diff -up openssl-fips-0.9.8e/crypto/asn1/a_bitstr.c.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/a_bitstr.c --- openssl-fips-0.9.8e/crypto/asn1/a_bitstr.c.cert-fingerprint 2005-07-26 22:55:14.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/a_bitstr.c 2015-04-02 14:09:34.065642198 +0200 @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN p= *pp; i= *(p++); + if (i > 7) + { + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } /* We do this to preserve the settings. If we modify * the settings, via the _set_bit function, we will recalculate * on output */ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ if (len-- > 1) /* using one because of the bits left byte */ { diff -up openssl-fips-0.9.8e/crypto/asn1/asn1_err.c.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/asn1_err.c --- openssl-fips-0.9.8e/crypto/asn1/asn1_err.c.cert-fingerprint 2015-04-01 12:41:27.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/asn1_err.c 2015-04-02 14:38:16.854073649 +0200 @@ -228,6 +228,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, diff -up openssl-fips-0.9.8e/crypto/asn1/asn1.h.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/asn1.h --- openssl-fips-0.9.8e/crypto/asn1/asn1.h.cert-fingerprint 2015-04-01 12:41:27.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/asn1.h 2015-04-02 14:36:44.517001476 +0200 @@ -741,6 +741,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1174,6 +1175,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MODIFIER 186 diff -up openssl-fips-0.9.8e/crypto/asn1/a_type.c.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/a_type.c --- openssl-fips-0.9.8e/crypto/asn1/a_type.c.cert-fingerprint 2005-05-17 18:50:45.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/a_type.c 2015-04-02 14:32:45.960662004 +0200 @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include int ASN1_TYPE_get(ASN1_TYPE *a) { @@ -82,3 +83,52 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int typ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) + +/* Returns 0 if they are equal, != 0 otherwise. */ +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) + { + int result = -1; + + if (!a || !b || a->type != b->type) return -1; + + switch (a->type) + { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, + (ASN1_STRING *) b->value.ptr); + break; + } + + return result; + } diff -up openssl-fips-0.9.8e/crypto/asn1/a_verify.c.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/a_verify.c --- openssl-fips-0.9.8e/crypto/asn1/a_verify.c.cert-fingerprint 2015-04-01 12:41:28.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/a_verify.c 2015-04-02 14:34:50.143434774 +0200 @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_A goto err; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } + inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); if (buf_in == NULL) @@ -139,6 +145,12 @@ int ASN1_item_verify(const ASN1_ITEM *it return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); diff -up openssl-fips-0.9.8e/crypto/asn1/x_algor.c.cert-fingerprint openssl-fips-0.9.8e/crypto/asn1/x_algor.c --- openssl-fips-0.9.8e/crypto/asn1/x_algor.c.cert-fingerprint 2001-07-27 04:22:23.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/asn1/x_algor.c 2015-04-02 14:39:32.561772635 +0200 @@ -71,3 +71,14 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) IMPLEMENT_STACK_OF(X509_ALGOR) IMPLEMENT_ASN1_SET_OF(X509_ALGOR) + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff -up openssl-fips-0.9.8e/crypto/dsa/dsa_asn1.c.cert-fingerprint openssl-fips-0.9.8e/crypto/dsa/dsa_asn1.c --- openssl-fips-0.9.8e/crypto/dsa/dsa_asn1.c.cert-fingerprint 2007-04-06 02:30:16.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/dsa/dsa_asn1.c 2015-04-02 14:52:06.303693362 +0200 @@ -194,6 +194,9 @@ int DSA_verify(int type, const unsigned const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; #ifdef OPENSSL_FIPS if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) @@ -205,9 +208,18 @@ int DSA_verify(int type, const unsigned s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } diff -up openssl-fips-0.9.8e/crypto/x509/x_all.c.cert-fingerprint openssl-fips-0.9.8e/crypto/x509/x_all.c --- openssl-fips-0.9.8e/crypto/x509/x_all.c.cert-fingerprint 2005-07-16 13:13:08.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/x509/x_all.c 2015-04-02 14:42:00.894101419 +0200 @@ -73,6 +73,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } diff -up openssl-fips-0.9.8e/crypto/x509/x509.h.cert-fingerprint openssl-fips-0.9.8e/crypto/x509/x509.h --- openssl-fips-0.9.8e/crypto/x509/x509.h.cert-fingerprint 2015-04-01 12:41:27.000000000 +0200 +++ openssl-fips-0.9.8e/crypto/x509/x509.h 2015-04-02 14:40:57.452677705 +0200 @@ -841,6 +841,7 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_ X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);