wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11486 commits 20 branches 302 tags 153 MiB
Commit graph

711 commits

Author SHA1 Message Date
Dr. Stephen Henson
d6dc5c506a Add control to retrieve signature MD. 
(cherry picked from commit 810639536c)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
c6f3386577 EVP support for wrapping algorithms. 
Add support for key wrap algorithms via EVP interface.

Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.

Move test code to evptests.txt
(cherry picked from commit 97cf1f6c28)

Conflicts:

	CHANGES
 2013-10-01 14:01:17 +01:00
Andy Polyakov
cf65a07256 evptests.txt: add XTS test vectors 
(cherry picked from commit c9a8e3d1c7)
 2013-10-01 14:01:17 +01:00
Andy Polyakov
051dc9db2b evptests.txt: additional GCM test vectors. 
(cherry picked from commit ca303d333b)
 2013-10-01 14:01:17 +01:00
Ben Laurie
93a886b45a Fix warnings. 
(cherry picked from commit 282a480a35)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
ec19082ecc GCM and CCM test support 
Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c
(cherry picked from commit 15652f9825)
 2013-10-01 14:01:17 +01:00
Dr. Stephen Henson
0eff7c7c88 Add CCM ciphers to tables. 
(cherry picked from commit 95248de327)
 2013-10-01 14:01:17 +01:00
Andy Polyakov
9dc07f04c3 crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. 
Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)
 2013-08-03 17:09:37 +02:00
Ben Laurie
e3120586fb Missing prototypes. 2013-06-04 15:14:18 +01:00
Ben Laurie
3941aa12f1 Remove added ;. 2013-06-04 15:05:18 +01:00
Andy Polyakov
a7e9ed95ec evp/e_aes.c: engage SPARC T4 AES support [from master]. 2013-05-20 16:36:53 +02:00
Andy Polyakov
615d0edf1f evp/e_aes.c: engage AES-NI GCM stitch. 2013-05-20 16:30:21 +02:00
Andy Polyakov
e775755dec evp/evp_err.c: update from master. 2013-05-20 16:16:34 +02:00
Andy Polyakov
a1bf7de5a7 evp/e_camellia.c: engage SPARC T5 Camellia support [from master]. 2013-05-20 16:09:13 +02:00
Andy Polyakov
047c02e8db evp/e_des[3].c: engage SPARC T4 DES support. 2013-05-20 16:08:39 +02:00
Andy Polyakov
1ff546737b evp/Makefile: fix typo. 2013-05-19 23:11:03 +02:00
Andy Polyakov
56f0b25754 Add EVP glue to AES-NI SHA256 stich [from master]. 2013-05-19 22:35:37 +02:00
Andy Polyakov
dd1e4fbcc0 e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. 
PR: 3002
(cherry picked from commit 5c60046553)
 2013-03-18 19:35:20 +01:00
Andy Polyakov
82425f2c28 e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. 
It also ensures that valgring is happy.
(cherry picked from commit 2141e6f30b)
 2013-02-08 10:35:02 +01:00
Andy Polyakov
af010edd55 e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. 
(cherry picked from commit 529d27ea47)
 2013-02-06 13:56:15 +00:00
Andy Polyakov
5966f4d973 e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 
Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f)
 2013-02-06 13:56:15 +00:00
Ben Laurie
fb0a59cc58 Make CBC decoding constant time. 
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
 2013-02-06 13:56:12 +00:00
Dr. Stephen Henson
75a8ff9263 make update 2013-01-15 16:24:07 +00:00
Dr. Stephen Henson
9a6aff50ff Don't require tag before ciphertext in AESGCM mode 2012-10-16 22:46:32 +00:00
Andy Polyakov
507e5c3a61 e_aes.c: uninitialized variable in aes_ccm_init_key [from HEAD]. 
PR: 2874
Submitted by: Tomas Mraz
 2012-09-15 08:46:08 +00:00
Dr. Stephen Henson
7fbcc2f24a type 2012-07-13 11:17:56 +00:00
Dr. Stephen Henson
1e4a6e7b7f add missing evp_cnf.c file 2012-07-04 13:14:44 +00:00
Dr. Stephen Henson
74d89b0d93 PR: 2840 
Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.
 2012-07-03 20:20:11 +00:00
Dr. Stephen Henson
e51ec51af9 revert more "version skew" changes that break FIPS builds 2012-06-10 23:02:06 +00:00
Ben Laurie
68d2cf51bc Reduce version skew: trivia (I hope). 2012-06-03 22:03:37 +00:00
Dr. Stephen Henson
1dded7f7e8 Experimental multi-implementation support for FIPS capable OpenSSL. 
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
This means that the FIPS capable OpenSSL isn't forced to use the
(often lower perfomance) FIPS implementations outside FIPS mode.
 2012-05-13 18:40:12 +00:00
Andy Polyakov
6ca7af9ec0 e_rc4_hmac_md5.c: reapply commit#21726, which was erroneously omitted [from 1.0.1]. 
PR: 2797, 2792
 2012-04-20 21:45:21 +00:00
Dr. Stephen Henson
00bb875240 make ciphers work again for FIPS builds 2012-04-20 00:08:32 +00:00
Andy Polyakov
c3cb563d87 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms 
[from HEAD].
PR: 2792
 2012-04-19 20:42:24 +00:00
Dr. Stephen Henson
068fc255ac only call FIPS_cipherinit in FIPS mode 2012-04-18 22:42:06 +00:00
Andy Polyakov
cc8f2fb917 e_rc4_hmac_md5.c: update from HEAD, fixes crash on legacy Intel CPUs. 
PR: 2792
 2012-04-18 17:51:26 +00:00
Dr. Stephen Henson
b583ebb7dd recognise X9.42 DH certificates on servers 2012-04-18 17:03:45 +00:00
Andy Polyakov
eb8a65db16 e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag 
countermeasure [from HEAD].

PR: 2778
 2012-04-15 14:23:26 +00:00
Dr. Stephen Henson
491734eb21 Initial experimental support for X9.42 DH parameter format to handle 
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
 2012-04-07 20:22:11 +00:00
Dr. Stephen Henson
861a0722c2 fix leak 2012-03-22 16:28:21 +00:00
Dr. Stephen Henson
8705846710 only cleanup ctx if we need to, save ctx flags when we do 2012-02-10 16:54:56 +00:00
Dr. Stephen Henson
7b23c126e6 undef some symbols that cause problems with make depend for fips builds 2012-01-18 01:40:36 +00:00
Dr. Stephen Henson
5c05f69450 make update 2011-12-27 14:38:27 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
a310428527 Workaround so "make depend" works for fips builds. 2011-11-22 12:50:59 +00:00
Andy Polyakov
cd7b854bbb e_rc4_hmac_md5.c: make it work on darwin64, which is configured with RC4_CHAR. 2011-11-15 12:39:48 +00:00
Andy Polyakov
e6ccc6ed70 Configure, e_aes.c: allow for XTS assembler implementation [from HEAD]. 2011-11-15 12:19:56 +00:00
Andy Polyakov
e959a01fac e_aes.c: jumbo update from HEAD. 2011-11-14 21:17:08 +00:00
Andy Polyakov
d807d4c21f c_allc.c: add XTS ciphers [from HEAD]. 2011-11-14 21:13:35 +00:00
Ben Laurie
4c02cf8ecc make depend. 2011-11-13 20:23:34 +00:00
Bodo Möller
67f8de9ab8 "make update" 2011-10-19 15:24:44 +00:00
Andy Polyakov
a99ce1f5b1 e_aes.c: fix bug in aesni_gcm_tls_cipher [in HEAD]. 2011-10-14 09:34:14 +00:00
Bodo Möller
93ff4c69f7 Make CTR mode behaviour consistent with other modes: 
clear ctx->num in EVP_CipherInit_ex

Submitted by: Emilia Kasper
 2011-10-13 13:42:29 +00:00
Dr. Stephen Henson
6841abe842 update pkey method initialisation and copy 2011-10-11 18:16:02 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
c0d2943952 Typo. 2011-09-16 23:04:07 +00:00
Dr. Stephen Henson
7d453a3b49 Fix warnings (from HEAD). 2011-09-10 21:18:37 +00:00
Bodo Möller
edf6b025b1 make update 2011-09-05 09:44:54 +00:00
Bodo Möller
9e96812934 Fix error codes. 2011-09-05 09:42:55 +00:00
Dr. Stephen Henson
fea15b553d PR: 2588 
Submitted by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed by: steve

Close file pointer.
 2011-09-01 13:49:08 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
c5d38fc262 aesni TLS GCM support 2011-08-11 23:06:37 +00:00
Dr. Stephen Henson
6b71970520 Sync EVP AES modes from HEAD. 2011-08-11 22:52:06 +00:00
Dr. Stephen Henson
61cdb9f36a Backport GCM support from HEAD. Minimal support at present: no assembly 
language optimisation. [original by Andy]
 2011-08-04 11:12:38 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Andy Polyakov
fbe2e28911 AES-NI backport from HEAD. Note that e_aes.c doesn't implement all modes 
from HEAD yet, more will be back-ported later.
 2011-06-28 14:49:35 +00:00
Dr. Stephen Henson
bf0736eb1f Redirect null cipher to FIPS module. 2011-06-20 20:00:10 +00:00
Dr. Stephen Henson
ed1bbe2cad make sure custom cipher flag doesn't use any mode bits 2011-06-13 23:10:34 +00:00
Dr. Stephen Henson
e8d23f7811 Redirect HMAC and CMAC operations to module. 2011-06-12 15:07:26 +00:00
Dr. Stephen Henson
7c402e5af3 Disable GCM, CCM, XTS outside FIPS mode this will be updated 
when backported.
 2011-06-10 14:22:42 +00:00
Ben Laurie
78ef9b0205 Fix warnings. 2011-06-09 16:03:18 +00:00
Dr. Stephen Henson
c6fa97a6d6 FIPS low level blocking for AES, RC4 and Camellia. This is complicated by 
use of assembly language routines: rename the assembly language function
to the private_* variant unconditionally and perform tests from a small
C wrapper.
 2011-06-05 17:36:44 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
260d08b814 Backport CMAC support from HEAD. 2011-06-03 15:08:42 +00:00
Dr. Stephen Henson
916bcab28e Prohibit low level cipher APIs in FIPS mode. 
Not complete: ciphers with assembly language key setup are not
covered yet.
 2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
c7373c3dee For consistency define clone digests in evp_fips.c 2011-06-01 15:11:00 +00:00
Dr. Stephen Henson
9f2c8eb2a1 Redirect clone digests to FIPS module for FIPS builds. 2011-06-01 14:28:21 +00:00
Dr. Stephen Henson
65300dcfb0 Prohibit use of low level digest APIs in FIPS mode. 2011-06-01 13:39:45 +00:00
Dr. Stephen Henson
5792219d1d Redirect cipher operations to FIPS module for FIPS builds. 2011-05-29 16:18:38 +00:00
Dr. Stephen Henson
293c58c1e7 Use approved API for EVP digest operations in FIPS builds. 
Call OPENSSL_init() in a few more places to make sure it is always called
at least once.

Initial cipher API redirection (incomplete).
 2011-05-29 15:55:13 +00:00
Dr. Stephen Henson
9f375a752e Add default ASN1 handling to support FIPS. 2011-05-29 02:32:05 +00:00
Dr. Stephen Henson
04dc5a9ca6 Redirect digests to FIPS module for FIPS builds. 
Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
 2011-05-28 23:01:26 +00:00
Richard Levitte
9f427a52cb make update (1.0.1-stable) 
This meant a slight renumbering in util/libeay.num due to symbols
appearing in 1.0.0-stable.  However, since there's been no release on
this branch yet, it should be harmless.
 2011-03-23 00:06:04 +00:00
Dr. Stephen Henson
5566d49103 PR: 2385 
Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.
 2010-11-30 19:45:31 +00:00
Dr. Stephen Henson
4fab95ed20 Some of the MS_STATIC use in crypto/evp is a legacy from the days when 
EVP_MD_CTX was much larger: it isn't needed anymore.
 2010-11-27 17:35:56 +00:00
Dr. Stephen Henson
a618011ca1 add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:07:45 +00:00
Dr. Stephen Henson
ec1e714ac1 constify EVP_PKEY_new_mac_key() 2010-11-24 13:14:03 +00:00
Dr. Stephen Henson
19043426b9 backport AES EVP ctr mode changes from HEAD 2010-11-17 17:46:23 +00:00
Dr. Stephen Henson
972491aece If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and 
we should use its method instead of any generic one.
 2010-11-16 12:11:31 +00:00
Dr. Stephen Henson
7770da4b41 PR: 2295 
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
 2010-10-11 23:25:23 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
7a09bc4068 PR: 2258 
Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.
 2010-05-27 12:41:20 +00:00
Dr. Stephen Henson
207886cd3a PR: 2244 
Submitted By: "PMHager" <hager@dortmund.net>

Initialise pkey callback to 0.
 2010-05-03 12:50:52 +00:00
Dr. Stephen Henson
9caf25d144 PR: 1904 
Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.
 2010-03-27 19:27:51 +00:00
Dr. Stephen Henson
5356ea7cde reserve a few more bits for future cipher modes 2010-03-08 23:47:57 +00:00
Dr. Stephen Henson
bf638ef026 don't add digest alias if signature algorithm is undefined 2010-03-06 20:47:45 +00:00
Dr. Stephen Henson
07973d5db8 Fix memory leak: free up ENGINE functional reference if digest is not 
found in an ENGINE.
 2010-03-05 13:33:43 +00:00
Dr. Stephen Henson
fb24311e7c 'typo' 2010-03-01 01:52:47 +00:00
Dr. Stephen Henson
fc11f47229 Revert CFB block length change. Despite what SP800-38a says the input to 
CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.
 2010-02-26 14:41:48 +00:00
Dr. Stephen Henson
6c6ca18664 The "block length" for CFB mode was incorrectly coded as 1 all the time. It 
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
 2010-02-15 19:40:30 +00:00