diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2010-12-02 22:36:51 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2010-12-02 22:36:51 +0000 |
| commit | fd3744ddb062b70bb370acec340acbac23f0bd98 (patch) | |
| tree | b5613f06a47ca8522264b520b04a27a5fa0ff300 /crypto | |
| parent | f2c43d19b91f8847c1dfd87721254b44f963d9a2 (diff) | |
| download | src-fd3744ddb062b70bb370acec340acbac23f0bd98.tar.gz src-fd3744ddb062b70bb370acec340acbac23f0bd98.zip | |
Notes
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/p_sign.c | 2 | ||||
| -rw-r--r-- | crypto/evp/p_verify.c | 2 | ||||
| -rw-r--r-- | crypto/jpake/jpake.c | 36 | ||||
| -rw-r--r-- | crypto/jpake/jpake.h | 2 | ||||
| -rw-r--r-- | crypto/jpake/jpake_err.c | 4 | ||||
| -rw-r--r-- | crypto/opensslv.h | 6 | ||||
| -rw-r--r-- | crypto/stack/safestack.h | 2 |
7 files changed, 44 insertions, 10 deletions
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index bf41a0db68ad..782d14055a43 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; for (i=0; i<4; i++) diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 2d46dffe7e1a..072c127951dc 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; for (i=0; i<4; i++) { diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 577b7ef375cd..9736f89854cc 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -283,23 +283,53 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) return 1; } +/* g^x is a legal value */ +static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx) + { + BIGNUM *t; + int res; + + if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0) + return 0; + + t = BN_new(); + BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx); + res = BN_is_one(t); + BN_free(t); + + return res; + } + int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) { - /* verify their ZKP(xc) */ + if(!is_legal(received->p1.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL); + return 0; + } + + if(!is_legal(received->p2.gx, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL); + return 0; + } + + + /* verify their ZKP(xc) */ if(!verify_zkp(&received->p1, ctx->p.g, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); return 0; } - /* verify their ZKP(xd) */ + /* verify their ZKP(xd) */ if(!verify_zkp(&received->p2, ctx->p.g, ctx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); return 0; } - /* g^xd != 1 */ + /* g^xd != 1 */ if(BN_is_one(received->p2.gx)) { JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h index 693ea188cb82..fd143b4d9bdd 100644 --- a/crypto/jpake/jpake.h +++ b/crypto/jpake/jpake.h @@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void); #define JPAKE_F_VERIFY_ZKP 100 /* Reason codes. */ +#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108 +#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109 #define JPAKE_R_G_TO_THE_X4_IS_ONE 105 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 #define JPAKE_R_HASH_OF_KEY_MISMATCH 107 diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c index 1b9506796799..a9a9dee75c14 100644 --- a/crypto/jpake/jpake_err.c +++ b/crypto/jpake/jpake_err.c @@ -1,6 +1,6 @@ /* crypto/jpake/jpake_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]= static ERR_STRING_DATA JPAKE_str_reasons[]= { +{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"}, +{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"}, {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, diff --git a/crypto/opensslv.h b/crypto/opensslv.h index a560e201438b..0da91c26dd4e 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090810f +#define OPENSSL_VERSION_NUMBER 0x0090811f #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p-fips 16 Nov 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q-fips 2 Dec 2010" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p 16 Nov 2010" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8q 2 Dec 2010" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 78cc485e6d14..b59c6409e4a5 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -127,7 +127,7 @@ STACK_OF(type) \ sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \ + (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ |