[openssl] OpenSSL_1_1_1-stable update

nic.tuv at gmail.com nic.tuv at gmail.com
Tue Aug 31 22:19:09 UTC 2021


The branch OpenSSL_1_1_1-stable has been updated
       via  a9972440d26e482cec9d7a8c4c0063baa20d9eac (commit)
       via  f397efb0b999af6a54bc192ce8551e76c79ff245 (commit)
       via  45487dba0fb8c36fe390fa8131204403c00c01fc (commit)
       via  3d97638062595efb23b32f9150c38d60db89de7f (commit)
      from  f661c76a9e27a87f4bbbed135faf89a3fccac75f (commit)


- Log -----------------------------------------------------------------
commit a9972440d26e482cec9d7a8c4c0063baa20d9eac
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Fri Aug 20 20:42:55 2021 +0200

    Use applink to fix windows tests
    
    (cherry picked from commit <https://github.com/bernd-edlinger/openssl/commit/96a463cede0070aa5c86629d683a214657a9ba9e>)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/12457)

commit f397efb0b999af6a54bc192ce8551e76c79ff245
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Jul 16 03:23:26 2020 +0300

    [ec] Do not default to OPENSSL_EC_NAMED_CURVE for curves without OID
    
    Some curves don't have an associated OID: for those we should not
    default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and instead
    set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
    
    This is a follow-up to https://github.com/openssl/openssl/pull/12312
    
    (cherry picked from commit 7aa3dfc42104588f65301d20324388ac2c9a6b11)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12457)

commit 45487dba0fb8c36fe390fa8131204403c00c01fc
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Jul 16 02:02:16 2020 +0300

    Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros
    
    These functions are part of the public API but we don't have tests
    covering their usage.
    They are actually implemented as macros and the absence of tests has
    caused them to fall out-of-sync with the latest changes to ASN1 related
    functions and cause compilation warnings.
    
    This commit fixes the public headers to reflect these changes.
    
    Fixes #12443
    
    (cherry picked from commit cca8a4cedaafe63b0b5729b72133661ece24ff08)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12457)

commit 3d97638062595efb23b32f9150c38d60db89de7f
Author: Nicola Tuveri <nic.tuv at gmail.com>
Date:   Thu Jul 16 01:57:09 2020 +0300

    Add tests for i2d_TYPE_fp and d2i_TYPE_fp
    
    These functions are part of the public API but we don't have tests
    covering their usage.
    They are actually implemented as macros and the absence of tests has
    caused them to fall out-of-sync with the latest changes to ASN1 related
    functions and cause compilation warnings.
    
    @@ Note: This commit limits to ECPKParameters as a type.
    
    (cherry picked from commit ea1128e94e36fa9fa25278dc6b3f5b42d8735782)
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12457)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_asn1.c     |  2 +-
 crypto/ec/ec_curve.c    | 27 +++++++++++++++++++++++++++
 include/openssl/ec.h    | 15 +++++++++------
 test/build.info         |  4 +++-
 test/ec_internal_test.c | 43 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 83 insertions(+), 8 deletions(-)

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index c8ee1e6f17..4335b3da1a 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -548,7 +548,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
             ECPARAMETERS_free(ret->value.parameters);
     }
 
-    if (EC_GROUP_get_asn1_flag(group)) {
+    if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
         /*
          * use the asn1 OID to describe the elliptic curve parameters
          */
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 8de486cbd7..dfe5263f59 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -12,6 +12,7 @@
 #include "ec_local.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
+#include <openssl/objects.h>
 #include <openssl/opensslconf.h>
 #include "internal/nelem.h"
 
@@ -3097,6 +3098,32 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
             goto err;
         }
     }
+
+    if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
+        /*
+         * Some curves don't have an associated OID: for those we should not
+         * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and
+         * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
+         *
+         * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on
+         * `EC_GROUP_new()`, when we don't have enough elements to determine if
+         * an OID for the curve name actually exists.
+         * We could implement this check on `EC_GROUP_set_curve_name()` but
+         * overloading the simple setter with this lookup could have a negative
+         * performance impact and unexpected consequences.
+         */
+        ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid);
+
+        if (asn1obj == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_OBJ_LIB);
+            goto err;
+        }
+        if (OBJ_length(asn1obj) == 0)
+            EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
+
+        ASN1_OBJECT_free(asn1obj);
+    }
+
     ok = 1;
  err:
     if (!ok) {
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 44cc139966..a9f77b245f 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -793,12 +793,15 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
 EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
 int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
 
-# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-                (unsigned char *)(x))
+# define d2i_ECPKParameters_bio(bp,x) \
+    ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x)
+# define i2d_ECPKParameters_bio(bp,x) \
+    ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x)
+# define d2i_ECPKParameters_fp(fp,x) \
+    (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \
+                            (void **)(x))
+# define i2d_ECPKParameters_fp(fp,x) \
+    ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x))
 
 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
 # ifndef OPENSSL_NO_STDIO
diff --git a/test/build.info b/test/build.info
index bc3dae81f9..6357a7f2fe 100644
--- a/test/build.info
+++ b/test/build.info
@@ -515,7 +515,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
     INCLUDE[sm4_internal_test]=.. ../include
     DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
 
-    SOURCE[ec_internal_test]=ec_internal_test.c
+    SOURCE[ec_internal_test]=ec_internal_test.c \
+                             {- rebase_files("../apps",
+                                  split(/\s+/, $target{apps_init_src})) -}
     INCLUDE[ec_internal_test]=../include ../crypto/ec
     DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
 
diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c
index 5b708e201c..7ca408b3c2 100644
--- a/test/ec_internal_test.c
+++ b/test/ec_internal_test.c
@@ -283,6 +283,47 @@ static int decoded_flag_test(void)
     return testresult;
 }
 
+static
+int ecpkparams_i2d2i_test(int n)
+{
+    EC_GROUP *g1 = NULL, *g2 = NULL;
+    FILE *fp = NULL;
+    int nid = curves[n].nid;
+    int testresult = 0;
+
+    /* create group */
+    if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)))
+        goto end;
+
+    /* encode params to file */
+    if (!TEST_ptr(fp = fopen("params.der", "wb"))
+            || !TEST_true(i2d_ECPKParameters_fp(fp, g1)))
+        goto end;
+
+    /* flush and close file */
+    if (!TEST_int_eq(fclose(fp), 0)) {
+        fp = NULL;
+        goto end;
+    }
+    fp = NULL;
+
+    /* decode params from file */
+    if (!TEST_ptr(fp = fopen("params.der", "rb"))
+            || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL)))
+        goto end;
+
+    testresult = 1; /* PASS */
+
+end:
+    if (fp != NULL)
+        fclose(fp);
+
+    EC_GROUP_free(g1);
+    EC_GROUP_free(g2);
+
+    return testresult;
+}
+
 int setup_tests(void)
 {
     crv_len = EC_get_builtin_curves(NULL, 0);
@@ -297,6 +338,8 @@ int setup_tests(void)
 #endif
     ADD_ALL_TESTS(field_tests_default, crv_len);
     ADD_TEST(decoded_flag_test);
+    ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len);
+
     return 1;
 }
 


More information about the openssl-commits mailing list