Fix ASN1 bug when decoding OTHER type.
Various S/MIME DSA related fixes.
diff --git a/CHANGES b/CHANGES
index 1efb592..c11d25b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,16 @@
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+ +) Fix various bugs related to DSA S/MIME verification. Handle missing
+ parameters in DSA public key structures and return an error in the
+ DSA routines if parameters are absent.
+ [Steve Henson]
+
+ +) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+ needs to match any other type at all we need to manually clear the
+ tag cache.
+ [Steve Henson]
+
+) Changes to the "openssl engine" utility to include;
- verbosity levels ('-v', '-vv', and '-vvv') that provide information
about an ENGINE's available control commands.
@@ -88,6 +98,7 @@
that they do not hold after the first thread unsets add_do_not_lock).
[Bodo Moeller]
+>>>>>>> 1.823
+) Implement binary inversion algorithm for BN_mod_inverse in addition
to the algorithm using long divison. The binary algorithm can be
used only if the modulus is odd. On 32-bit systems, it is faster
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 7237f7e..bd0a7d5 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -611,8 +611,13 @@
} else if(ret == -1) return -1;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+ /* Clear context cache for type OTHER because the auto clear when
+ * we have a exact match wont work
+ */
+ if(utype == V_ASN1_OTHER) {
+ asn1_tlc_clear(ctx);
/* SEQUENCE and SET must be constructed */
- if((utype != V_ASN1_OTHER) && !cst) {
+ } else if(!cst) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
return 0;
}
@@ -899,7 +904,7 @@
}
}
}
-
+
if(i & 0x80) {
ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
asn1_tlc_clear(ctx);
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index c4a849a..9f28daf 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -198,7 +198,7 @@
a=key->algor;
if (ret->type == EVP_PKEY_DSA)
{
- if (a->parameter->type == V_ASN1_SEQUENCE)
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
{
ret->pkey.dsa->write_params=0;
cp=p=a->parameter->value.sequence->data;
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 739cef1..58cf7b5 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -229,6 +229,7 @@
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+void ERR_load_DSA_strings(void);
/* Error codes for the DSA functions. */
@@ -250,9 +251,9 @@
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
+#define DSA_R_MISSING_PARAMETERS 101
#ifdef __cplusplus
}
#endif
#endif
-
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 9f28db6..2956c36 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -86,6 +86,7 @@
static ERR_STRING_DATA DSA_str_reasons[]=
{
{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
+{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
{0,NULL}
};
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 7346817..f91a3a9 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -106,6 +106,11 @@
int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ reason=DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
BN_init(&m);
BN_init(&xr);
s=BN_new();
@@ -168,6 +173,11 @@
BIGNUM k,*kinv=NULL,*r=NULL;
int ret=0;
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
if (ctx_in == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -225,6 +235,11 @@
BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
int ret = -1;
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&u1);
