Commit graph

8681 commits

Author SHA1 Message Date
Kurt Roeckx
676befbeb7 Print the X509 version signed, and convert to unsigned for the hex version.
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
2017-01-10 22:27:37 +01:00
Richard Levitte
d95743047e Only enable CRYPTO_3DES_ECB if that name is an existing macro
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
2017-01-10 14:59:39 +01:00
Richard Levitte
374d543f29 Small fixes of cryptodev engine
- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
2017-01-10 14:59:39 +01:00
Iaroslav Gridin
f61c5ca6ca use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
349b653a99 fix for BSD cryptodev
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
2c5998dde6 Remove commented-out HMAC code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
098eb1a7b7 Style the code
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
807d21066f Remove unused ret variable
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
60cd1196a2 Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Iaroslav Gridin
f53e067451 Add AES-ECB and 3DES-ECB to cryptodev
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
f8e7fbd53f cryptodev: allow copying EVP contexts
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
efcad82bb8 cryptodev: Fix issue with signature generation
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
2017-01-10 08:21:45 +01:00
Bernd Edlinger
c6d215e0d2 Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
2017-01-09 22:23:31 +01:00
Dr. Stephen Henson
c82bafc52e fix a few more style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
f291138bbe Remove unnecessary frees and style fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
bc1ea030ef Use more desciptive macro name rsa_pss_restricted()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
b6b885c6b9 style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
285c7d9cdf free str on error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
568b9cdc64 clarify comment
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
52ad523c0e fix various style issues
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Dr. Stephen Henson
23b6699ecc make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
635fe50fcd add parameter error
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
f7a21d85b6 Set EVP_PKEY_CTX in SignerInfo
If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
08be0331c3 Only allow PSS padding for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
b35b8d116b Decode parameters properly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
186e48cd1b Return errors PKCS#7/CMS enveloped data ctrls and PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
59029ca113 Add PSS parameter restrictions.
If a key contains any PSS parameter restrictions set them during
sign or verification initialisation. Parameters now become the
default values for sign/verify. Digests are fixed and any attempt
to change them is an error. The salt length can be modified but
must not be less than the minimum value.

If the key parameters are invalid then verification or signing
initialisation returns an error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
cb49e7497a Initial parameter restrictions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
cfd81c6d75 Add rsa_pss_get_param.
New function rsa_pss_get_param to extract and sanity check PSS parameters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
53d2260c40 Don't allow PKCS#7/CMS encrypt with PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
87ee7b22b6 Add macros to determine if key or ctx is PSS.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
a300c7256e Support pad mode get/set for PSS keys.
Pad mode setting returns an error if the mode is anything other then PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
e64b2b5c83 Key gen param support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:48 +00:00
Dr. Stephen Henson
ad4b3d0a65 Set PSS padding mode for PSS keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
410877bad2 Digest string helper function.
New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
e5e04ee398 Support RSA operations in PSS.
Add support for common operations in PSS by adding a new function
RSA_pkey_ctx_ctrl() which calls EVP_PKEY_CTX_ctrl if the key type
is RSA or PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
6577e00892 PSS EVP_PKEY method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
9503ed8b8b RSA-PSS key printing.
Print out RSA-PSS key parameters if present.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
42009ae882 PSS parameter encode and decode.
For RSA PSS keys encode and decode parameters when handling public
and private keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:47 +00:00
Dr. Stephen Henson
47e42b3c67 Split PSS parameter creation.
Split PSS parameter creation. This adds a new function rsa_pss_params_create
which creates PSS parameters from digest and salt values. This will be
used for PSS key generation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
faa02fe256 Use method key type instead of EVP_PKEY_RSA
Make RSA method more flexible by using the key type from the
method instead of hard coding EVP_PKEY_RSA: by doing this the
same code supports both RSA and RSA-PSS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
4e8ba7479d PSS ASN.1 method
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
ffc6fad562 add EVP_PKEY_RSA_PSS
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
d771441d9b Add pss field to RSA structure and free it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Dr. Stephen Henson
6745a1ff32 Cache maskHash parameter
Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:46 +00:00
Kurt Roeckx
68f4237c21 Make rand_add predictable when fuzzing
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:58 +01:00
Andy Polyakov
3c274a6e20 chacha/asm/chacha-x86_64.pl: add AVX512 path optimized for shorter inputs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-25 16:31:40 +01:00
Todd Short
8bfa99f04f Fix EVP_MD_meth_get_flags
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2134)
2016-12-22 15:23:41 +01:00
Richard Levitte
2629440d42 Reformat M_check_autoarg to match our coding style
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2121)
2016-12-20 23:21:25 +01:00
Richard Levitte
d7c8f142ea M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
2016-12-20 16:10:24 +01:00