Emilia Kasper
9ca2cc78a9
Add a comment noting the padding oracle.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af843039
)
2014-12-17 14:55:47 +01:00
Emilia Kasper
0cf552230e
Revert "RT3425: constant-time evp_enc"
...
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.
This reverts commit 738911cde6
.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:55:39 +01:00
Richard Levitte
53332a75d1
Clear warnings/errors within KSSL_DEBUG code sections
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:17:54 +01:00
Richard Levitte
3b7ab6f4b8
Include "constant_time_locl.h" rather than "../constant_time_locl.h".
...
The different -I compiler parameters will take care of the rest...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 08:06:47 +02:00
Emilia Kasper
738911cde6
RT3425: constant-time evp_enc
...
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75
)
Conflicts:
crypto/evp/evp_enc.c
2014-09-24 16:25:04 +02:00
Emilia Kasper
ebf221ee25
Fix build when BSAES_ASM is defined but VPAES_ASM is not
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68
)
2014-08-21 15:48:10 +02:00
Andy Polyakov
b698c427de
crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 2893a302a9
)
2014-08-20 22:20:21 +02:00
Andy Polyakov
c991d8ae8b
Initial POWER8 support from development branch.
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:36:49 +02:00
Dr. Stephen Henson
4c05b1f8d6
Make *Final work for key wrap again.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67
)
2014-07-17 23:31:11 +01:00
Dr. Stephen Henson
6e1e5996df
Sanity check lengths for AES wrap algorithm.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef1501
)
2014-07-17 12:58:42 +01:00
Dr. Stephen Henson
802fdcda1e
Fix copy for CCM, GCM and XTS.
...
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
(cherry picked from commit c2fd5d79ff
)
2014-06-30 13:59:38 +01:00
Dr. Stephen Henson
6006e352ad
Make EVP_Digest* work again.
2014-06-30 13:59:29 +01:00
Dr. Stephen Henson
df401f4796
Make CMAC work with EVP_PKEY.
...
Add patch originally accidentally omitted to allow CMAC to work with
EVP_PKEY APIs.
2014-06-29 23:44:44 +01:00
ZNV
14183e50e7
Make EVP_CIPHER_CTX_copy work in GCM mode.
...
PR#3272
(cherry picked from commit 370bf1d708
)
2014-06-29 22:02:23 +01:00
Dr. Stephen Henson
d0ba994483
Fix for EVP_PBE_alg_add().
...
In EVP_PBE_alg_add don't use the underlying NID for the cipher
as it may have a non-standard key size.
PR#3206
(cherry picked from commit efb7caef637a1de8468ca109efd355a9d0e73a45)
2014-06-27 23:19:37 +01:00
Felix Laurie von Massenbach
1b823494de
Fix signed/unsigned comparisons.
...
(cherry picked from commit 50cc4f7b3d
)
2014-06-17 18:38:36 +01:00
Felix Laurie von Massenbach
6657e68bf2
Fix shadow declaration.
...
(cherry picked from commit 1f61d8b5b1
)
2014-06-17 18:36:48 +01:00
Andy Polyakov
79b960c046
evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build.
...
(cherry picked from commit ce00c64df9
)
2014-06-14 23:16:29 +02:00
Andy Polyakov
7e03acf2be
Engage ARMv8 AES support [from HEAD].
2014-06-11 00:08:03 +02:00
Geoff Thorpe
65402586c0
evp: prevent underflow in base64 decoding
...
This patch resolves RT ticket #2608 .
Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
2014-05-06 18:02:02 -04:00
Dr. Stephen Henson
7169e56d6b
Initialize num properly.
...
PR#3289
PR#3345
(cherry picked from commit 3ba1e406c2
)
2014-05-06 14:09:07 +01:00
Eric Young
0bb37c5e23
Fix base64 decoding bug.
...
A short PEM encoded sequence if passed to the BIO, and the file
had 2 \n following would fail.
PR#3289
(cherry picked from commit 10378fb5f4
)
2014-04-02 19:57:06 +01:00
Dr. Stephen Henson
1bd4ee1da1
Use nid not cipher type as some ciphers don't have OIDs.
2014-03-02 15:00:21 +00:00
Dr. Stephen Henson
3956bfce60
Make null cipher work in FIPS mode.
2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
813cfd9c0a
Add additional FIPS digests.
...
Add a few special case digests not returned by FIPS_get_digestbynid().
Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
issue.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
5f2329b82a
Fix fips flag handling.
...
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.
Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.
Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
2014-02-27 19:18:58 +00:00
Dr. Stephen Henson
01fb5e133f
Remove unused file.
...
The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS
implementations of algorithms can coexist.
2014-02-27 19:08:53 +00:00
Andy Polyakov
fd2c85f6ae
evp/e_aes.c: harmonize with 1.0.1.
2014-02-27 17:47:23 +01:00
Andy Polyakov
aff78bb39a
ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
...
(cherry picked from commit 701134320a
)
2014-02-14 17:45:33 +01:00
Andy Polyakov
fcc6f699e3
evp/e_aes_cbc_hmac_sha*.c: improve cache locality.
...
(cherry picked from commit 9587429fa0
)
2014-02-13 14:41:10 +01:00
Dr. Stephen Henson
f407eec799
make update
2014-02-06 14:31:09 +00:00
Andy Polyakov
41cf2d2518
evp/e_aes_cbc_hmac_sha[1|256].c: add multi-block implementations [from master].
2014-02-05 19:52:38 +01:00
Andy Polyakov
9071b36d9a
Add AES-NI+SHA256 stitch registrations (from master).
2014-02-02 00:05:02 +01:00
Andy Polyakov
50f1b47c7f
PPC assembly pack: jumbo update from master.
...
Add Vector Permutation AES and little-endian support.
2014-02-01 21:48:31 +01:00
Dr. Stephen Henson
ff64ab32ae
Ignore NULL parameter in EVP_MD_CTX_destroy.
...
(cherry picked from commit a6c62f0c25
)
2013-12-20 23:24:26 +00:00
Andy Polyakov
68e6ac4379
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
...
It worked because it was never called.
(cherry picked from commit e9c80e04c1
)
2013-12-18 22:56:24 +01:00
Andy Polyakov
b76310ba74
ARM assembly pack: AES update from master (including bit-sliced module).
2013-12-09 23:44:45 +01:00
Dr. Stephen Henson
bc35b8e435
make update
2013-12-01 23:09:44 +00:00
Dr. Stephen Henson
1abfa78a8b
Constify.
2013-11-14 21:00:40 +00:00
Andy Polyakov
ca44f72938
Make Makefiles OSF-make-friendly.
...
PR: 3165
(cherry picked from commit d1cf23ac86
)
2013-11-12 21:53:39 +01:00
Dr. Stephen Henson
18f49508a5
Fix memory leak.
...
(cherry picked from commit 16bc45ba95
)
2013-11-11 23:55:18 +00:00
Dr. Stephen Henson
a4947e4e06
Initialise context before using it.
2013-11-06 13:16:50 +00:00
Ben Laurie
262f1c524e
PBKDF2 should be efficient. Contributed by Christian Heimes
...
<christian@python.org>.
2013-11-03 17:27:12 +00:00
Andy Polyakov
c99028f252
evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms.
...
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0da
)
2013-10-05 21:09:50 +01:00
Dr. Stephen Henson
e1e6c4dae7
Algorithm parameter support.
...
Check and set AlgorithmIdenfier parameters for key wrap algorithms.
Currently these just set parameters to NULL.
(cherry picked from commit e61f5d55bc
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
8c798690ce
CMS support for key agreeement recipient info.
...
Add hooks to support key agreement recipient info type (KARI) using
algorithm specific code in the relevant public key ASN1 method.
(cherry picked from commit 17c2764d2e
)
2013-10-01 14:01:18 +01:00
Dr. Stephen Henson
d6dc5c506a
Add control to retrieve signature MD.
...
(cherry picked from commit 810639536c
)
2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
c6f3386577
EVP support for wrapping algorithms.
...
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28
)
Conflicts:
CHANGES
2013-10-01 14:01:17 +01:00
Andy Polyakov
cf65a07256
evptests.txt: add XTS test vectors
...
(cherry picked from commit c9a8e3d1c7
)
2013-10-01 14:01:17 +01:00
Andy Polyakov
051dc9db2b
evptests.txt: additional GCM test vectors.
...
(cherry picked from commit ca303d333b
)
2013-10-01 14:01:17 +01:00