wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
18808 commits 20 branches 302 tags 153 MiB
Commit graph

8705 commits

Author SHA1 Message Date
Kazuki Yamaguchi
c83680a04a Add missing flags for EVP_chacha20() 
ChaCha20 code uses its own custom cipher_data. Add EVP_CIPH_CUSTOM_IV
and EVP_CIPH_ALWAYS_CALL_INIT so that the key and the iv can be set by
different calls of EVP_CipherInit_ex().

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2156)
 2017-01-24 15:21:28 +01:00
ganesh
c2114afc16 RAND_egd_bytes: No need to check RAND_status on connection error. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
 2017-01-24 14:39:20 +01:00
ganesh
3ed93c8633 Fixed the return code for RAND_egd_bytes. 
According to the documentation, the return code should be -1 when
RAND_status does not return 1.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
 2017-01-24 14:39:20 +01:00
ganesh
1381684daf Fixed the return code of RAND_query_egd_bytes when connect fails. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1886)
 2017-01-24 14:39:20 +01:00
Andy Polyakov
9872238eb6 poly1305/poly1305_base2_44.c: clarify shift boundary condition. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2017-01-21 22:33:38 +01:00
Andy Polyakov
6f553edba8 ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization. 
Up to 4% depending on benchmark.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2017-01-21 22:28:34 +01:00
Richard Levitte
8a05c4d3b5 Fix DSA parameter generation control error 
When setting the digest parameter for DSA parameter generation, the
signature MD was set instead of the parameter generation one.
Fortunately, that's also the one that was used for parameter
generation, but it ultimately meant the parameter generator MD and the
signature MD would always be the same.

Fixes github issue #2016

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2250)
 2017-01-20 08:29:46 +01:00
Dr. Stephen Henson
137096a7ea Defines and strings for special salt length values, add tests 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
 2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
79ebfc4681 Add support for -1, -2 salt lengths for PSS only keys. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
 2017-01-18 15:04:49 +00:00
FdaSilvaYY
2191dc846a Clean one unused variable, plus an useless one. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
 2017-01-18 15:19:24 +01:00
Kurt Roeckx
c4a6015091 Add missing braces. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2234
 2017-01-16 04:50:12 +01:00
Kurt Roeckx
c2ce477f1f Fix undefined behaviour when printing the X509 and CRL version 
Found by oss-fuzz

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2231
 2017-01-15 22:21:08 +01:00
Kurt Roeckx
68d4bcfd06 Fix VC warnings about unary minus to an unsigned type. 
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
 2017-01-15 22:21:07 +01:00
Kurt Roeckx
244d7b288f Fix undefined behaviour when printing the X509 serial 
Found by afl

Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
 2017-01-15 22:21:07 +01:00
Rich Salz
5071824321 Fix "failure rate" bugs 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2228)
 2017-01-13 15:47:02 -05:00
Richard Levitte
d62210af2e Fix no-ocsp 
The use of EXFLAG_SET requires the inclusion of openssl/x509v3.h.
openssl/ocsp.h does that, except when OCSP is disabled.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2227)
 2017-01-13 12:03:25 +01:00
Richard Levitte
37cbabbdb8 UI: Use RUN_ONCE differently 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
 2017-01-13 11:47:35 +01:00
Richard Levitte
7eb26c4936 UI: Ensure there will be no race condition when getting the UI_METHOD ex_data 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2222)
 2017-01-13 11:47:35 +01:00
Rich Salz
3e5d9da5fc Make X509_Digest,others public 
Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)
 2017-01-12 16:39:41 -05:00
Rich Salz
f7edeced4d Add "random malloc failure" tooling 
Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
 2017-01-12 11:27:27 -05:00
Rich Salz
329f2f4a42 GH2176: Add X509_VERIFY_PARAM_get_time 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
 2017-01-12 09:54:09 -05:00
Richard Levitte
0fe1fc858a Add a UI utility function with which to wrap pem_callback_cb in a UI_METHOD 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
 2017-01-11 18:27:27 +01:00
Richard Levitte
18cfc668ea Add an application data field in the UI_METHOD 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
 2017-01-11 18:27:27 +01:00
Richard Levitte
a223ffe6d3 Constify the input parameter to UI_method_get_* 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
 2017-01-11 18:27:27 +01:00
Kurt Roeckx
676befbeb7 Print the X509 version signed, and convert to unsigned for the hex version. 
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1754
 2017-01-10 22:27:37 +01:00
Richard Levitte
d95743047e Only enable CRYPTO_3DES_ECB if that name is an existing macro 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
 2017-01-10 14:59:39 +01:00
Richard Levitte
374d543f29 Small fixes of cryptodev engine 
- guard CRYPTO_3DES_CBC
- add a missing cast

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2203)
 2017-01-10 14:59:39 +01:00
Iaroslav Gridin
f61c5ca6ca use EVP_CIPHER_CTX_ functions instead of accessing EVP_CIPHER_CTX internals 
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
349b653a99 fix for BSD cryptodev 
by levitte

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
2c5998dde6 Remove commented-out HMAC code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
098eb1a7b7 Style the code 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
807d21066f Remove unused ret variable 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
60cd1196a2 Remove non-functional CRYPTO_AES_CTR ifdef disabling AES-CTR in cryptodev 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Iaroslav Gridin
f53e067451 Add AES-ECB and 3DES-ECB to cryptodev 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
f8e7fbd53f cryptodev: allow copying EVP contexts 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Nikos Mavrogiannopoulos
efcad82bb8 cryptodev: Fix issue with signature generation 
That patch also enables support for SHA2 hashes, and
removes support for hashes that were never supported by
cryptodev.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1784)
 2017-01-10 08:21:45 +01:00
Bernd Edlinger
c6d215e0d2 Fix a memory leak in RSA_padding_add_PKCS1_OAEP_mgf1 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #2140
 2017-01-09 22:23:31 +01:00
Dr. Stephen Henson
c82bafc52e fix a few more style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
f291138bbe Remove unnecessary frees and style fixes. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
bc1ea030ef Use more desciptive macro name rsa_pss_restricted() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
b6b885c6b9 style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
285c7d9cdf free str on error 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
568b9cdc64 clarify comment 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
52ad523c0e fix various style issues 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:50 +00:00
Dr. Stephen Henson
23b6699ecc make errors 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
635fe50fcd add parameter error 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
f7a21d85b6 Set EVP_PKEY_CTX in SignerInfo 
If we aren't setting public key parameters make EVP_PKEY_CTX available
in SignerInfo so PSS mode and parameters are automatically selected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
08be0331c3 Only allow PSS padding for PSS keys. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
b35b8d116b Decode parameters properly. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00
Dr. Stephen Henson
186e48cd1b Return errors PKCS#7/CMS enveloped data ctrls and PSS 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
 2017-01-08 01:42:49 +00:00