Commit graph

966 commits

Author SHA1 Message Date
Richard Levitte
7f09a8773b Include "constant_time_locl.h" rather than "../constant_time_locl.h".
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	crypto/evp/evp_enc.c
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c
2014-10-15 17:00:06 +02:00
Emilia Kasper
4aac102f75 RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-24 16:19:18 +02:00
Emilia Kasper
da92be4d68 Fix build when BSAES_ASM is defined but VPAES_ASM is not
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-08-21 15:42:57 +02:00
Andy Polyakov
2893a302a9 crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-20 22:18:14 +02:00
Justin Blanchard
f756fb430e RT1815: More const'ness improvements
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-18 11:49:16 -04:00
Jonas Maebe
6f77f82bfc dev_crypto_md5_copy: return error if allocating to_md->data fails
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:52:30 +02:00
Jonas Maebe
771e0c6c7a dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:52:14 +02:00
Jonas Maebe
d8513b4abd dev_crypto_cipher: return immediately if allocating cin/cout failed
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:51:35 +02:00
Jonas Maebe
c84029dbdc dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed
Signed-off-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-17 18:51:16 +02:00
Emilia Kasper
f0ca9ccaef make depend
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-14 15:24:58 +02:00
Andy Polyakov
0e716d9207 Engage GHASH for PowerISA 2.0.7.
[and split ppccap.c to ppccap.c and ppc_arch.h]

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:16:31 +02:00
Dr. Stephen Henson
d31fed73e2 RFC 5649 support.
Add support for RFC5649 key wrapping with padding.

Add RFC5649 tests to evptests.txt

Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.

EVP support and minor changes added by Stephen Henson.

Doxygen comment block updates by Tim Hudson.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-18 21:37:13 +01:00
Dr. Stephen Henson
58f4698f67 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 23:29:14 +01:00
Dr. Stephen Henson
d12eef1501 Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 12:57:40 +01:00
Ben Laurie
6835f572a9 Reduce casting nastiness. 2014-07-05 15:00:53 +01:00
Dr. Stephen Henson
0d263d2acf Test copying of contexts in evp_test.
Test EVP_CIPHER_CTX_copy in evp_test. This will catch any
problems with copying in underlying ciphers.
2014-07-01 12:01:51 +01:00
Ben Laurie
e3ba6a5f83 Make depend. 2014-06-30 16:03:29 +01:00
Dr. Stephen Henson
c2fd5d79ff Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
2014-06-30 12:57:29 +01:00
ZNV
370bf1d708 Make EVP_CIPHER_CTX_copy work in GCM mode.
PR#3272
2014-06-29 22:01:28 +01:00
Dr. Stephen Henson
59deb33cbe Fix for EVP_PBE_alg_add().
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
2014-06-27 23:19:39 +01:00
Felix Laurie von Massenbach
50cc4f7b3d Fix signed/unsigned comparisons. 2014-06-17 17:41:46 +01:00
Felix Laurie von Massenbach
1f61d8b5b1 Fix shadow declaration. 2014-06-17 17:41:46 +01:00
Andy Polyakov
764fe518da aesp8-ppc.pl: add CTR mode. 2014-06-16 08:05:19 +02:00
Andy Polyakov
ce00c64df9 evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build. 2014-06-14 23:15:39 +02:00
Andy Polyakov
53a224bb0a evp/e_aes.c: add erroneously omitted break; 2014-06-04 08:33:06 +02:00
Andy Polyakov
030a3f9527 evp/e_aes.c: populate HWAES_* to remaning modes.
Submitted by: Ard Biesheuvel.
2014-06-02 21:48:02 +02:00
Andy Polyakov
de51e830a6 Engage POWER8 AES support. 2014-06-01 23:38:11 +02:00
Andy Polyakov
ddacb8f27b Engage ARMv8 AES support. 2014-06-01 22:20:37 +02:00
Ben Laurie
ba4477d649 Make it build.
Closes #31.
2014-05-25 17:35:04 +01:00
Christian Heimes
56431240ae add test case to makefiles 2014-05-25 17:35:04 +01:00
Christian Heimes
4d4a535dcf Implement tests for PKCS#5 PBKDF2 HMAC 2014-05-25 17:35:04 +01:00
Geoff Thorpe
fce3821111 evp: prevent underflow in base64 decoding
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 17:52:19 -04:00
Dr. Stephen Henson
3ba1e406c2 Initialize num properly.
PR#3289
PR#3345
2014-05-06 14:07:37 +01:00
Eric Young
10378fb5f4 Fix base64 decoding bug.
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
2014-04-02 19:54:27 +01:00
Dr. Stephen Henson
2514fa79ac Add functions returning security bits.
Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.
2014-03-28 14:49:04 +00:00
Dr. Stephen Henson
4cfeb00be9 make depend 2014-02-19 20:09:08 +00:00
Andy Polyakov
701134320a ssl/s3_pkt.c: detect RAND_bytes error in multi-block. 2014-02-14 17:43:31 +01:00
Andy Polyakov
9587429fa0 evp/e_aes_cbc_hmac_sha*.c: improve cache locality. 2014-02-13 14:39:55 +01:00
Andy Polyakov
5a42c8f07f e_aes_cbc_hmac_sha[1|256].c: fix compiler warning. 2014-02-05 16:38:22 +01:00
Andy Polyakov
0d5096fbd6 evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements. 2014-02-05 14:05:08 +01:00
Andy Polyakov
2f3af3dc36 aesni-sha1-x86_64.pl: add stiched decrypt procedure,
but keep it disabled, too little gain... Add some Atom-specific
optimization.
2014-01-03 21:40:08 +01:00
Dr. Stephen Henson
560b34f2b0 Ignore NULL parameter in EVP_MD_CTX_destroy.
(cherry picked from commit a6c62f0c25)
2013-12-20 23:32:25 +00:00
Andy Polyakov
e9c80e04c1 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
2013-12-18 21:42:46 +01:00
Andy Polyakov
f0f4b8f126 PPC assembly pack update addendum. 2013-12-18 21:39:15 +01:00
Andy Polyakov
07f3e4f3f9 Take vpaes-ppc module into loop. 2013-11-27 22:39:13 +01:00
Dr. Stephen Henson
0f7fa1b190 Constify.
(cherry picked from commit 1abfa78a8b)
2013-11-14 21:05:36 +00:00
Dr. Stephen Henson
afa23c46d9 Flag to disable automatic copying of contexts.
Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.
2013-11-13 23:48:35 +00:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly.
PR: 3165
2013-11-12 21:51:37 +01:00
Dr. Stephen Henson
16bc45ba95 Fix memory leak. 2013-11-11 22:39:40 +00:00
Dr. Stephen Henson
b0513fd2bb Initialise context before using it.
(cherry picked from commit a4947e4e06)
2013-11-06 13:19:13 +00:00
Ben Laurie
c10e3f0cff PBKDF2 should be efficient. Contributed by Christian Heimes
<christian@python.org>.
2013-11-03 17:23:50 +00:00
Andy Polyakov
b4f0abd246 evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.
Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.
2013-10-12 22:10:28 +02:00
Andy Polyakov
a69c0a1be5 evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs. 2013-10-08 23:39:26 +02:00
Andy Polyakov
b1de640f03 evp/evp.h: add multi-block contstants and parameter type. 2013-10-08 23:38:05 +02:00
Andy Polyakov
524b00c0da evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
Submitted by: Yuriy Kaminskiy
2013-10-03 10:55:49 +02:00
Andy Polyakov
7f893258f6 evp/e_aes_cbc_hmac_sha*.c: multi-block glue code. 2013-10-03 00:24:03 +02:00
Andy Polyakov
5f487e0317 evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX. 2013-10-03 00:16:51 +02:00
Ard Biesheuvel
a2ea9f3ecc Added support for ARM/NEON based bit sliced AES in XTS mode
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2013-09-15 19:37:16 +02:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
e61f5d55bc Algorithm parameter support.
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
2013-08-05 15:45:00 +01:00
Andy Polyakov
a59f436295 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting.
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
2013-08-03 17:09:06 +02:00
Dr. Stephen Henson
17c2764d2e CMS support for key agreeement recipient info.
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
97cf1f6c28 EVP support for wrapping algorithms.
Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt
2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
965e06da3c Typo. 2013-06-12 18:47:28 +01:00
Ben Laurie
5dcd2deb3e Remove added ;. 2013-06-04 17:27:18 +01:00
Ben Laurie
b25b8417a7 Missing prototypes. 2013-06-04 16:34:45 +01:00
Andy Polyakov
8a97a33063 Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
Andy Polyakov
9575d1a91a bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks.
Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt
on Cortex-A15.
2013-04-23 17:52:14 +02:00
Ben Laurie
282a480a35 Fix warnings. 2013-04-06 15:08:44 +01:00
Andy Polyakov
a42abde699 e_aes.c: reserve for future extensions. 2013-04-04 15:55:49 +02:00
Andy Polyakov
c9a8e3d1c7 evptests.txt: add XTS test vectors 2013-04-04 15:53:01 +02:00
Andy Polyakov
c5d975a743 Add support for SPARC T4 DES opcode. 2013-03-31 14:32:05 +02:00
Andy Polyakov
4e049c5259 Add AES-NI GCM stitch. 2013-03-29 20:45:33 +01:00
Andy Polyakov
5c60046553 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
PR: 3002
2013-03-18 19:29:41 +01:00
Andy Polyakov
ca303d333b evptests.txt: additional GCM test vectors. 2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825 GCM and CCM test support
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327 Add CCM ciphers to tables. 2013-03-06 16:15:42 +00:00
Ben Laurie
975dfb1c6c make depend. 2013-02-21 18:17:38 +00:00
Andy Polyakov
2141e6f30b e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line.
It also ensures that valgring is happy.
2013-02-08 10:31:13 +01:00
Andy Polyakov
1041ab696e e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret.
(cherry picked from commit 529d27ea47)
2013-02-06 14:19:11 +00:00
Andy Polyakov
9970308c88 e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77 Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
2013-02-06 14:19:07 +00:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Andy Polyakov
cd68694646 AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality. 2012-11-24 21:55:23 +00:00
Dr. Stephen Henson
98a7edf9f0 make depend 2012-11-19 13:18:09 +00:00
Dr. Stephen Henson
7c43ea50fd correct error function code 2012-11-05 13:34:29 +00:00
Andy Polyakov
7cb81398b7 e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and
leave comment about CTR mode.
2012-11-05 09:20:41 +00:00
Ben Laurie
5b0e3daf50 Remove unused static function. 2012-11-05 02:01:07 +00:00
Dr. Stephen Henson
057c8a2b9e fix error code 2012-10-18 16:21:39 +00:00
Dr. Stephen Henson
964eaad78c Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:08 +00:00
Andy Polyakov
4739ccdb39 Add SPARC T4 Camellia support.
Submitted by: David Miller
2012-10-11 18:35:18 +00:00
Andy Polyakov
c5f6da54fc Add SPARC T4 AES support.
Submitted by: David Miller
2012-10-06 18:08:09 +00:00
Andy Polyakov
244ed51a0d e_aes.c: uninitialized variable in aes_ccm_init_key.
PR: 2874
Submitted by: Tomas Mraz
2012-09-15 08:45:42 +00:00
Dr. Stephen Henson
44488723de add missing evp_cnf.c file 2012-07-04 13:15:10 +00:00
Dr. Stephen Henson
ea1d84358b PR: 2840
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
2012-07-03 20:30:40 +00:00
Andy Polyakov
8d1b199d26 Revert random changes from commit#22606. 2012-06-04 22:12:10 +00:00
Ben Laurie
71fa451343 Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
Andy Polyakov
8ea92ddd13 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms.
PR: 2792
2012-04-19 20:38:05 +00:00
Dr. Stephen Henson
b214184160 recognise X9.42 DH certificates on servers 2012-04-18 17:03:29 +00:00
Andy Polyakov
6dd9b0fc43 e_rc4_hmac_md5.c: harmonize zero-length fragment handling with
e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).
2012-04-18 14:55:39 +00:00
Andy Polyakov
e36f6b9cfa e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs.
PR: 2792
2012-04-18 14:50:28 +00:00
Andy Polyakov
fc90e42c86 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag
countermeasure.

PR: 2778
2012-04-15 14:14:22 +00:00
Dr. Stephen Henson
751e26cb9b fix leak 2012-03-22 16:28:07 +00:00
Dr. Stephen Henson
f94cfe6a12 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:55:17 +00:00
Dr. Stephen Henson
afb14cda8c Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Andy Polyakov
77aae9654f Configure, e_aes.c: allow for XTS assembler implementation. 2011-11-15 12:18:40 +00:00
Ben Laurie
ae55176091 Fix some warnings caused by __owur. Temporarily (I hope) remove the more
aspirational __owur annotations.
2011-11-14 00:36:10 +00:00
Andy Polyakov
32268b183f e_aes.c: additional sanity check in aes_xts_cipher. 2011-11-12 13:26:36 +00:00
Andy Polyakov
60d4e99cf3 bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt. 2011-11-10 22:41:31 +00:00
Andy Polyakov
9a480169cd e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's
return value after custom flag was rightly reverted.
2011-11-06 19:48:39 +00:00
Andy Polyakov
a75a52a43e bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c. 2011-10-30 12:15:56 +00:00
Andy Polyakov
f2784994ec e_aes.c: fold even aesni_ccm_cipher. 2011-10-24 06:00:06 +00:00
Andy Polyakov
507b0d9d38 e_aes.c: prevent potential DoS in aes_gcm_tls_cipher. 2011-10-23 22:58:40 +00:00
Dr. Stephen Henson
f59a5d6079 No need for custom flag in XTS mode: block length is 1. 2011-10-23 17:06:28 +00:00
Andy Polyakov
07904e0c6c evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls
(trade 2% small-block performance), engage bit-sliced AES in GCM.
2011-10-18 13:37:26 +00:00
Andy Polyakov
e2473dcc7d c_allc.c: add aes-xts to loop. 2011-10-18 07:53:50 +00:00
Andy Polyakov
993adc0531 Engage bsaes-x86_64.pl, bit-sliced AES. 2011-10-17 17:10:54 +00:00
Andy Polyakov
027026df9f e_aes.c: fix bug in aesni_gcm_tls_cipher. 2011-10-14 09:32:06 +00:00
Bodo Möller
bf6d2f986d Make CTR mode behaviour consistent with other modes:
- clear ctx->num in EVP_CipherInit_ex
- adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816
  for eng_aesni.c

Submitted by: Emilia Kasper
2011-10-13 13:41:34 +00:00
Dr. Stephen Henson
3231e42d72 update pkey method initialisation and copy 2011-10-11 18:15:31 +00:00
Dr. Stephen Henson
819cf4b886 Sync error codes with 1.0.1-stable. 2011-09-17 00:17:46 +00:00
Andy Polyakov
8ca28da0a7 Integrate Vector Permutation AES into build system. 2011-09-15 20:22:59 +00:00
Bodo Möller
ae53b299fa make update 2011-09-05 09:46:15 +00:00
Bodo Möller
f0ecb86666 Fix error codes. 2011-09-05 09:42:34 +00:00
Dr. Stephen Henson
5e92fd244c Stop warnings. 2011-09-01 14:15:47 +00:00
Dr. Stephen Henson
d77a970669 PR: 2588
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
2011-09-01 13:49:16 +00:00
Dr. Stephen Henson
7daf0efad9 Fix warning. 2011-08-25 19:50:51 +00:00
Andy Polyakov
c608171d9c Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. 2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
ab1ec69843 aesni TLS GCM support 2011-08-11 23:06:19 +00:00
Dr. Stephen Henson
28dd49faec Expand range of ctrls for AES GCM to support retrieval and setting of
invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Andy Polyakov
a355cf9bf5 evp.h: add flag to distinguish AEAD ciphers and pair of control codes... 2011-07-11 13:54:53 +00:00
Dr. Stephen Henson
9ebc37e667 add null cipher to FIPS module 2011-06-20 19:48:44 +00:00
Dr. Stephen Henson
bd6386f59c make sure custom cipher flag doesn't use any mode bits 2011-06-13 23:06:43 +00:00
Dr. Stephen Henson
3096d53b46 Update dependencies for m_dss.c too. 2011-06-10 14:00:02 +00:00
Dr. Stephen Henson
068291cd44 Remove x509.h from SHA1 clone digests, update dependencies. 2011-06-10 13:52:44 +00:00
Andy Polyakov
17f121de9d e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes. 2011-06-06 11:40:03 +00:00
Dr. Stephen Henson
bce1af7762 Add DSA and ECDSA "clone digests" to module for compatibility with old
applications.
2011-06-01 14:07:32 +00:00
Andy Polyakov
62b6c5c404 e_aes.c: fix typo. 2011-05-30 10:13:42 +00:00
Andy Polyakov
e76cbcf686 e_aes.c: fix aes_cfb1_cipher. 2011-05-30 10:10:05 +00:00
Andy Polyakov
d1fff483d6 e_aes.c: integrate AESNI directly into EVP. 2011-05-30 09:16:01 +00:00
Dr. Stephen Henson
c2fd598994 Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
e9093c9832 PR: 2499
Submitted by: "James 'J.C.' Jones" <james.jc.jones@gmail.com>

Typos.
2011-05-02 23:29:57 +00:00
Dr. Stephen Henson
b5dd178740 Fix EVP CCM decrypt. Add decrypt support to algorithm test program. 2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
62dc7ed67c Override flag for XTS length limit. 2011-04-18 17:31:28 +00:00
Dr. Stephen Henson
2391681082 Initial untested CCM support via EVP. 2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
3b4a855778 Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf
field which is not unused for custom ciphers.
2011-04-18 11:28:41 +00:00
Dr. Stephen Henson
45321c41e2 Add length limitation from SP800-38E. 2011-04-15 12:01:53 +00:00
Dr. Stephen Henson
06b7e5a0e4 Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. 2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6 Initial incomplete POST overhaul: add support for POST callback to
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
77394d7e8f Remove duplicate flag. 2011-04-13 00:11:53 +00:00
Dr. Stephen Henson
32a2d8ddfe Provisional AES XTS support. 2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
05e24c87dd Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Richard Levitte
c6dbe90895 make update 2011-03-24 22:59:02 +00:00
Richard Levitte
399aa6b5ff Implement FIPS CMAC.
* fips/cmac/*: Implement the basis for FIPS CMAC, using FIPS HMAC as
  an example.
* crypto/cmac/cmac.c: Enable the FIPS API.  Change to use M_EVP macros
  where possible.
* crypto/evp/evp.h: (some of the macros get added with this change)
* fips/fips.h, fips/utl/fips_enc.c: Add a few needed functions and use
  macros to have cmac.c use these functions.
* Makefile.org, fips/Makefile, fips/fips.c: Hook it in.
2011-03-24 22:55:02 +00:00
Richard Levitte
487b023f3d make update (1.1.0-dev)
This meant alarger renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable and 1.0.1-stable.  However, since there's
been no release on this branch yet, it should be harmless.
2011-03-23 00:11:32 +00:00
Dr. Stephen Henson
4fc02f1229 Use a signed value to check return value of do_cipher(). 2011-03-21 17:37:27 +00:00
Ben Laurie
edc032b5e3 Add SRP support. 2011-03-12 17:01:19 +00:00
Dr. Stephen Henson
3e446ba347 Make "make links" work in fipscanisteronly builds. 2011-02-22 12:34:46 +00:00
Dr. Stephen Henson
b7056b6414 Update dependencies. 2011-02-21 17:51:59 +00:00
Dr. Stephen Henson
37eae9909a Remove unnecessary dependencies. 2011-02-21 17:35:53 +00:00
Dr. Stephen Henson
ab8a4e54db Move gcm128_context definition to modes_lcl.h (along with some related
definitions) so we can use it in EVP GCM code avoiding need to allocate
it.
2011-02-19 22:16:52 +00:00
Dr. Stephen Henson
25c6542944 Add non-FIPS algorithm blocking and selftest checking. 2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
14567b1451 Add FIPS flags to AES ciphers and SHA* digests. 2011-02-15 15:57:54 +00:00
Dr. Stephen Henson
b3d8022edd Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. 2011-02-09 16:21:43 +00:00
Dr. Stephen Henson
f4001a0d19 Link GCM into FIPS module. Check return value in EVP gcm. 2011-02-08 15:10:42 +00:00
Dr. Stephen Henson
bdaa54155c Initial *very* experimental EVP support for AES-GCM. Note: probably very
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672 Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Dr. Stephen Henson
83e9c36261 Use default ASN1 if flag set. 2011-02-07 12:47:16 +00:00
Dr. Stephen Henson
14ae26f2e4 Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files
that use it.
2011-02-03 17:00:24 +00:00
Bodo Möller
9d0397e977 make update 2011-02-03 10:17:53 +00:00
Bodo Möller
2440d8b1db Fix error codes. 2011-02-03 10:03:23 +00:00
Dr. Stephen Henson
7edfe67456 Move all FIPSAPI renames into fips.h header file, include early in
crypto.h if needed.

Modify source tree to handle change.
2011-01-27 19:10:56 +00:00
Dr. Stephen Henson
7c8ced94c3 Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer
to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.
2011-01-27 15:22:26 +00:00
Dr. Stephen Henson
7a4bd34a4f FIPS mode EVP changes:
Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.
2011-01-26 15:25:33 +00:00
Dr. Stephen Henson
09c1dc850c PR: 2385
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.
2010-11-30 19:37:21 +00:00
Dr. Stephen Henson
ae3fff5034 Some of the MS_STATIC use in crypto/evp is a legacy from the days when
EVP_MD_CTX was much larger: it isn't needed anymore.
2010-11-27 17:37:03 +00:00
Dr. Stephen Henson
f830c68f4d add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
46fc96d4ba constify EVP_PKEY_new_mac_key() 2010-11-24 13:13:49 +00:00
Dr. Stephen Henson
ad889de097 If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and
we should use its method instead of any generic one.
2010-11-16 12:11:46 +00:00
Dr. Stephen Henson
776654adff PR: 2295
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2010-10-11 23:49:22 +00:00
Dr. Stephen Henson
2948fbab3a Fix ctr mode properly this time.... 2010-07-28 16:53:28 +00:00
Dr. Stephen Henson
081464fa14 Make ctr mode behaviour consistent with other modes. 2010-07-28 11:03:09 +00:00
Andy Polyakov
874a3757af Rework framework for assembler support for AES counter mode and add
AES_ctr32_encrypt to aes-s390x.pl.
2010-07-09 12:21:52 +00:00
Ben Laurie
c8bbd98a2b Fix warnings. 2010-06-12 14:13:23 +00:00
Dr. Stephen Henson
cb877ccb35 PR: 2258
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
2010-05-27 12:41:05 +00:00
Dr. Stephen Henson
efcf5f1c50 PR: 2244
Submitted By: "PMHager" <hager@dortmund.net>

Initialise pkey callback to 0.
2010-05-03 12:50:36 +00:00
Dr. Stephen Henson
08df41277a PR: 1904
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
2010-03-27 19:31:55 +00:00
Dr. Stephen Henson
d6eebf6d8a reserve a few more bits for future cipher modes 2010-03-08 23:48:21 +00:00
Dr. Stephen Henson
069d4cfea5 although AES is a variable length cipher, AES EVP methods have a fixed key length 2010-03-07 15:54:26 +00:00
Dr. Stephen Henson
49436b59b5 oops, make EVP ctr mode work again 2010-03-07 15:52:41 +00:00
Dr. Stephen Henson
1708456220 don't add digest alias if signature algorithm is undefined 2010-03-06 20:47:30 +00:00
Dr. Stephen Henson
8c4ce7bab2 Fix memory leak: free up ENGINE functional reference if digest is not
found in an ENGINE.
2010-03-05 13:33:21 +00:00
Dr. Stephen Henson
da3955256d 'typo' 2010-03-01 01:53:34 +00:00
Ben Laurie
19ec2f4194 Fix warnings (note that gcc 4.2 has a bug that makes one of its
warnings hard to fix without major surgery).
2010-02-28 14:22:56 +00:00
Dr. Stephen Henson
37c541faed Revert CFB block length change. Despite what SP800-38a says the input to
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
2010-02-26 14:41:58 +00:00
Dr. Stephen Henson
385a488c43 prevent warning 2010-02-24 15:24:19 +00:00
Andy Polyakov
d976f99294 Add AES counter mode to EVP. 2010-02-23 16:48:41 +00:00
Dr. Stephen Henson
1458b931eb The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
2010-02-15 19:40:16 +00:00
Dr. Stephen Henson
20eb7238cb Correct ECB mode EVP_CIPHER definition: IV length is 0 2010-02-15 19:26:02 +00:00
Dr. Stephen Henson
79cfc3ac54 add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable 2010-02-15 19:20:13 +00:00
Dr. Stephen Henson
e3e31ff482 Use supplied ENGINE when initialising CMAC. Restore pctx setting. 2010-02-08 16:31:28 +00:00
Dr. Stephen Henson
c8ef656df2 Make CMAC API similar to HMAC API. Add methods for CMAC. 2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
089f02c577 oops, use new value for new flag 2010-02-07 13:50:36 +00:00
Dr. Stephen Henson
c2bf720842 Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
17ebc10ffa PR: 2161
Submitted by: Doug Goldstein <cardoe@gentoo.org>, Steve.

Make no-dsa, no-ecdsa and no-rsa compile again.
2010-02-02 13:35:27 +00:00
Dr. Stephen Henson
e92f9f45e8 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and
later.
2010-01-26 14:29:06 +00:00
Dr. Stephen Henson
031c78901b make update 2010-01-15 15:24:19 +00:00
Dr. Stephen Henson
7e765bf29a Traditional Yuletide commit ;-)
Add Triple DES CFB1 and CFB8 to algorithm list and NID translation.
2009-12-25 14:13:11 +00:00
Dr. Stephen Henson
e50858c559 PR: 2127
Submitted by: Tomas Mraz <tmraz@redhat.com>

Check for lookup failures in EVP_PBE_CipherInit().
2009-12-17 15:27:57 +00:00
Dr. Stephen Henson
338a61b94e Add patch to crypto/evp which didn't apply from PR#2124 2009-12-09 15:01:39 +00:00
Dr. Stephen Henson
fdb2c6e4e5 PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>

Check for memory allocation failures.
2009-12-09 13:38:05 +00:00
Dr. Stephen Henson
3d63b3966f Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
773b63d6f9 set engine to NULL after releasing it 2009-11-12 19:25:37 +00:00
Dr. Stephen Henson
fecef70773 Yes it is a typo ;-) 2009-10-01 12:17:44 +00:00
Dr. Stephen Henson
b6dcdbfc94 Audit libcrypto for unchecked return values: fix all cases enountered 2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
cd4f7cddc7 Add more return value checking attributes to evp.h and hmac.h 2009-09-23 23:40:13 +00:00
Dr. Stephen Henson
acf20c7dbd Add attribute to check if return value of certain functions is incorrectly
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
3ed3603b60 Update default dependency flags.
Make error name discrepancies a fatal error.
Fix error codes.
make update
2009-08-12 17:30:37 +00:00
Dr. Stephen Henson
0f1d77a870 Fix error code. 2009-08-06 16:39:34 +00:00
Dr. Stephen Henson
c55d27ac33 Make update. 2009-07-08 09:19:53 +00:00
Dr. Stephen Henson
4e9de7aa3a Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is
a new branch we can also disable it by default.
2009-07-08 08:49:17 +00:00
Dr. Stephen Henson
9a6d8ee5b5 Update from 1.0.0-stable 2009-07-01 11:40:19 +00:00
Dr. Stephen Henson
f0288f05b9 Submitted by: Artem Chuprina <ran@cryptocom.ru>
Reviewed by: steve@openssl.org

Various GOST ciphersuite and ENGINE fixes. Including...

Allow EVP_PKEY_set_derive_peerkey() in encryption operations.

New flag when certificate verify should be omitted in client key exchange.
2009-06-16 16:38:47 +00:00
Dr. Stephen Henson
43e12b6f1c Add ignored FIPS options to evp.h change clashing flag value. 2009-05-29 18:57:31 +00:00
Dr. Stephen Henson
d4f0339c66 Update from 1.0.0-stable. 2009-04-26 22:18:22 +00:00
Dr. Stephen Henson
ef236ec3b2 Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Dr. Stephen Henson
e5fa864f62 Updates from 1.0.0-stable. 2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
e4e949192b Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
Reviewed by: steve@openssl.org

Check return codes properly in md BIO and dgst command.
2009-03-18 18:53:08 +00:00
Ben Laurie
2121f15daf Use the right length (reported by Quanhong Wang). 2009-03-03 15:12:56 +00:00
Dr. Stephen Henson
a63bf2c53c Make no-engine work again. 2009-02-15 15:28:18 +00:00
Ben Laurie
b3f3407850 Use new common flags and fix resulting warnings. 2009-02-15 14:08:51 +00:00
Ben Laurie
0eab41fb78 If we're going to return errors (no matter how stupid), then we should
test for them!
2008-12-29 16:11:58 +00:00
Andy Polyakov
5cabcf96e7 Fix "possible loss of data" Win64 compiler warnings. 2008-12-29 12:35:49 +00:00
Bodo Möller
7a76219774 Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Geoff Thorpe
6343829a39 Revert the size_t modifications from HEAD that had led to more
knock-on work than expected - they've been extracted into a patch
series that can be completed elsewhere, or in a different branch,
before merging back to HEAD.
2008-11-12 03:58:08 +00:00
Dr. Stephen Henson
7b808412c9 Make -DKSSL_DEBUG work again. 2008-11-10 19:08:37 +00:00
Dr. Stephen Henson
2e5975285e Update obsolete email address... 2008-11-05 18:39:08 +00:00
Ben Laurie
f80921b6a6 Formatting. 2008-11-04 12:06:09 +00:00
Dr. Stephen Henson
70d71f6185 Fix warnings: printf format mismatches on 64 bit platforms.
Change assert to OPENSSL_assert().
Fix e_padlock prototype.
2008-11-02 15:41:30 +00:00
Dr. Stephen Henson
c76fd290be Fix warnings about mismatched prototypes, undefined size_t and value computed
not used.
2008-11-02 12:50:48 +00:00
Ben Laurie
5e4430e70d More size_tification. 2008-11-01 16:40:37 +00:00
Andy Polyakov
b444ac3e6f size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require
underlying cipher to be size_t-fied, it allows for size_t, signed and
unsigned long. It maintains source and even binary compatibility.
2008-10-31 19:48:25 +00:00
Dr. Stephen Henson
e19106f5fb Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.

This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
2008-10-22 15:43:01 +00:00
Dr. Stephen Henson
606f6c477a Fix a shed load or warnings:
Duplicate const.
Use of ; outside function.
2008-10-20 15:12:00 +00:00
Ben Laurie
babb379849 Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
Bodo Möller
2e415778f2 Don't use assertions to check application-provided arguments;
and don't unnecessarily fail on input size 0.
2008-08-14 21:37:51 +00:00
Geoff Thorpe
4c3296960d Remove the dual-callback scheme for numeric and pointer thread IDs,
deprecate the original (numeric-only) scheme, and replace with the
CRYPTO_THREADID object. This hides the platform-specifics and should reduce
the possibility for programming errors (where failing to explicitly check
both thread ID forms could create subtle, platform-specific bugs).

Thanks to Bodo, for invaluable review and feedback.
2008-08-06 15:54:15 +00:00
Dr. Stephen Henson
d4cdbab99b Avoid warnings with -pedantic, specifically:
Conversion between void * and function pointer.
Value computed not used.
Signed/unsigned argument.
2008-07-04 23:12:52 +00:00