[openssl] master update
nic.tuv at gmail.com
nic.tuv at gmail.com
Mon Aug 30 12:24:12 UTC 2021
The branch master has been updated
via 78082769fa8129e3453ee4cb2255feb259846646 (commit)
via 7aa3dfc42104588f65301d20324388ac2c9a6b11 (commit)
via cca8a4cedaafe63b0b5729b72133661ece24ff08 (commit)
via ea1128e94e36fa9fa25278dc6b3f5b42d8735782 (commit)
from e8e1f6d1a9e599d575431f559200018b8f822e0f (commit)
- Log -----------------------------------------------------------------
commit 78082769fa8129e3453ee4cb2255feb259846646
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: Sat Aug 21 04:04:51 2021 +0300
Use applink to fix windows tests
(readapted from 5c69c66a6972f84d56160c9ea4b30bab8fc2d3d4 by @bernd-edlinger)
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
commit 7aa3dfc42104588f65301d20324388ac2c9a6b11
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: Thu Jul 16 03:23:26 2020 +0300
[ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
Some curves don't have an associated OID: for those we should not
default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
This is a follow-up to https://github.com/openssl/openssl/pull/12312
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
commit cca8a4cedaafe63b0b5729b72133661ece24ff08
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: Thu Jul 16 02:02:16 2020 +0300
Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
This commit fixes the public headers to reflect these changes.
Fixes #12443
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date: Thu Jul 16 01:57:09 2020 +0300
Add tests for i2d_TYPE_fp and d2i_TYPE_fp
These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.
@@ Note: This commit limits to ECPKParameters as a type.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_asn1.c | 2 +-
crypto/ec/ec_curve.c | 37 +++++++++++++++++++++++++++++++++++++
include/openssl/ec.h | 6 +++---
test/build.info | 7 ++++++-
test/ec_internal_test.c | 43 +++++++++++++++++++++++++++++++++++++++++++
5 files changed, 90 insertions(+), 5 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index b3a791eb64..31519137c6 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -485,7 +485,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
ECPARAMETERS_free(ret->value.parameters);
}
- if (EC_GROUP_get_asn1_flag(group)) {
+ if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
/*
* use the asn1 OID to describe the elliptic curve parameters
*/
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 6f1435c69f..b5b2f3342d 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3223,6 +3223,43 @@ static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx,
goto err;
}
}
+
+#ifndef FIPS_MODULE
+ if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
+ /*
+ * Some curves don't have an associated OID: for those we should not
+ * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and
+ * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
+ *
+ * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on
+ * `EC_GROUP_new()`, when we don't have enough elements to determine if
+ * an OID for the curve name actually exists.
+ * We could implement this check on `EC_GROUP_set_curve_name()` but
+ * overloading the simple setter with this lookup could have a negative
+ * performance impact and unexpected consequences.
+ */
+ ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid);
+
+ if (asn1obj == NULL) {
+ ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB);
+ goto err;
+ }
+ if (OBJ_length(asn1obj) == 0)
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
+
+ ASN1_OBJECT_free(asn1obj);
+ }
+#else
+ /*
+ * Inside the FIPS module we do not support explicit curves anyway
+ * so the above check is not necessary.
+ *
+ * Skipping it is also necessary because `OBJ_length()` and
+ * `ASN1_OBJECT_free()` are not available within the FIPS module
+ * boundaries.
+ */
+#endif
+
ok = 1;
err:
if (!ok) {
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 8b1abcebb7..f59b4f9288 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -915,10 +915,10 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
# define i2d_ECPKParameters_bio(bp,x) \
ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x)
# define d2i_ECPKParameters_fp(fp,x) \
- (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \
- (unsigned char **)(x))
+ (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \
+ (void **)(x))
# define i2d_ECPKParameters_fp(fp,x) \
- ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x))
+ ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x))
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x,
diff --git a/test/build.info b/test/build.info
index dab5af4ebe..2e209b45c7 100644
--- a/test/build.info
+++ b/test/build.info
@@ -12,6 +12,11 @@ ENDIF
IF[{- $config{target} =~ /^vms-/ -}]
$AUXLIBAPPSSRC=../apps/lib/vms_term_sock.c ../apps/lib/vms_decc_argv.c
ENDIF
+# Program init source, that don't have direct linkage with the rest of the
+# source, and can therefore not be part of a library.
+IF[{- !$disabled{uplink} -}]
+ $INITSRC=../ms/applink.c
+ENDIF
$LIBAPPSSRC=../apps/lib/opt.c $AUXLIBAPPSSRC
IF[{- !$disabled{tests} -}]
@@ -712,7 +717,7 @@ IF[{- !$disabled{tests} -}]
INCLUDE[rc5test]=../include ../apps/include
DEPEND[rc5test]=../libcrypto.a libtestutil.a
- SOURCE[ec_internal_test]=ec_internal_test.c
+ SOURCE[ec_internal_test]=ec_internal_test.c $INITSRC
INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include
DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index e0e6a859cb..57092942a1 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -359,6 +359,47 @@ static int decoded_flag_test(void)
return testresult;
}
+static
+int ecpkparams_i2d2i_test(int n)
+{
+ EC_GROUP *g1 = NULL, *g2 = NULL;
+ FILE *fp = NULL;
+ int nid = curves[n].nid;
+ int testresult = 0;
+
+ /* create group */
+ if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)))
+ goto end;
+
+ /* encode params to file */
+ if (!TEST_ptr(fp = fopen("params.der", "wb"))
+ || !TEST_true(i2d_ECPKParameters_fp(fp, g1)))
+ goto end;
+
+ /* flush and close file */
+ if (!TEST_int_eq(fclose(fp), 0)) {
+ fp = NULL;
+ goto end;
+ }
+ fp = NULL;
+
+ /* decode params from file */
+ if (!TEST_ptr(fp = fopen("params.der", "rb"))
+ || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL)))
+ goto end;
+
+ testresult = 1; /* PASS */
+
+end:
+ if (fp != NULL)
+ fclose(fp);
+
+ EC_GROUP_free(g1);
+ EC_GROUP_free(g2);
+
+ return testresult;
+}
+
int setup_tests(void)
{
crv_len = EC_get_builtin_curves(NULL, 0);
@@ -376,6 +417,8 @@ int setup_tests(void)
ADD_TEST(underflow_test);
#endif
ADD_TEST(decoded_flag_test);
+ ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len);
+
return 1;
}
More information about the openssl-commits
mailing list