As some of ARM processors, more specifically Cortex-Mx series, are
Thumb2-only, we need to support Thumb2-only builds even in assembly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
This leaves behind files with names ending with '.iso-8859-1'. These
should be safe to remove. If something went wrong when re-encoding,
there will be some files with names ending with '.utf8' left behind.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
There are header files in crypto/ that are used by a number of crypto/
submodules. Move those to crypto/include/internal and adapt the
affected source code and Makefiles.
The header files that got moved are:
crypto/cryptolib.h
crypto/md32_common.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr)
for memset and memcpy. Remove needless casts for those functions.
For memset, replace alternative forms of zero with 0.
Reviewed-by: Richard Levitte <levitte@openssl.org>
For a local variable:
TYPE *p;
Allocations like this are "risky":
p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption. Instead do this:
p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
Reviewed-by: Richard Levitte <levitte@openssl.org>
The macros BSWAP4 and BSWAP8 have statetemnt expressions
implementations that use local variable names that shadow variables
outside the macro call, generating warnings like this
e_aes_cbc_hmac_sha1.c:263:14: warning: declaration shadows a local variable
[-Wshadow]
seqnum = BSWAP8(blocks[0].q[0]);
^
../modes/modes_lcl.h:41:29: note: expanded from macro 'BSWAP8'
^
e_aes_cbc_hmac_sha1.c:223:12: note: previous declaration is here
size_t ret = 0;
^
Have clang be quiet by modifying the macro variable names slightly
(suffixing them with an underscore).
Reviewed-by: Rich Salz <rsalz@openssl.org>
With no more symlinks, there's no need for those variables, or the links
target. This also goes for all install: and uninstall: targets that do
nothing but copy $(EXHEADER) files, since that's now taken care of by the
top Makefile.
Also, removed METHTEST from test/Makefile. It looks like an old test that's
forgotten...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.
Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.
Originally-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap
with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at
that time:
- crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly,
and the function immediately returns 'ret' in (almost) all cases.
This makes the IV checking code later in the function unreachable, but
callers think the IV check succeeded since CRYPTO_128_unwrap()'s
return value is non-zero.
FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error).
- crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to
the first 8 bytes of the output buffer ('out') as the IV checking code
expects. This makes the IV check fail.
FIX: Compare 'iv' to 'got_iv', not 'out'.
- The data written to the output buffer ('out') is "cleansed" if the IV
check fails, but the code passes OPENSSL_cleanse() the input buffer
length ('inlen') instead of the number of bytes that
crypto_128_unwrap_raw() wrote to the output buffer ('ret'). This
means that OPENSSL_cleanse() could potentially write past the end of
'out'.
FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call.
- CRYPTO_128_unwrap() is returning the length of the input buffer
('inlen') instead of the number of bytes written to the output buffer
('ret'). This could cause the caller to read past the end of 'out'.
FIX: Return 'ret' instead of 'inlen' at the end of the function.
PR#3749
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:
ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.
This commit fixes the issue by explicitly casting to an unsigned int.
Reviewed-by: Richard Levitte <levitte@openssl.org>
According to RFC 5649 section 4.1 step 1) we should not add padding
if plaintext length is multiply of 8 ockets.
This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F
on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2.
PR#3675
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
on affected platforms (PowerPC and AArch64).
For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: Rich Salz <rsalz@openssl.org>
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
Two typo's on #endif comments fixed:
OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB
OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE
Reviewed-by: Richard Levitte <levitte@openssl.org>
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Add the wrapper to all public header files (Configure
generates one). Don't bother for those that are just
lists of #define's that do renaming.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add support for RFC5649 key wrapping with padding.
Add RFC5649 tests to evptests.txt
Based on PR#3434 contribution by Petr Spacek <pspacek@redhat.com>.
EVP support and minor changes added by Stephen Henson.
Doxygen comment block updates by Tim Hudson.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
While ARMv7 in general is capable of unaligned access, not all instructions
actually are. And trouble is that compiler doesn't seem to differentiate
those capable and incapable of unaligned access. Side effect is that kernel
goes into endless loop retrying same instruction triggering unaligned trap.
Problem was observed in xts128.c and ccm128.c modules. It's possible to
resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT
be feels more appropriate.