Commit graph

23262 commits

Author SHA1 Message Date
Richard Levitte
91c5473035 ERR: preserve system error number in a few more places
It turns out that intialization may change the error number, so we
need to preserve the system error number in functions where
initialization is called for.
These are ERR_get_state() and err_shelve_state()

Fixes #7897

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7902)
2018-12-14 19:33:55 +01:00
Todd Short
9a3b5b7664 Fixes #7879: AES-SIV to use EVP_MAC APIs
Convert CMAC APIs to EVP_MAC APIs

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7891)
2018-12-13 11:09:15 -05:00
Mansour Ahmadi
4128136a28 Add missing OPENSSL_clear_free before using ec->key
Fixes #7657

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7877)
2018-12-13 10:04:57 +00:00
Mansour Ahmadi
55833a8de7 add missing check for BN_mod_inverse
Fixes #7650

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7876)
2018-12-13 09:54:54 +00:00
Mansour Ahmadi
4fea7005c3 fix inconsistent flen check in rsa_pk1 and rsa_oaep
Fixes #7117

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7880)
2018-12-13 09:43:07 +00:00
Rich Salz
ee4afacd96 Ignore duplicated undocumented things
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7423)
2018-12-13 14:53:48 +08:00
Richard Levitte
e436664828 VMS build: better treatment of .S -> .obj compilation
It turned out that .S files aren't to be treated as lightly as I
thought.  They need to go through a preprocessing step, which .s files
don't need to.

Corrects #7703

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7889)
2018-12-12 21:37:11 +01:00
Dr. Matthias St. Pierre
00eb879f74 doc/man3: remove copy&paste leftover
Fixes #7883

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7884)
2018-12-12 20:01:52 +01:00
Jakub Jelen
829800b073 Use the correct function name
CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7887)
2018-12-12 11:27:56 +01:00
Richard Levitte
7a8a35ff0c Fix error in processing $target{enable}
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7885)
2018-12-12 11:10:12 +01:00
Tobias Stoeckmann
143b631639 Fixed typo (vi leftover).
There was a trailing :w at a line, which didn't make sense in context
of the sentence/styling. Removed it, because I think it's a leftover
vi command.

CLA: trivial
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7875)
2018-12-12 10:35:07 +01:00
Todd Short
b1ceb439f2 Add RFC5297 AES-SIV support
Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)
2018-12-12 08:16:10 +10:00
Matt Caswell
6de98b4fb6 Add an Ed448 malleability test
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)
2018-12-11 11:53:55 +00:00
Matt Caswell
08afd2f37a Disallow Ed448 signature malleability
Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7

Fixes #7706

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)
2018-12-11 11:53:55 +00:00
nxtstep
275a7b9e5e typo ANS1 -> ASN1
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7857)
2018-12-11 20:57:31 +10:00
Richard Levitte
72818ef005 util/mkdef.pl: Remove a ';' that snuck in
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7868)
2018-12-11 11:30:15 +01:00
Richard Levitte
539ea812c7 Configuration: $config{shlib_version_number} -> $config{shlib_version}
This was forgotten in a few places

Fixes #7862

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7865)
2018-12-11 10:34:53 +01:00
Richard Levitte
07f434441e apps/tsget.in: use the full version in the user agent string
Fixes #7861

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7866)
2018-12-10 20:09:17 +01:00
Richard Levitte
d1c87578a2 VMS: fix library compatibility settings in util/mkdef.pl
The regexp to parse the incoming version number was flawed, and since
we allow ourselves to add missing APIs in PATCH releases, the
compatibility settings still need to include the PATCH part of the
version number.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7858)
2018-12-10 13:42:41 +01:00
Eneas U de Queiroz
2bafe6cfed eng_devcrypto: add command to dump driver info
This is useful to determine the kernel driver running each algorithm.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
166261a5e9 eng_devcrypto: add configuration options
USE_SOFTDRIVERS: whether to use software (not accelerated) drivers
CIPHERS: list of ciphers to enable
DIGESTS: list of digests to enable

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
b2db94d1d0 eng_devcrypto: save ioctl if EVP_MD_..FLAG_ONESHOT
Since each ioctl causes a context switch, slowing things down, if
EVP_MD_CTX_FLAG_ONESHOT is set, then:
 - call the ioctl in digest_update, saving the result; and
 - just copy the result in digest_final, instead of using another ioctl.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
16e252a01b eng_devcrypto: make sure digest can do copy
Digest must be able to do partial-state copy to be used.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
b5015e834a eng_devcrypto: fix ctr mode
Make CTR mode behave like a stream cipher.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
6d99e23839 eng_devcrypto: add cipher CTX copy function
The engine needs a custom cipher context copy function to open a new
/dev/crypto session.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
a67203a19d eng_devcrypto: close session on cleanup, not final
Close the session in digest_cleanup instead of digest_final.  A failure
in closing the session does not mean a previous successful digest final
has failed as well.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
ae8183690f eng_devcrypto: fix copy of unitilialized digest
If the source ctx has not been initialized, don't initialize the copy
either.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
4d9f996544 eng_devcrypto: expand digest failure cases
Return failure when the digest_ctx is null in digest_update and
digest_final, and when md is null in digest_final.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
d9d4dff5c6 eng_devcrypto: don't leak methods tables
Call functions to prepare methods after confirming that /dev/crytpo was
sucessfully open and that the destroy function has been set.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Eneas U de Queiroz
eb3fe0ee54 INSTALL: add note about devcrypto engine
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Matt Caswell
7ffb7fbe8c Document the num_tickets s_server option
Fixes #7727

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7756)
2018-12-10 11:07:56 +00:00
Matt Caswell
3cb4e7dc1c Preserve errno on dlopen
For the same reasons as in the previous commit we must preserve errno
across dlopen calls. Some implementations (e.g. solaris) do not preserve
errno even on a successful dlopen call.

Fixes #6953

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
2018-12-10 10:17:43 +00:00
Matt Caswell
71b1ceffc4 Make sure build_SYS_str_reasons() preserves errno
This function can end up being called during ERR_get_error() if we are
initialising. ERR_get_error() must preserve errno since it gets called via
SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
supposed to inspect errno.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7680)
2018-12-10 10:17:43 +00:00
Richard Levitte
f2f734d4f9 make update
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
2018-12-10 10:07:15 +01:00
Richard Levitte
a8bf2f8f24 Prevent calling decryption in an encryption context and vice versa
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)
2018-12-10 10:07:15 +01:00
Viktor Dukhovni
1057c2c39f Cleaner disposal of ephemeral engine ids and names
Engine names and ids are typically static strings.  If an application
actually dynamically allocated these, the application owns the
storage, and should dispose of it via the original handle, rather
than the "const char *" returned by the engine.

In any case, this resolves the test code issue without resort to
"unconst" macros/casts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-12-09 22:02:48 -05:00
Viktor Dukhovni
9b34028187 Eliminate NOP cast
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-12-09 22:02:48 -05:00
Christos Zoulas
73ff6d6847 change into hex string constants to avoid overflow warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:51 -05:00
Christos Zoulas
ec91206fbe Add a format attribute to the format functions and fix the broken format
strings.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
5db120dc35 Fix const issues
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
bda1f0c0d6 Avoid const castaway warning
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
d8adf68cd6 Use a const variable
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:50 -05:00
Christos Zoulas
8343229bc4 Use the proper fonst cast
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
82f518acee don't pass const string where a modifyable string is expected
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
706a8af015 add missing "void" in prototype.
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
15f77f2cae add missing const in cast
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:49 -05:00
Christos Zoulas
4b6ae3c3c2 add missing const
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:48 -05:00
Christos Zoulas
f53537b1fa use the proper types to eliminate casts
Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2018-12-09 22:02:48 -05:00
Andy Polyakov
91d0fd1c27 err/err.c: improve err_clear_last_constant_time's portability.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7850)
2018-12-08 12:34:18 +01:00
terry zhao
97c213814b Update kmac.c
fix nmake compiler error

```
crypto\kmac\kmac.c : warning treated as error - no object file generated
crypto\kmac\kmac.c : warning C4819: The file contains a character that cannot be represented in the current code page (936). Save the file in Unicode format to prevent data loss
```

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7846)
2018-12-08 11:00:18 +01:00