Commit graph

729 commits

Author SHA1 Message Date
Emilia Kasper
4dcdde120b RT3754: check for NULL pointer
Fix both the caller to error out on malloc failure, as well as the
eventual callee to handle a NULL gracefully.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-09-10 17:23:02 +02:00
Dr. Stephen Henson
5859bc62f3 Return error for unsupported modes.
PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-12 14:14:01 +01:00
Dr. Stephen Henson
c0b674b7cb Relax CCM tag check.
In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9cca7be11d)
2015-07-06 18:35:35 +01:00
Andy Polyakov
c35e138a58 e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f0fa5c8306)
2015-06-11 10:14:01 +02:00
Emilia Kasper
ac32a77cd6 Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1e4a355dca)
2015-06-08 15:01:14 +02:00
Sergey Agievich
ad0fb7f498 Add funtions to set item_sign and item_verify
PR#3872

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-06-03 15:18:14 +01:00
Richard Levitte
bf42354620 Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
2015-05-23 06:25:12 +02:00
Kurt Roeckx
2d8e705b2a Correctly check for export size limit
40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ac38115c1a)
2015-05-20 22:19:34 +02:00
Matt Caswell
33c99f2c81 Sanity check EVP_EncodeUpdate buffer len
There was already a sanity check to ensure the passed buffer length is not
zero. Extend this to ensure that it also not negative. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b86d7dca69)
2015-04-30 23:21:53 +01:00
Matt Caswell
1a3701f4fe Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c826988109)

Conflicts:
	ssl/record/ssl3_record.c
2015-04-30 23:21:50 +01:00
Viktor Dukhovni
3b38646d13 Code style: space after 'if'
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-04-16 13:50:01 -04:00
Matt Caswell
8f8e4e4f52 Fix RAND_(pseudo_)?_bytes returns
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return
value checked correctly

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:41:28 +00:00
Matt Caswell
ff2459b918 Fix EVP_DigestInit_ex with NULL digest
Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit a01087027b)
2015-03-12 09:29:48 +00:00
Andy Polyakov
df57e42baa evp/e_aes.c: fix SPARC T4-specific problem:
- SIGSEGV/ILL in CCM (RT#3688);

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-12 09:07:53 +01:00
Matt Caswell
8f51c206b3 Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259)
2015-02-26 23:34:54 +00:00
Matt Caswell
f747572547 Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	crypto/evp/Makefile
	test/Makefile
2015-02-25 17:21:58 +00:00
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
f3b6ee30f4 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:49 +00:00
Matt Caswell
cc6e2a5936 Fix strange formatting by indent
Conflicts:
	crypto/hmac/hmac.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:58 +00:00
Matt Caswell
65a6a1ff45 indent has problems with comments that are on the right hand side of a line.
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:44 +00:00
Tim Hudson
6977c7e2ba mark all block comments that need format preserving so that
indent will not alter them when reformatting comments

(cherry picked from commit 1d97c84351)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:04 +00:00
Andy Polyakov
f4868c9921 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1669e1c20)
2015-01-06 11:14:23 +01:00
Emilia Kasper
9ca2cc78a9 Add a comment noting the padding oracle.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af843039)
2014-12-17 14:55:47 +01:00
Emilia Kasper
0cf552230e Revert "RT3425: constant-time evp_enc"
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 738911cde6.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:55:39 +01:00
Richard Levitte
53332a75d1 Clear warnings/errors within KSSL_DEBUG code sections
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:17:54 +01:00
Richard Levitte
3b7ab6f4b8 Include "constant_time_locl.h" rather than "../constant_time_locl.h".
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 08:06:47 +02:00
Emilia Kasper
738911cde6 RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75)

Conflicts:
	crypto/evp/evp_enc.c
2014-09-24 16:25:04 +02:00
Emilia Kasper
ebf221ee25 Fix build when BSAES_ASM is defined but VPAES_ASM is not
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68)
2014-08-21 15:48:10 +02:00
Andy Polyakov
b698c427de crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 2893a302a9)
2014-08-20 22:20:21 +02:00
Andy Polyakov
c991d8ae8b Initial POWER8 support from development branch.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:36:49 +02:00
Dr. Stephen Henson
4c05b1f8d6 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67)
2014-07-17 23:31:11 +01:00
Dr. Stephen Henson
6e1e5996df Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef1501)
2014-07-17 12:58:42 +01:00
Dr. Stephen Henson
802fdcda1e Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ff)
2014-06-30 13:59:38 +01:00
Dr. Stephen Henson
6006e352ad Make EVP_Digest* work again. 2014-06-30 13:59:29 +01:00
Dr. Stephen Henson
df401f4796 Make CMAC work with EVP_PKEY.
Add patch originally accidentally omitted to allow CMAC to work with
EVP_PKEY APIs.
2014-06-29 23:44:44 +01:00
ZNV
14183e50e7 Make EVP_CIPHER_CTX_copy work in GCM mode.
PR#3272
(cherry picked from commit 370bf1d708)
2014-06-29 22:02:23 +01:00
Dr. Stephen Henson
d0ba994483 Fix for EVP_PBE_alg_add().
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.

PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
2014-06-27 23:19:37 +01:00
Felix Laurie von Massenbach
1b823494de Fix signed/unsigned comparisons.
(cherry picked from commit 50cc4f7b3d)
2014-06-17 18:38:36 +01:00
Felix Laurie von Massenbach
6657e68bf2 Fix shadow declaration.
(cherry picked from commit 1f61d8b5b1)
2014-06-17 18:36:48 +01:00
Andy Polyakov
79b960c046 evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build.
(cherry picked from commit ce00c64df9)
2014-06-14 23:16:29 +02:00
Andy Polyakov
7e03acf2be Engage ARMv8 AES support [from HEAD]. 2014-06-11 00:08:03 +02:00
Geoff Thorpe
65402586c0 evp: prevent underflow in base64 decoding
This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:02:02 -04:00
Dr. Stephen Henson
7169e56d6b Initialize num properly.
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2)
2014-05-06 14:09:07 +01:00
Eric Young
0bb37c5e23 Fix base64 decoding bug.
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.

PR#3289
(cherry picked from commit 10378fb5f4)
2014-04-02 19:57:06 +01:00
Dr. Stephen Henson
1bd4ee1da1 Use nid not cipher type as some ciphers don't have OIDs. 2014-03-02 15:00:21 +00:00
Dr. Stephen Henson
3956bfce60 Make null cipher work in FIPS mode. 2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
813cfd9c0a Add additional FIPS digests.
Add a few special case digests not returned by FIPS_get_digestbynid().

Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
issue.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
5f2329b82a Fix fips flag handling.
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.

Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.

Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
2014-02-27 19:18:58 +00:00
Dr. Stephen Henson
01fb5e133f Remove unused file.
The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS
implementations of algorithms can coexist.
2014-02-27 19:08:53 +00:00
Andy Polyakov
fd2c85f6ae evp/e_aes.c: harmonize with 1.0.1. 2014-02-27 17:47:23 +01:00