[openssl] master update

nic.tuv at gmail.com nic.tuv at gmail.com
Sat Sep 7 12:39:00 UTC 2019 

The branch master has been updated
       via  a1a0e6f28580d6a79762188128e23cca559993a8 (commit)
       via  5041ea38c96c9c8d7fc207a7fd25969f167f0f76 (commit)
      from  e97bab6929bbbc5b8364b25ca2ef4fcb02dd6e2a (commit)


- Log -----------------------------------------------------------------
commit a1a0e6f28580d6a79762188128e23cca559993a8
Author: Billy Brumley <bbrumley at gmail.com>
Date:   Fri Sep 6 17:26:40 2019 +0300

    CHANGES entry: for ECC parameters with NULL or zero cofactor, compute it
    
    This is a forward port from https://github.com/openssl/openssl/pull/9781
    of the CHANGES entry for the functionality added in
    https://github.com/openssl/openssl/pull/9727
    
    (cherry picked from commit 4b965086cb56c24cb5d2197fc04869b95f209a11)
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9797)

commit 5041ea38c96c9c8d7fc207a7fd25969f167f0f76
Author: Billy Brumley <bbrumley at gmail.com>
Date:   Fri Sep 6 17:26:08 2019 +0300

    [test] computing ECC cofactors: regression test
    
    This is a forward port from
        https://github.com/openssl/openssl/pull/9781
    for the test logic introduced by
        https://github.com/openssl/openssl/pull/9727
    
    As @mattcaswell commented
    (https://github.com/openssl/openssl/pull/9781#discussion_r321621541):
    
    > These `TEST_true` calls should be `!TEST_false` because we are
    > *expecting* a failure.
    > The difference is that the test framework will print error details if
    > the test doesn't give the expected answer.
    > So by using `TEST_true` instead of `!TEST_false` we'll get error
    > details printed, but the test will succeed anyway.
    
    (cherry picked from commit e8aafc891d9bd7fa1cce0401d858ef842f09b49e)
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9797)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES       |  7 +++++++
 test/ectest.c | 10 +++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 369b32756c..9599c64545 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,13 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+     this change, EC_GROUP_set_generator would accept order and/or cofactor as
+     NULL. After this change, only the cofactor parameter can be NULL. It also
+     does some minimal sanity checks on the passed order.
+     (CVE-2019-1547)
+     [Billy Bob Brumley]
+
   *) Early start up entropy quality from the DEVRANDOM seed source has been
      improved for older Linux systems.  The RAND subsystem will wait for
      /dev/random to be producing output before seeding from /dev/urandom.
diff --git a/test/ectest.c b/test/ectest.c
index 2cbbd4e340..b51a3b1207 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1914,19 +1914,19 @@ static int cardinality_test(int n)
         /* negative test for invalid cofactor */
         || !TEST_true(BN_set_word(g2_cf, 0))
         || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
-        || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
+        || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, g2_cf))
         /* negative test for NULL order */
-        || TEST_true(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
+        || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, NULL, NULL))
         /* negative test for zero order */
         || !TEST_true(BN_set_word(g1_order, 0))
-        || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+        || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
         /* negative test for negative order */
         || !TEST_true(BN_set_word(g2_cf, 0))
         || !TEST_true(BN_sub(g2_cf, g2_cf, BN_value_one()))
-        || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
+        || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL))
         /* negative test for too large order */
         || !TEST_true(BN_lshift(g1_order, g1_p, 2))
-        || TEST_true(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
+        || !TEST_false(EC_GROUP_set_generator(g2, g2_gen, g1_order, NULL)))
         goto err;
     ret = 1;
  err:

More information about the openssl-commits mailing list