wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12209 commits 20 branches 302 tags 153 MiB
Commit graph

6246 commits

Author SHA1 Message Date
Andy Polyakov
f4d456408d x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
Andy Polyakov
5599c7331b aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont. 
Improve CBC decrypt and CTR by ~13/16%, which adds up to ~25/33%
improvement over "pre-Silvermont" version. [Add performance table to
aesni-x86.pl].
 2014-02-14 17:06:15 +01:00
Dr. Stephen Henson
385b348666 Include TA in checks/callback with partial chains. 
When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
 2014-02-14 15:07:01 +00:00
Dr. Stephen Henson
2dac2667d1 Don't do loop detection for self signed check. 2014-02-14 14:52:23 +00:00
Dr. Stephen Henson
847865d0f9 Add suppot for ASCII with CRLF canonicalisation. 2014-02-13 14:35:56 +00:00
Andy Polyakov
9587429fa0 evp/e_aes_cbc_hmac_sha*.c: improve cache locality. 2014-02-13 14:39:55 +01:00
Andy Polyakov
98e143f118 ghash-x86[_64].pl: ~15% improvement on Atom Silvermont 
(other processors unaffected).
 2014-02-13 14:37:28 +01:00
Ben Laurie
fc92396976 Fix warning. 2014-02-13 03:11:58 +00:00
Andy Polyakov
5a42c8f07f e_aes_cbc_hmac_sha[1|256].c: fix compiler warning. 2014-02-05 16:38:22 +01:00
Andy Polyakov
0d5096fbd6 evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements. 2014-02-05 14:05:08 +01:00
Andy Polyakov
3847d15d6b [aesni|sha*]-mb-x86_64.pl: add data prefetching. 2014-02-05 14:03:35 +01:00
Andy Polyakov
d162584b11 modes/asm/ghash-s390x.pl: +15% performance improvement on z10. 2014-02-02 00:09:17 +01:00
Andy Polyakov
d8ba0dc977 crypto/aes/asm/aesni-x86[_64].pl update, up to 14% improvement on 
Atom Silvermont. On other CPUs one can observe 1% loss on some
algorithms.
 2014-02-01 21:13:49 +01:00
Andy Polyakov
b217ca63b1 crypto/sha/asm/sha1-x86_64.pl update: 
+5% on Atom Silvermont, up to +8% improvement of legacy code.
Harmonize sha1-586.pl and aesni-sha1-x86_86.p with sha1-x86_64.pl.
 2014-02-01 21:07:16 +01:00
Dr. Stephen Henson
e933f91f50 Add loaded dynamic ENGINEs to list. 
Always add a dynamically loaded ENGINE to list. Otherwise it can cause
problems when multiply loaded, especially if it adds new public key methods.
For all current engines we only want a single implementation anyway.
 2014-01-28 13:51:58 +00:00
Dr. Stephen Henson
ec492c8a5a Compare encodings in X509_cmp as well as hash. 2014-01-26 16:29:50 +00:00
Dr. Stephen Henson
9f10e9293b typo 2014-01-12 14:13:48 +00:00
Dr. Stephen Henson
ef643cc7bd Use rdrand as additional entropy source. 
If available rdrand is used as an additional entropy source for the
PRNG and for additional input in FIPS mode.
 2014-01-11 14:19:25 +00:00
Dr. Stephen Henson
8f4077ca69 Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling. 2014-01-09 22:52:49 +00:00
Andy Polyakov
eedab5241e bn/asm/x86_64-mont5.pl: fix compilation error on Solaris. 2014-01-09 13:44:59 +01:00
Andy Polyakov
5dc52b919b PPC assembly pack: relax 64-bit requirement for little-endian support. 2014-01-07 22:44:21 +01:00
Andy Polyakov
1fb83a3bc2 aes/asm/vpaes-ppc.pl: add little-endian support. 2014-01-07 16:48:04 +01:00
Andy Polyakov
ad0d2579cf sha/asm/sha256-armv4.pl: add NEON code path. 
(and shave off cycle even from integer-only code)
 2014-01-04 18:04:53 +01:00
Andy Polyakov
25f7117f0e aesni-sha1-x86_64.pl: refine Atom-specific optimization. 
(and update performance data, and fix typo)
 2014-01-04 17:13:57 +01:00
Andy Polyakov
2f3af3dc36 aesni-sha1-x86_64.pl: add stiched decrypt procedure, 
but keep it disabled, too little gain... Add some Atom-specific
optimization.
 2014-01-03 21:40:08 +01:00
Andy Polyakov
926725b3d7 sparcv9cap.c: omit random detection. 
PR: 3202
 2013-12-28 13:31:14 +01:00
Andy Polyakov
2218c296b4 ARM assembly pack: make it work with older toolchain. 2013-12-28 12:17:08 +01:00
Dr. Stephen Henson
cd30f03ac5 Canonicalise input in CMS_verify. 
If content is detached and not binary mode translate the input to
CRLF format. Before this change the input was verified verbatim
which lead to a discrepancy between sign and verify.
 2013-12-22 00:35:29 +00:00
Dr. Stephen Henson
560b34f2b0 Ignore NULL parameter in EVP_MD_CTX_destroy. 
(cherry picked from commit a6c62f0c25)
 2013-12-20 23:32:25 +00:00
Andy Polyakov
fc0503a25c sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. 
(and ensure stack alignment in the process)
 2013-12-18 22:12:08 +01:00
Andy Polyakov
e9c80e04c1 evp/e_[aes|camellia].c: fix typo in CBC subroutine. 
It worked because it was never called.
 2013-12-18 21:42:46 +01:00
Andy Polyakov
f0f4b8f126 PPC assembly pack update addendum. 2013-12-18 21:39:15 +01:00
Andy Polyakov
cdd1acd788 sha512.c: fullfull implicit API contract in SHA512_Transform. 
SHA512_Transform was initially added rather as tribute to tradition
than for practucal reasons. But use was recently found in ssl/s3_cbc.c
and it turned to be problematic on platforms that don't tolerate
misasligned references to memory and lack assembly subroutine.
 2013-12-18 21:27:35 +01:00
Andy Polyakov
128e1d101b PPC assembly pack: improve AIX support (enable vpaes-ppc). 2013-12-18 21:19:08 +01:00
Dr. Stephen Henson
4a253652ee Add opaque ID structure. 
Move the IP, email and host checking fields from the public
X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID
structure. By doing this the structure can be modified in future
without risk of breaking any applications.
(cherry picked from commit adc6bd73e3)

Conflicts:

	crypto/x509/x509_vpm.c
 2013-12-13 15:42:16 +00:00
Dr. Stephen Henson
102302b05b Fix for partial chain notification. 
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
 2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
8a1956f3ea Don't use rdrand engine as default unless explicitly requested. 
(cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f)
 2013-12-13 15:39:55 +00:00
Andy Polyakov
41965a84c4 x86_64-xlate.pl: minor update. 2013-12-09 21:23:19 +01:00
Andy Polyakov
ec9cc70f72 bn/asm/x86_64-mont5.pl: add MULX/AD*X code path. 
This also eliminates code duplication between x86_64-mont and x86_64-mont
and optimizes even original non-MULX code.
 2013-12-09 21:02:24 +01:00
Andy Polyakov
d1671f4f1a bn/asm/armv4-mont.pl: add NEON code path. 2013-12-04 22:37:49 +01:00
Andy Polyakov
26e18383ef perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX. 
Suggested by: Marcello Cerri
 2013-12-04 22:01:31 +01:00
Andy Polyakov
f586d97191 perlasm/ppc-xlate.pl: improve linux64le support. 
Suggested by: Marcello Cerri
 2013-12-04 21:47:43 +01:00
Andy Polyakov
a61e51220f aes/asm/vpaes-ppc.pl: comply with ABI. 2013-12-04 21:46:40 +01:00
Andy Polyakov
c5d5f5bd0f bn/asm/x86_64-mont5.pl: comply with Win64 ABI. 
PR: 3189
Submitted by: Oscar Ciurana
 2013-12-03 23:59:55 +01:00
Andy Polyakov
8bd7ca9996 crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. 2013-12-03 22:28:48 +01:00
Andy Polyakov
31ed9a2131 crypto/bn/rsaz*: fix licensing note. 
rsaz_exp.c: harmonize line terminating;
asm/rsaz-*.pl: minor optimizations.
 2013-12-03 22:08:29 +01:00
Andy Polyakov
6efef384c6 bn/asm/rsaz-x86_64.pl: fix prototype. 2013-12-03 09:43:06 +01:00
Andy Polyakov
89bb96e51d vpaes-ppc.pl: fix bug in IV handling and comply with ABI. 2013-11-29 14:40:51 +01:00
Andy Polyakov
b9e87d07cb ppc64-mont.pl: eliminate dependency on GPRs' upper halves. 2013-11-27 22:50:00 +01:00
Andy Polyakov
07f3e4f3f9 Take vpaes-ppc module into loop. 2013-11-27 22:39:13 +01:00
Andy Polyakov
b5c54c914f Add Vector Permutation AES for PPC. 2013-11-27 22:32:56 +01:00
Dr. Stephen Henson
0f7fa1b190 Constify. 
(cherry picked from commit 1abfa78a8b)
 2013-11-14 21:05:36 +00:00
Dr. Stephen Henson
afa23c46d9 Flag to disable automatic copying of contexts. 
Some functions such as EVP_VerifyFinal only finalise a copy of the passed
context in case an application wants to digest more data. Doing this when
it is not needed is inefficient and many applications don't require it.

For compatibility the default is to still finalise a copy unless the
flag EVP_MD_CTX_FLAG_FINALISE is set in which case the passed
context is finalised an *no* further data can be digested after
finalisation.
 2013-11-13 23:48:35 +00:00
Andy Polyakov
2df9ec01d5 srp/srp_grps.h: make it Compaq C-friendly. 
PR: 3165
Submitted by: Daniel Richard G.
 2013-11-12 22:09:55 +01:00
Andy Polyakov
5b63a39241 modes/asm/ghash-alpha.pl: fix typo. 2013-11-12 21:52:18 +01:00
Andy Polyakov
d1cf23ac86 Make Makefiles OSF-make-friendly. 
PR: 3165
 2013-11-12 21:51:37 +01:00
Dr. Stephen Henson
16bc45ba95 Fix memory leak. 2013-11-11 22:39:40 +00:00
Dr. Stephen Henson
85c9ba2342 Support setting of "no purpose" for trust. 
If the oid parameter is set to NULL in X509_add1_trust_object
create an empty list of trusted purposes corresponding to
"no purpose" if trust is checked.
 2013-11-11 22:39:23 +00:00
Dr. Stephen Henson
dd274b1c1c Fix for some platforms where "char" is unsigned. 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
da15c61608 Add CMS_SignerInfo_get0_signature function. 
Add function to retrieve the signature from a CMS_SignerInfo structure:
applications can then read or modify it.
 2013-11-09 15:09:23 +00:00
Dr. Stephen Henson
534e5fabad Check for missing components in RSA_check. 2013-11-09 15:09:23 +00:00
Andy Polyakov
33446493f4 modes/asm/ghash-alpha.pl: make it work with older assembler for real. 
PR: 3165
 2013-11-09 11:41:59 +01:00
Andy Polyakov
d24d1d7daf modes/asm/ghash-alpha.pl: make it work with older assembler. 
PR: 3165
 2013-11-08 22:56:44 +01:00
Dr. Stephen Henson
b0513fd2bb Initialise context before using it. 
(cherry picked from commit a4947e4e06)
 2013-11-06 13:19:13 +00:00
Ben Laurie
c10e3f0cff PBKDF2 should be efficient. Contributed by Christian Heimes 
<christian@python.org>.
 2013-11-03 17:23:50 +00:00
Robin Seggelmann
b814081136 DTLS/SCTP struct authchunks Bug 
PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit f596e3c491)
 2013-11-01 21:41:52 +00:00
Andy Polyakov
fb65e65e28 sha/asm/sha512-ppc.pl: fix typo. 
Submitted by: Marcelo Cerri
 2013-10-31 20:21:54 +01:00
Andy Polyakov
0e0a105364 perlas/ppc-xlate.pl: fix typo. 2013-10-31 11:58:50 +01:00
Andy Polyakov
c944f81703 aes/asm/aes-ppc.pl: add little-endian support. 
Submitted by: Marcelo Cerri
 2013-10-31 11:41:26 +01:00
Andy Polyakov
8ff8a829b0 perlasm/ppc-xlate.pl: add .quad directive 
sha/asm/sha512-ppc.pl: add little-endian support.

Submitted by: Marcelo Cerri
 2013-10-31 11:08:51 +01:00
Andy Polyakov
3f9562a669 sha/asm/sha1-ppc.pl: add little-endian support. 
Submitted by: Marcelo Cerri
 2013-10-31 11:07:38 +01:00
Andy Polyakov
4eeb750d20 bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache]. 2013-10-25 10:14:20 +02:00
Lubomir Rintel
ed77017b59 POD: Fix list termination 
This fixes problems in POD list formatting: extra or missing =back
sequences.

doc/ssl/SSL_CTX_set1_curves.pod around line 90: =back without =over
doc/ssl/SSL_CTX_set1_verify_cert_store.pod around line 73: =back without =over
doc/ssl/SSL_CTX_add1_chain_cert.pod around line 82: =back without =over
doc/crypto/evp.pod around line 40: '=item' outside of any '=over'
crypto/des/des.pod around line 184: You forgot a '=back' before '=head1'

PR#3147
 2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
c051e521a7 Time value for various platforms. 
The function gettimeofday() is not supported on all platforms. Use
more portable versions. Adapted from FIPS code.
 2013-10-20 22:07:36 +01:00
Andy Polyakov
76c15d790e PPC assembly pack: make new .size directives profiler-friendly. 
Suggested by: Anton Blanchard
 2013-10-15 23:40:12 +02:00
Dr. Stephen Henson
579a759071 Fix warning. 2013-10-15 11:33:30 +01:00
Dr. Stephen Henson
da317b94d9 Add test vectors from RFC7027 2013-10-15 11:33:30 +01:00
Dr. Stephen Henson
7f5fd314c0 Sync OID numbers with 1.0.2 branch. 2013-10-15 11:33:30 +01:00
Andy Polyakov
d6019e1654 PPC assembly pack: add .size directives. 2013-10-15 00:14:39 +02:00
Andy Polyakov
30b9c2348d bn/asm/*x86_64*.pl: correct assembler requirement for ad*x. 2013-10-14 22:41:00 +02:00
Andy Polyakov
039081b809 Initial aarch64 bits. 2013-10-13 19:15:15 +02:00
Andy Polyakov
0c2adb0a9b MIPS assembly pack: get rid of deprecated instructions. 
Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
 2013-10-13 13:14:52 +02:00
Andy Polyakov
b4f0abd246 evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB. 
Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.
 2013-10-12 22:10:28 +02:00
Andy Polyakov
7e1e3334f6 aes/asm/bsaes-x86_64.pl: fix Windows-specific bug in XTS. 
PR: 3139
 2013-10-12 21:37:55 +02:00
Andy Polyakov
fa104be35e bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache]. 2013-10-10 23:06:43 +02:00
Andy Polyakov
37de2b5c1e bn/bn_exp.c: prefer MULX/AD*X over AVX2. 2013-10-09 11:08:52 +02:00
Andy Polyakov
a69c0a1be5 evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs. 2013-10-08 23:39:26 +02:00
Andy Polyakov
b1de640f03 evp/evp.h: add multi-block contstants and parameter type. 2013-10-08 23:38:05 +02:00
Andy Polyakov
61ba602af5 sha/asm/sha*-mb-x86_64.pl: commentary update. 2013-10-08 23:36:55 +02:00
Ben Laurie
c45a48c186 Constification. 2013-10-07 12:45:26 +01:00
Andy Polyakov
6f6a613032 aes/asm/bsaes-*.pl: improve decrypt performance. 
Improve decrypt performance by 10-20% depending on platform. Thanks
to Jussi Kivilinna for providing valuable hint. Also thanks to Ard
Biesheuvel.
 2013-10-03 23:08:31 +02:00
Andy Polyakov
524b00c0da evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. 
Submitted by: Yuriy Kaminskiy
 2013-10-03 10:55:49 +02:00
Andy Polyakov
6b2cae0c16 perlasm/sparcv9_modes.pl: make it work even with seasoned perl. 
PR: 3130
 2013-10-03 10:42:11 +02:00
Andy Polyakov
a5bb5bca52 bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:45:04 +02:00
Andy Polyakov
87954638a6 rsaz-x86_64.pl: add MULX/ADCX/ADOX code path. 2013-10-03 00:30:12 +02:00
Andy Polyakov
667053a2f3 x86_64-xlate.pl: fix jrcxz in nasm case. 2013-10-03 00:26:09 +02:00
Andy Polyakov
7f893258f6 evp/e_aes_cbc_hmac_sha*.c: multi-block glue code. 2013-10-03 00:24:03 +02:00
Andy Polyakov
6bcb68da41 Configire: take multi-block modules into build loop. 2013-10-03 00:21:10 +02:00
Andy Polyakov
b783858654 x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256. 2013-10-03 00:18:58 +02:00
Andy Polyakov
5f487e0317 evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX. 2013-10-03 00:16:51 +02:00
Andy Polyakov
066caf0551 aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains. 
Suggested by: Ard Biesheuvel
 2013-10-01 20:33:06 +02:00
Ben Laurie
3cd8547a20 Mix time into the pool to avoid repetition of the Android duplicated PID problem. 2013-09-20 16:52:07 +01:00
Ben Laurie
79b9209883 More diagnostics for invalid OIDs. 2013-09-20 14:38:36 +01:00
Andy Polyakov
e0202d946d aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support. 
Submitted by: Ard Biesheuvel
 2013-09-20 13:22:57 +02:00
Dr. Stephen Henson
94c2f77a62 Add functions to set ECDSA_METHOD structure. 
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
 2013-09-18 01:22:50 +01:00
Bodo Moeller
ca567a03ad Fix overly lenient comparisons: 
- EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope
 2013-09-16 12:59:21 +02:00
Andy Polyakov
8e52a9063a crypto/armcap.c: fix typo in rdtsc subroutine. 
PR: 3125
Submitted by: Kyle McMartin
 2013-09-15 22:07:49 +02:00
Andy Polyakov
612f4e2384 bsaes-armv7.pl: remove partial register operations in CTR subroutine. 2013-09-15 19:47:51 +02:00
Andy Polyakov
29f41e8a80 bsaes-armv7.pl: remove byte order dependency and minor optimization. 2013-09-15 19:44:43 +02:00
Ard Biesheuvel
a2ea9f3ecc Added support for ARM/NEON based bit sliced AES in XTS mode 
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2013-09-15 19:37:16 +02:00
Ben Laurie
edf92f1c41 Constification. 2013-09-10 18:04:08 +01:00
Andy Polyakov
7a1a12232a crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization. 
Avoid occasional up to 8% performance drops.
 2013-09-09 21:43:21 +02:00
Andy Polyakov
72a158703b crypto/bn/asm/x86_64-mont.pl: minor optimization. 2013-09-09 21:40:33 +02:00
Dr. Stephen Henson
52073b7675 Partial path fix. 
When verifying a partial path always check to see if the EE certificate
is explicitly trusted: the path could contain other untrusted certificates.
 2013-09-08 19:26:59 +01:00
Scott Deboy
36086186a9 Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
 2013-09-06 13:59:13 +01:00
Veres Lajos
478b50cf67 misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
Ben Laurie
a0aaa5660a Fix compile errors. 2013-08-21 04:21:42 +01:00
Dr. Stephen Henson
14536c8c9c Make no-ec compilation work. 2013-08-17 17:41:13 +01:00
Kaspar Brand
5ae8d6bcba Fix for PEM_X509_INFO_read_bio. 
PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
 2013-08-06 16:01:47 +01:00
Dr. Stephen Henson
bd59f2b91d CMS RFC2631 X9.42 DH enveloped data support. 2013-08-05 16:23:13 +01:00
Dr. Stephen Henson
dc1ce3bc64 Add KDF for DH. 
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.

Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
3909087801 Extend DH parameter generation support. 
Add support for DH parameter generation using DSA methods including
FIPS 186-3.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
d3cc91eee2 Enhance DH dup functions. 
Make DHparams_dup work properly with X9.42 DH parameters.
 2013-08-05 15:45:01 +01:00
Dr. Stephen Henson
c9577ab5ea If present print j, seed and counter values for DH 2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
3f6b6f0b8c Minor optimisation to KDF algorithm. 
Don't need to use temporary buffer if remaining length equals digest length.
 2013-08-05 15:45:00 +01:00
Dr. Stephen Henson
e61f5d55bc Algorithm parameter support. 
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
 2013-08-05 15:45:00 +01:00
Andy Polyakov
a59f436295 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. 
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
 2013-08-03 17:09:06 +02:00
Andy Polyakov
fd8ad019e1 crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin. 2013-08-03 16:28:50 +02:00
Andy Polyakov
006784378d crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI. 2013-07-31 23:50:15 +02:00
Dr. Stephen Henson
584ac22110 Make ecdsatest work with nonces. 
Update ecdsatest to use ECDSA_sign_setup and ECDSA_sign_ex, this
avoids the nonce generation which would otherwise break the test.

Reinstate ecdsatest.
 2013-07-19 14:11:43 +01:00
Dr. Stephen Henson
41b920ef01 Return correct enveloped data type in ASN1 methods. 
For RSA and DSA keys return an appropriate RecipientInfo type. By setting
CMS_RECIPINFO_NONE for DSA keys an appropriate error is returned if
an attempt is made to use DSA with enveloped data.
 2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
88e20b8584 Add support for ECDH KARI. 
Add support for ECDH in enveloped data. The CMS ctrls for the EC ASN1
method decode/encode the appropriate parameters from the CMS ASN1 data
and send appropriate data to the EC public key method.
 2013-07-17 21:45:01 +01:00
Dr. Stephen Henson
25af7a5dbc Add support for X9.62 KDF. 
Add X9.62 KDF to EC EVP_PKEY_METHOD.
 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
6af440ced4 Add new OIDs from RFC5753 
Add OIDs for KDF schemes from RFC5753 and add cross references for
each type and the appropriate digest to use.
 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
17c2764d2e CMS support for key agreeement recipient info. 
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
ff7b6ce9db Set CMS EnvelopedData version correctly. 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
97cf1f6c28 EVP support for wrapping algorithms. 
Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt
 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
415ece7301 Typo. 2013-07-17 21:45:00 +01:00
Dr. Stephen Henson
8d6a75dc3a Avoid need to change function code. 
Keep original function names for nonce versions so we don't have to change
error function codes.
 2013-07-17 21:45:00 +01:00
Adam Langley
190c615d43 Make `safe' (EC)DSA nonces the default. 
This change updates 8a99cb29 to make the generation of (EC)DSA nonces
using the message digest the default. It also reverts the changes to
(EC)DSA_METHOD structure.

In addition to making it the default, removing the flag from EC_KEY
means that FIPS modules will no longer have an ABI mismatch.
 2013-07-15 12:57:48 +01:00
Andy Polyakov
5c57c69f9e bn/asm/rsaz-avx2.pl: Windows-specific fix. 2013-07-12 18:59:17 +02:00
Dr. Stephen Henson
4b26645c1a Fix verify loop with CRL checking. 
PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
 2013-07-12 17:48:41 +01:00
Ben Laurie
852f837f5e s/rsaz_eligible/rsaz_avx2_eligible/. 2013-07-12 12:47:39 +01:00
Andy Polyakov
241fba4ea9 sha512-586.pl: fix typo. 
Submitted by: Gisle Vanem
 2013-07-10 09:59:25 +02:00
Andy Polyakov
f5b132d652 Remove RSAX engine, superseded by RSAZ module. 2013-07-05 22:11:28 +02:00
Andy Polyakov
ca48ace5c5 Take RSAZ modules into build loop, add glue and engage. 
RT: 2582, 2850
 2013-07-05 21:39:47 +02:00
Andy Polyakov
0b4bb91db6 Add RSAZ assembly modules. 
RT: 2582, 2850
 2013-07-05 21:30:18 +02:00
Andy Polyakov
26e43b48a3 bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family. 2013-07-05 21:10:56 +02:00
Andy Polyakov
cbce8c4644 bn/bn_exp.c: harmonize. 2013-07-05 20:52:58 +02:00
Dr. Stephen Henson
e0f7cfda68 Initialise CMS signature buffer length properly. 2013-07-02 22:12:19 +01:00
Andy Polyakov
b74ce8d948 bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca. 2013-06-30 23:09:09 +02:00
Andy Polyakov
a9d14832fd x86_64-xlate.pl: Windows fixes. 2013-06-30 23:07:33 +02:00
Andy Polyakov
42386fdb62 aesni-sha256-x86_64.pl: fix typo in Windows SEH. 2013-06-30 23:06:28 +02:00
Dr. Stephen Henson
0574cadf85 CMS RSA-OAEP and RSA-PSS support. 
Extend RSA ASN1 method to support CMS PSS signatures for both sign
and verify.

For signing the EVP_PKEY_CTX parameters are read and the appropriate
CMS structures set up.

For verification the CMS structures are analysed and the corresponding
parameters in the EVP_PKEY_CTX set.

Also add RSA-OAEP support.

For encrypt the EVP_PKEY_CTX parameters are used.

For decrypt the CMS structure is uses to set the appropriate EVP_PKEY_CTX
parameters.
 2013-06-21 23:43:05 +01:00
Dr. Stephen Henson
e365352d6a CMS public key parameter support. 
Add support for customisation of CMS handling of signed and enveloped
data from custom public key parameters.

This will provide support for RSA-PSS and RSA-OAEP but could also be
applied to other algorithms.
 2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
211a14f627 Update to OAEP support. 
Add OAEP ctrls to retrieve MD and label. Return errors if
an attempt is made to set or retrieve OAEP parameters when
padding mode is not OAEP.
 2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
810639536c Add control to retrieve signature MD. 2013-06-21 21:33:00 +01:00
Dr. Stephen Henson
e423c360fd Add new OID to pSpecified from PKCS#1 2013-06-21 21:33:00 +01:00
Andy Polyakov
8ee3c7e676 SPARC T4 DES support: fix typo. 2013-06-18 10:42:08 +02:00
Andy Polyakov
4ddacd9921 Optimize SPARC T4 MONTMUL support. 
Improve RSA sing performance by 20-30% by:
- switching from floating-point to integer conditional moves;
- daisy-chaining sqr-sqr-sqr-sqr-sqr-mul sequences;
- using MONTMUL even during powers table setup;
 2013-06-18 10:39:38 +02:00
Andy Polyakov
02450ec69d PA-RISC assembler pack: switch to bve in 64-bit builds. 
PR: 3074
 2013-06-18 10:37:00 +02:00
Adam Langley
8a99cb29d1 Add secure DSA nonce flag. 
This change adds the option to calculate (EC)DSA nonces by hashing the
message and private key along with entropy to avoid leaking the private
key if the PRNG fails.
 2013-06-13 17:26:07 +01:00
Adam Langley
a54a61e7a9 Don't SEGFAULT when trying to export a public DSA key as a private key. 2013-06-13 17:03:35 +01:00
Dr. Stephen Henson
271fef0ef3 Exetended OAEP support. 
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
 2013-06-12 18:48:17 +01:00
Dr. Stephen Henson
965e06da3c Typo. 2013-06-12 18:47:28 +01:00
Andy Polyakov
3b848d3401 aesni-sha1-x86_64.pl: update performance data. 2013-06-10 22:35:22 +02:00
Andy Polyakov
42b9a4177b aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl. 2013-06-10 22:34:06 +02:00
Andy Polyakov
cd8d7335af sha1-x86_64.pl: add AVX2+BMI code path. 2013-06-10 22:30:34 +02:00
Andy Polyakov
c7f690c243 sha512-x86_64.pl: upcoming-Atom-specific optimization. 2013-06-10 22:29:01 +02:00
Andy Polyakov
32213d8d77 sha[256|512]-586.pl: add more SIMD code paths. 2013-06-10 22:26:53 +02:00
Andy Polyakov
b42759158d ghash-x86_64.pl: add Haswell performance data. 2013-06-10 22:25:12 +02:00
Andy Polyakov
1bc0b68d7b x86cpuid.pl: fix extended feature flags detection. 2013-06-10 22:20:46 +02:00
Dr. Stephen Henson
2f58cda4ce Fix PSS signature printing. 
Fix PSS signature printing: consistently use 0x prefix for hex values for
padding length and trailer fields.
 2013-06-05 15:06:03 +01:00
Dr. Stephen Henson
c71fdaed58 Reencode with X509_CRL_ctx_sign too. 2013-06-05 15:06:03 +01:00
Adam Langley
96a4c31be3 Ensure that, when generating small primes, the result is actually of the 
requested size. Fixes OpenSSL #2701.

This change does not address the cases of generating safe primes, or
where the |add| parameter is non-NULL.

Conflicts:
	crypto/bn/bn.h
	crypto/bn/bn_err.c
 2013-06-04 18:52:30 +01:00
Adam Langley
2b0180c37f Ensure that x**0 mod 1 = 0. 2013-06-04 18:47:11 +01:00
Adam Langley
7753a3a684 Add volatile qualifications to two blocks of inline asm to stop GCC from 
eliminating them as dead code.

Both volatile and "memory" are used because of some concern that the compiler
may still cache values across the asm block without it, and because this was
such a painful debugging session that I wanted to ensure that it's never
repeated.
 2013-06-04 18:46:25 +01:00
Ben Laurie
5dcd2deb3e Remove added ;. 2013-06-04 17:27:18 +01:00
Ben Laurie
b25b8417a7 Missing prototypes. 2013-06-04 16:34:45 +01:00
Andy Polyakov
b69437e1e5 crypto/bn/bn_exp.c: SPARC portability fix. 2013-06-01 09:58:07 +02:00
Andy Polyakov
36df342f9b aesni-x86_64.pl: optimize XTS. 
PR: 3042
 2013-05-25 19:23:09 +02:00
Andy Polyakov
4df2280b4f aesni-sha1-x86_64.pl: Atom-specific optimization. 2013-05-25 19:08:39 +02:00
Andy Polyakov
504bbcf3cd sha512-x86_64.pl: +16% optimization for Atom. 
(and pending AVX2 changes).
 2013-05-25 19:02:57 +02:00
Andy Polyakov
988d11b641 vpaes-x86[_64].pl: minor Atom-specific optimization. 2013-05-25 18:57:03 +02:00
Andy Polyakov
8a97a33063 Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
Andy Polyakov
22de0e6583 x86_64-xlate.pl: minor size/performance improvement. 2013-05-13 16:06:25 +02:00
Andy Polyakov
cd54249c21 aesni-x86_64.pl: minor CTR performance improvement. 2013-05-13 15:49:03 +02:00
Dr. Stephen Henson
c6d8adb8a4 Reencode certificates in X509_sign_ctx. 
Reencode certificates in X509_sign_ctx as well as X509_sign.

This was causing a problem in the x509 application when it modified an
existing certificate.
 2013-05-02 12:19:40 +01:00
Andy Polyakov
9575d1a91a bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks. 
Submitted by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Contributor claims ~50% improvement in CTR and ~9% in CBC decrypt
on Cortex-A15.
 2013-04-23 17:52:14 +02:00
Andy Polyakov
75fe422323 bsaes-armv7.pl: take it into build loop. 2013-04-23 17:49:54 +02:00
Andy Polyakov
3bdd80521a crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7. 
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.
 2013-04-13 20:57:37 +02:00
Ben Laurie
282a480a35 Fix warnings. 2013-04-06 15:08:44 +01:00
Andy Polyakov
99cda4376e cryptlib.c: fix typo in OPENSSL_showfatal. 2013-04-04 15:57:43 +02:00
Andy Polyakov
73325b221c aesni-x86_64.pl: optimize CBC decrypt. 
Give CBC decrypt approximately same treatment as to CTR and collect 25%.
 2013-04-04 15:56:23 +02:00
Andy Polyakov
a42abde699 e_aes.c: reserve for future extensions. 2013-04-04 15:55:49 +02:00
Andy Polyakov
64f7e2c4c0 gcm128.c: fix linking problems in 32-bit Windows build. 2013-04-04 15:54:58 +02:00
Andy Polyakov
7f97d57236 dest4-sparcv9.pl: add clarification comment. 2013-04-04 15:54:08 +02:00
Andy Polyakov
c9a8e3d1c7 evptests.txt: add XTS test vectors 2013-04-04 15:53:01 +02:00
Dr. Stephen Henson
0ded2a0689 Typo. 2013-03-31 17:42:46 +01:00
Andy Polyakov
c5d975a743 Add support for SPARC T4 DES opcode. 2013-03-31 14:32:05 +02:00
Andy Polyakov
d8f3ed2306 des_enc.m4: add missing #include. 
Submitted by: David Miller
 2013-03-31 14:07:48 +02:00
Andy Polyakov
4e049c5259 Add AES-NI GCM stitch. 2013-03-29 20:45:33 +01:00
Andy Polyakov
b4a9d5bfe8 aesni-x86_64.pl: fix typo and optimize small block performance. 2013-03-29 18:54:24 +01:00
Matt Caswell
94782e0e9c Make binary curve ASN.1 work in FIPS mode. 
Don't check for binary curves by checking methods: the values will
be different in FIPS mode as they are redirected to the validated module
version.
 2013-03-26 16:56:50 +00:00
Andy Polyakov
6c79faaa9d aesni-x86_64.pl: optimize CTR even further. 
Based on suggestions from Shay Gueron and Vlad Krasnov.
PR: 3021
 2013-03-26 14:29:18 +01:00
Andy Polyakov
1da5d3029e ghash-x86_64.pl: add AVX code path. 2013-03-24 23:44:35 +01:00
Andy Polyakov
1bc4d009e1 aesni-x86_64.pl: optimize CTR even further. 2013-03-19 20:03:02 +01:00
Andy Polyakov
fbf7c44bbf ghash-x86_64.pl: minor optimization. 2013-03-19 20:02:11 +01:00
Andy Polyakov
5c60046553 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. 
PR: 3002
 2013-03-18 19:29:41 +01:00
Dr. Stephen Henson
5de18d5d0d Encode INTEGER correctly. 
If an ASN1_INTEGER structure is allocated but not explicitly set encode
it as zero: don't generate an invalid zero length INTEGER.
(cherry picked from commit 1643edc63c)
 2013-03-18 14:22:08 +00:00
Andy Polyakov
ca303d333b evptests.txt: additional GCM test vectors. 2013-03-06 19:24:05 +01:00
Dr. Stephen Henson
15652f9825 GCM and CCM test support 
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
 2013-03-06 16:15:42 +00:00
Dr. Stephen Henson
95248de327 Add CCM ciphers to tables. 2013-03-06 16:15:42 +00:00
Andy Polyakov
28997596f2 ghash-x86_64.pl: fix length handling bug. 
Thanks to Shay Gueron & Vlad Krasnov for report.
 2013-03-06 10:42:21 +01:00
Andy Polyakov
5702e965d7 x86cpuid.pl: make it work with older CPUs. 
PR: 3005
 2013-03-04 20:05:04 +01:00
Ben Laurie
4e2322892b Override local vars for MINFO build. 2013-03-04 14:31:18 +00:00
Ben Laurie
ea5003bd1e Include correctly. 2013-03-04 14:31:18 +00:00
Andy Polyakov
342dbbbe4e x86_64-gf2m.pl: fix typo. 2013-03-01 22:36:36 +01:00
Andy Polyakov
7c43601d44 x86_64-gf2m.pl: add missing Windows build fix for #2963. 
PR: 3004
 2013-03-01 21:43:10 +01:00
Ben Laurie
e46a281de5 Missing files target. 2013-02-26 21:51:13 +00:00
Dr. Stephen Henson
e1f1d28f34 Add function CMS_RecipientInfo_encrypt 
Add CMS_RecipientInfo_encrypt: this function encrypts an existing content
encryption key to match the key in the RecipientInfo structure: this is
useful if a new recpient is added to and existing enveloped data structure.

Add documentation.
 2013-02-26 16:59:56 +00:00
Ben Laurie
975dfb1c6c make depend. 2013-02-21 18:17:38 +00:00
Andy Polyakov
47edeb9f59 sha256-586.pl: code refresh. 2013-02-15 11:23:06 +01:00
Andy Polyakov
35c77b7303 sha1-586.pl: code refresh. 2013-02-14 22:20:17 +01:00
Andy Polyakov
273a808180 ghash-x86[_64].pl: code refresh. 2013-02-14 16:28:09 +01:00
Andy Polyakov
7c9e81be40 [aesni-]sha1-x86_64.pl: code refresh. 2013-02-14 16:14:02 +01:00
Andy Polyakov
c4558efbf3 sha512-x86_64.pl: add AVX2 code path. 2013-02-14 15:39:42 +01:00
Andy Polyakov
750398acd8 bn_nist.c: work around clang 3.0 bug. 2013-02-14 09:51:41 +01:00
Andy Polyakov
3caeef94bd sparccpuid.S: work around emulator bug on T1. 2013-02-11 10:39:50 +01:00
Andy Polyakov
2141e6f30b e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. 
It also ensures that valgring is happy.
 2013-02-08 10:31:13 +01:00
Andy Polyakov
1041ab696e e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. 
(cherry picked from commit 529d27ea47)
 2013-02-06 14:19:11 +00:00
Andy Polyakov
9970308c88 e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
 2013-02-06 14:19:10 +00:00
Ben Laurie
2acc020b77 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
 2013-02-06 14:19:07 +00:00
Ben Laurie
7c770d572a Add and use a constant-time memcmp. 
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)
 2013-02-06 14:16:55 +00:00
Andy Polyakov
4568182a8b x86_64 assembly pack: keep making Windows build more robust. 
PR: 2963 and a number of others
 2013-02-02 19:54:59 +01:00
Dr. Stephen Henson
1703627ba8 Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set 2013-01-23 01:09:38 +00:00
Andy Polyakov
46bf83f07a x86_64 assembly pack: make Windows build more robust. 
PR: 2963 and a number of others
 2013-01-22 22:27:28 +01:00
Andy Polyakov
543fd85460 bn/asm/mips.pl: hardwire local call to bn_div_words. 2013-01-22 21:13:37 +01:00
Andy Polyakov
1598af9ac9 sha512-ppc.pl: minimize stack frame. 2013-01-22 21:09:14 +01:00
Dr. Stephen Henson
f20c673d0d Don't include comp.h if no-comp set. 2013-01-20 02:34:25 +00:00
Andy Polyakov
a006fef78e Improve WINCE support. 
Submitted by: Pierre Delaage
 2013-01-19 21:23:13 +01:00
Ben Laurie
6f0a93b069 Merge branch 'master' of openssl.net:openssl 2013-01-19 17:35:41 +00:00
Andy Polyakov
d4571f43e8 sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores. 2013-01-19 17:22:05 +01:00
Ben Laurie
a6bbbf2ff5 Make "make depend" work on MacOS out of the box. 2013-01-19 14:14:30 +00:00
Ben Laurie
08e5536445 Fix some clang warnings. 2013-01-13 21:04:39 +00:00
Ben Laurie
f00c54ae2e Fix warning. 2013-01-06 19:03:48 +00:00
Dr. Stephen Henson
c1faa8b5b2 make no-comp compile 2012-12-30 16:04:51 +00:00
Dr. Stephen Henson
bdcf772aa5 Portability fix: use BIO_snprintf and pick up strcasecmp alternative 
definitions from e_os.h
 2012-12-26 23:51:56 +00:00
Dr. Stephen Henson
2dabd82236 Make partial chain checking work if we only have the EE certificate in 
the trust store.
 2012-12-21 18:31:32 +00:00
Dr. Stephen Henson
0028a23b9f revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility 2012-12-20 18:51:00 +00:00