The macros BSWAP4 and BSWAP8 have statetemnt expressions
implementations that use local variable names that shadow variables
outside the macro call, generating warnings like this
e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable
[-Wshadow]
seqnum = BSWAP8(blocks[0].q[0]);
^
../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8'
^
e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here
size_t ret = 0;
^
Have clang be quiet by modifying the macro variable names slightly
(suffixing them with an underscore).
Reviewed-by: Rich Salz <rsalz@openssl.org>
With no more symlinks, there's no need for those variables, or the links
target. This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.
Also, removed METHTEST from test/Makefile. It looks like an old test that's
forgotten...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap
with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at
that time:
- crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly,
and the function immediately returns 'ret' in (almost) all cases.
This makes the IV checking code later in the function unreachable, but
callers think the IV check succeeded since CRYPTO_128_unwrap()'s
return value is non-zero.
FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error).
- crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to
the first 8 bytes of the output buffer ('out') as the IV checking code
expects. This makes the IV check fail.
FIX: Compare 'iv' to 'got_iv', not 'out'.
- The data written to the output buffer ('out') is "cleansed" if the IV
check fails, but the code passes OPENSSL_cleanse() the input buffer
length ('inlen') instead of the number of bytes that
crypto_128_unwrap_raw() wrote to the output buffer ('ret'). This
means that OPENSSL_cleanse() could potentially write past the end of
'out'.
FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call.
- CRYPTO_128_unwrap() is returning the length of the input buffer
('inlen') instead of the number of bytes written to the output buffer
('ret'). This could cause the caller to read past the end of 'out'.
FIX: Return 'ret' instead of 'inlen' at the end of the function.
PR#3749
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:
ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.
This commit fixes the issue by explicitly casting to an unsigned int.
Reviewed-by: Richard Levitte <levitte@openssl.org>
According to RFC 5649 section 4.1 step 1) we should not add padding
if plaintext length is multiply of 8 ockets.
This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F
on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2.
PR#3675
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
on affected platforms (PowerPC and AArch64).
For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: Rich Salz <rsalz@openssl.org>
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add support for RFC5649 key wrapping with padding.
Add RFC5649 tests to evptests.txt
Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.
EVP support and minor changes added by Stephen Henson.
Doxygen comment block updates by Tim Hudson.
Reviewed-by: Tim Hudson <tjh@openssl.org>
