mars_nwe/mars-matrixssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

3.8.6

Browse Source
This commit is contained in:
J Harper
2016-10-10 21:59:05 +01:00
parent aa4ef719cc
commit b8dcfd8759
97 changed files with 6724 additions and 3137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/pubkey/dh.c
View File

@@ -315,10 +315,12 @@ int32_t psDhGenKeyInts(psPool_t *pool, uint16_t keysize,
if (key == NULL) {
return PS_ARG_FAIL;
}
/* Detect parameters with too small g. */
if (pstm_count_bits(g) < 2) {
return PS_ARG_FAIL;
}
privsize = keysize;
#ifndef USE_LARGE_DH_PRIVATE_KEYS
/*
@@ -433,6 +435,7 @@ int32_t psDhGenSharedSecret(psPool_t *pool,
if ((err = pstm_read_unsigned_bin(&p, pBin, pBinLen)) != PS_SUCCESS) {
goto error;
}
/* Check key->pub is within correct range 2 <= pub < p - 1. */
if (pstm_count_bits(&pubKey->pub) < 2) {
err = PS_FAILURE;
@@ -445,6 +448,7 @@ int32_t psDhGenSharedSecret(psPool_t *pool,
err = PS_FAILURE;
goto error;
}
if ((err = pstm_exptmod(pool, &pubKey->pub, &privKey->priv, &p,
&tmp)) != PS_SUCCESS) {
goto error;

30
crypto/pubkey/ecc.c
View File

@@ -680,6 +680,7 @@ int32_t psEccParsePrivKey(psPool_t *pool,
uint32_t oid;
int32_t asnInt;
uint16_t len;
size_t privkey_len;
buf = keyBuf;
end = buf + keyBufLen;
@@ -701,6 +702,8 @@ int32_t psEccParsePrivKey(psPool_t *pool,
psTraceCrypto("Expecting private key octet string\n");
return PS_FAILURE;
}
privkey_len = len;
psEccInitKey(pool, key, curve);
if (pstm_init_for_read_unsigned_bin(pool, &key->k, len) != PS_SUCCESS) {
goto L_FAIL;
@@ -785,6 +788,21 @@ int32_t psEccParsePrivKey(psPool_t *pool,
}
buf += len;
}
/* Try to parse 'implicitly' encoded optional public key with no
DER header, i.e. assume that all the remaining bytes are public
key bytes. This is not valid ASN.1, but sometimes appears in
practice and parsing it is a requirement for some users. */
if (buf < end &&
*buf == ANSI_UNCOMPRESSED && /* Uncompressed is the only format we support. */
((end-(buf+1)) == privkey_len*2)) /* Pubkey must be 2x privkey size. */
{
if (psEccX963ImportKey(pool, buf, (end-buf), key, key->curve) < 0) {
psTraceCrypto("Unable to parse ECC pubkey from cert\n");
goto L_FAIL;
}
buf += (end-buf);
}
/* Should be at the end */
if (end != buf) {
/* If this stream came from an encrypted file, there could be
@@ -1641,9 +1659,7 @@ static int32_t eccProjectiveAddPoint(psPool_t *pool, const psEccPoint_t *P,
if ((err = pstm_copy(&P->z, &z)) != PS_SUCCESS) { goto done; }
/*
Pre-allocated digit. Used for mul, sqr, AND reduce
TODO: haven't fully explored max paDlen
*/
Pre-allocated digit. Used for mul, sqr, AND reduce*/
paDlen = (modulus->used * 2 + 1) * sizeof(pstm_digit);
if ((paD = psMalloc(pool, paDlen)) == NULL) {
err = PS_MEM_FAIL;
@@ -1914,9 +1930,7 @@ static int32_t eccProjectiveDblPoint(psPool_t *pool, const psEccPoint_t *P,
}
/*
Pre-allocated digit. Used for mul, sqr, AND reduce
TODO: haven't fully explored max possible paDlen
*/
Pre-allocated digit. Used for mul, sqr, AND reduce*/
paDlen = (modulus->used*2+1) * sizeof(pstm_digit);
if ((paD = psMalloc(pool, paDlen)) == NULL) {
err = PS_MEM_FAIL;
@@ -2588,8 +2602,8 @@ int32_t psEccDsaSign(psPool_t *pool, const psEccKey_t *privKey,
sLen = pstm_unsigned_bin_size(&s);
/* Signatures can be smaller than the keysize but keep it sane */
if (((rLen + 2) >= privKey->curve->size) &&
((sLen + 2) >= privKey->curve->size)) {
if (((rLen + 6) >= privKey->curve->size) &&
((sLen + 6) >= privKey->curve->size)) {
if (pstm_iszero(&s) == PS_FALSE) {
break;
}

30
crypto/pubkey/pubkey.c
View File

@@ -125,7 +125,7 @@ int32_t psParseUnknownPrivKey(psPool_t *pool, int pemOrDer, char *keyfile,
{
psRsaKey_t *rsakey;
psEccKey_t *ecckey;
int keytype;
int keytype = 1;
unsigned char *keyBuf;
int32 keyBufLen;
@@ -133,8 +133,10 @@ int32_t psParseUnknownPrivKey(psPool_t *pool, int pemOrDer, char *keyfile,
rsakey = &privkey->key.rsa;
ecckey = &privkey->key.ecc;
if (pemOrDer == 1) {
/* PEM file. */
if (pkcs1ParsePrivFile(pool, keyfile, password, rsakey)
< PS_SUCCESS) {
/* psEccParsePrivFile will also try pkcs8ParsePrivBin. */
if (psEccParsePrivFile(pool, keyfile, password, ecckey)
< PS_SUCCESS) {
psTraceStrCrypto("Unable to parse private key file %s\n",
@@ -146,22 +148,42 @@ int32_t psParseUnknownPrivKey(psPool_t *pool, int pemOrDer, char *keyfile,
keytype = 1;
}
} else {
/* DER file. */
if (psGetFileBuf(pool, keyfile, &keyBuf, &keyBufLen) < PS_SUCCESS) {
psTraceStrCrypto("Unable to open private key file %s\n", keyfile);
return -1;
}
/* A raw RSAPrivateKey? */
if (psRsaParsePkcs1PrivKey(pool, keyBuf, keyBufLen, rsakey)
< PS_SUCCESS) {
/* A raw ECPrivateKey? */
if (psEccParsePrivKey(pool, keyBuf, keyBufLen, ecckey, NULL)
< PS_SUCCESS) {
psTraceCrypto("Unable to parse private key\n");
psFree(keyBuf, pool);
return -1;
#ifdef USE_PKCS8
/* A PKCS #8 PrivateKeyInfo containing an ECPrivateKey? */
if (pkcs8ParsePrivBin(pool, keyBuf, keyBufLen, password,
privkey)) {
#endif /* USE_PKCS8 */
/* Nothing worked. */
psTraceCrypto("Unable to parse private key. " \
"Supported formats are RSAPrivateKey, " \
"ECPrivateKey and PKCS #8.\n");
psFree(keyBuf, pool);
return -1;
}
#ifdef USE_PKCS8
if (privkey->type == PS_RSA)
keytype = 1;
else if (privkey->type == PS_ECC)
keytype = 2;
goto parsed;
#endif /* USE_PKCS8 */
}
keytype = 2;
} else {
keytype = 1;
}
parsed:
psFree(keyBuf, pool);
}

4
crypto/pubkey/pubkey.h
View File

@@ -159,6 +159,7 @@ enum PACKED {
enum PACKED {
PS_NOKEY = 0,
PS_RSA,
PS_DSA,
PS_ECC,
PS_DH
};
@@ -167,7 +168,8 @@ enum PACKED {
enum PACKED {
RSA_TYPE_SIG = 5,
ECDSA_TYPE_SIG,
RSAPSS_TYPE_SIG
RSAPSS_TYPE_SIG,
DSA_TYPE_SIG
};
/**

1
crypto/pubkey/rsa.c
View File

@@ -345,6 +345,7 @@ int32_t psRsaParseAsnPubKey(psPool_t *pool,
Standard RSA form - SHA-1 hash of the value of the BIT STRING
subjectPublicKey [excluding the tag, length, and number of unused
bits] */
psSha1PreInit(&dc.sha1);
psSha1Init(&dc.sha1);
psSha1Update(&dc.sha1, p, keylen - 1);
psSha1Final(&dc.sha1, sha1KeyHash);