openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 412cf1d..4fead07 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -61,16 +61,15 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
+#include <openssl/sha.h>
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
-#ifndef OPENSSL_FIPS
-
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa);
+ DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
@@ -135,7 +134,7 @@
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx=NULL;
- int i,reason=ERR_R_BN_LIB;
+ int reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
BN_init(&m);
@@ -150,8 +149,9 @@
s=BN_new();
if (s == NULL) goto err;
- i=BN_num_bytes(dsa->q); /* should be 20 */
- if ((dlen > i) || (dlen > 50))
+ /* reject a excessive digest length (currently at most
+ * dsa-with-SHA256 is supported) */
+ if (dlen > SHA256_DIGEST_LENGTH)
{
reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
goto err;
@@ -172,7 +172,14 @@
dsa->r=NULL;
}
- if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+ if (dlen > BN_num_bytes(dsa->q))
+ /* if the digest length is greater than the size of q use the
+ * BN_num_bits(dsa->q) leftmost bits of the digest, see
+ * fips 186-3, 4.2 */
+ dlen = BN_num_bytes(dsa->q);
+ if (BN_bin2bn(dgst,dlen,&m) == NULL)
+ goto err;
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
@@ -283,30 +290,31 @@
if (!ret)
{
DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
- if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
+ if (r != NULL)
+ BN_clear_free(r);
}
if (ctx_in == NULL) BN_CTX_free(ctx);
- if (kinv != NULL) BN_clear_free(kinv);
BN_clear_free(&k);
BN_clear_free(&kq);
return(ret);
}
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa)
+ DSA *dsa)
{
BN_CTX *ctx;
BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
- int ret = -1;
+ int ret = -1, i;
if (!dsa->p || !dsa->q || !dsa->g)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
return -1;
}
- if (BN_num_bits(dsa->q) != 160)
+ i = BN_num_bits(dsa->q);
+ /* fips 186-3 allows only different sizes for q */
+ if (i != 160 && i != 224 && i != 256)
{
DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
return -1;
@@ -318,6 +326,14 @@
return -1;
}
+ /* reject a excessive digest length (currently at most
+ * dsa-with-SHA256 is supported) */
+ if (dgst_len > SHA256_DIGEST_LENGTH)
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return -1;
+ }
+
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
@@ -342,6 +358,11 @@
if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
/* save M in u1 */
+ if (dgst_len > (i >> 3))
+ /* if the digest length is greater than the size of q use the
+ * BN_num_bits(dsa->q) leftmost bits of the digest, see
+ * fips 186-3, 4.2 */
+ dgst_len = (i >> 3);
if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
/* u1 = M * w mod q */
@@ -393,4 +414,3 @@
return(1);
}
-#endif