TYPE_num(ndsa) != 2)
- goto decerr;
- /*-
- * Handle Two broken types:
- * SEQUENCE {parameters, priv_key}
- * SEQUENCE {pub_key, priv_key}
- */
-
- t1 = sk_ASN1_TYPE_value(ndsa, 0);
- t2 = sk_ASN1_TYPE_value(ndsa, 1);
- if (t1->type == V_ASN1_SEQUENCE) {
- p8->broken = PKCS8_EMBEDDED_PARAM;
- pval = t1->value.ptr;
- } else if (ptype == V_ASN1_SEQUENCE)
- p8->broken = PKCS8_NS_DB;
- else
- goto decerr;
-
- if (t2->type != V_ASN1_INTEGER)
- goto decerr;
-
- privkey = t2->value.integer;
- } else {
- const unsigned char *q = p;
- if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
- goto decerr;
- if (privkey->type == V_ASN1_NEG_INTEGER) {
- p8->broken = PKCS8_NEG_PRIVKEY;
- ASN1_STRING_clear_free(privkey);
- if ((privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)) == NULL)
- goto decerr;
- }
- if (ptype != V_ASN1_SEQUENCE)
- goto decerr;
- }
+ if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+ goto decerr;
+ if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+ goto decerr;
pstr = pval;
pm = pstr->data;
@@ -267,22 +232,18 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
}
EVP_PKEY_assign_DSA(pkey, dsa);
- BN_CTX_free(ctx);
- if (ndsa)
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- else
- ASN1_STRING_clear_free(privkey);
- return 1;
+ ret = 1;
+ goto done;
decerr:
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
dsaerr:
+ DSA_free(dsa);
+ done:
BN_CTX_free(ctx);
ASN1_STRING_clear_free(privkey);
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- DSA_free(dsa);
- return 0;
+ return ret;
}
static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
More information about the openssl-commits
mailing list