Commit graph

115 commits

Author SHA1 Message Date
Dr. Stephen Henson
197421b120 Make EVP_*Final work for CCM ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:27 +00:00
Bernd Edlinger
273a0218e6 Fix a crash in EVP_CIPHER_CTX_cleanup due to cipher_data may be NULL
or EVP_CTRL_INIT/EVP_CTRL_COPY was not called or failed.
If that happens in EVP_CipherInit_ex/EVP_CIPHER_CTX_copy set cipher = NULL,
aes_gcm_cleanup should check that gctx != NULL before calling OPENSSL_cleanse.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2562)
2017-02-07 09:12:34 +00:00
Andy Polyakov
2198b3a55d crypto/evp: harden AEAD ciphers.
Originally a crash in 32-bit build was reported CHACHA20-POLY1305
cipher. The crash is triggered by truncated packet and is result
of excessive hashing to the edge of accessible memory. Since hash
operation is read-only it is not considered to be exploitable
beyond a DoS condition. Other ciphers were hardened.

Thanks to Robert Święcki for report.

CVE-2017-3731

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-01-26 10:54:01 +00:00
Matt Caswell
7141ba3196 Fix the overlapping check for fragmented "Update" operations
When doing in place encryption the overlapping buffer check can fail
incorrectly where we have done a partial block "Update" operation. This
fixes things to take account of any pending partial blocks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
Matt Caswell
7c12c7b61c Properly handle a partial block in OCB mode
If we have previously been passed a partial block in an "Update" call then
make sure we properly increment the output buffer when we use it.

Fixes #2273

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
Matt Caswell
0ba5a9eaa0 Don't use magic numbers in aes_ocb_cipher()
Lots of references to 16 replaced by AES_BLOCK_SIZE. Also a few other style
tweaks in that function

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)
2017-01-25 15:02:44 +00:00
Patrick Steuer
96cce82050 Fix strict-warnings build
crypto/evp/e_aes.c: Types of inp and out parameters of
AES_xts_en/decrypt functions need to be changed from char to
unsigned char to avoid build error due to
'-Werror=incompatible-pointer-types'.

crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above
change.

Signed-off-by: Patrick Steuer <psteuer@mail.de>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-10-18 17:09:47 +01:00
Andy Polyakov
365f95ad53 evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 23:37:31 +02:00
Andy Polyakov
46f047d76b evp/e_aes.c: wire hardware-assisted XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:35 +02:00
Todd Short
c01a3c6df0 Fix braces in e_aes.c: aes_init_key
This compiles correctly, but depending on what may be defined, it's
possible that this could fail compilation. The braces are mismatched,
and it's possible to end up with an else followed by another else.

This presumes the indentation is mostly correct and indicative of
intent. Found via static analysis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1118)
2016-05-24 10:51:14 -04:00
Rich Salz
aa6bb1352b Copyright consolidation 05/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 15:38:09 -04:00
Andy Polyakov
b1a07c3854 Remove obsolete defined(__INTEL__) condition.
This macro was defined by no-longer-supported __MWERKS__ compiler.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 12:35:01 +02:00
Andy Polyakov
6944565bd5 evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:43 +02:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Matt Caswell
c4aede204e Mark OCB as an AEAD cipher
OCB is AEAD capable but was not marked as such with the
EVP_CIPH_FLAG_AEAD_CIPHER flag.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-18 12:05:29 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Richard Levitte
6435f0f6c6 Adapt builtin cipher implementations to opaque EVP_CIPHER
They all stop including evp_locl.h, so we also take care of their
adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier
commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Andy Polyakov
02dc0b82ab evp/e_aes.c: wire hardware-assisted block function to OCB.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:26 +01:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Dr. Stephen Henson
e75c5a794e CCM support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:56:11 +01:00
Dr. Stephen Henson
9cca7be11d Relax CCM tag check.
In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-06 15:42:23 +01:00
Emilia Kasper
1e4a355dca Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-08 14:55:50 +02:00
Matt Caswell
c826988109 Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-30 23:12:39 +01:00
Andy Polyakov
33b188a8e8 Engage vpaes-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:42:12 +01:00
Andy Polyakov
bdc985b133 evp/e_aes.c: fix pair of SPARC T4-specific problems:
- SIGSEGV/ILL in CCM (RT#3688);
- SIGBUS in OCB;

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-09 10:26:20 +01:00
Rich Salz
fd22ab9edf Dead code: if 0 removal from crypto/evp and an unused file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-02 16:53:54 -05:00
Matt Caswell
e640fa0200 Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 10:39:01 +00:00
Matt Caswell
d57d135c33 Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency with
CCM

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 10:38:38 +00:00
Matt Caswell
0f113f3ee4 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:20:09 +00:00
Andy Polyakov
c1669e1c20 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00
Dr. Stephen Henson
73e45b2dd1 remove OPENSSL_FIPSAPI
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Dr. Stephen Henson
916e56208b remove FIPS module code from crypto/evp
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:25:38 +00:00
Matt Caswell
3feb63054a Added OPENSSL_NO_OCB guards
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:03 +00:00
Matt Caswell
e6b336efa3 Add EVP support for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:34 +00:00
Emilia Kasper
da92be4d68 Fix build when BSAES_ASM is defined but VPAES_ASM is not
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-08-21 15:42:57 +02:00
Andy Polyakov
0e716d9207 Engage GHASH for PowerISA 2.0.7.
[and split ppccap.c to ppccap.c and ppc_arch.h]

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:16:31 +02:00
Dr. Stephen Henson
d31fed73e2 RFC 5649 support.
Add support for RFC5649 key wrapping with padding.

Add RFC5649 tests to evptests.txt

Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.

EVP support and minor changes added by Stephen Henson.

Doxygen comment block updates by Tim Hudson.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-18 21:37:13 +01:00
Dr. Stephen Henson
58f4698f67 Make *Final work for key wrap again.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 23:29:14 +01:00
Dr. Stephen Henson
d12eef1501 Sanity check lengths for AES wrap algorithm.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-17 12:57:40 +01:00
Dr. Stephen Henson
c2fd5d79ff Fix copy for CCM, GCM and XTS.
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
2014-06-30 12:57:29 +01:00
ZNV
370bf1d708 Make EVP_CIPHER_CTX_copy work in GCM mode.
PR#3272
2014-06-29 22:01:28 +01:00
Andy Polyakov
764fe518da aesp8-ppc.pl: add CTR mode. 2014-06-16 08:05:19 +02:00
Andy Polyakov
53a224bb0a evp/e_aes.c: add erroneously omitted break; 2014-06-04 08:33:06 +02:00
Andy Polyakov
030a3f9527 evp/e_aes.c: populate HWAES_* to remaning modes.
Submitted by: Ard Biesheuvel.
2014-06-02 21:48:02 +02:00
Andy Polyakov
de51e830a6 Engage POWER8 AES support. 2014-06-01 23:38:11 +02:00
Andy Polyakov
ddacb8f27b Engage ARMv8 AES support. 2014-06-01 22:20:37 +02:00
Andy Polyakov
e9c80e04c1 evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
2013-12-18 21:42:46 +01:00
Andy Polyakov
f0f4b8f126 PPC assembly pack update addendum. 2013-12-18 21:39:15 +01:00