Commit graph

1215 commits

Author SHA1 Message Date
Alex Gaynor
d65c3615f6 GH1537: Avoid double-free in the EVP_PKEY API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 09:41:20 -04:00
Richard Levitte
216e8d9103 Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-26 12:41:07 +02:00
Andy Polyakov
9e421962e1 evp/bio_enc.c: stop using pointer arithmetic for error detection.
Thanks to David Benjamin for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 10:34:27 +01:00
Andy Polyakov
c1a7dcbe16 evp/bio_enc.c: refine non-overlapping logic.
RT#4628

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 23:34:12 +02:00
Dr. Stephen Henson
8900f3e398 Convert X509* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Dr. Stephen Henson
245c6bc33b Constify private key decode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
262bd85fde Add X25519 methods to internal tables
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Kurt Roeckx
5898b8eb87 Fix spelling of error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
2016-08-10 09:58:57 -04:00
FdaSilvaYY
c47ba4e96c Constify some ASN1_OBJECT *obj input parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
700b814549 Fix some style issues...
extra spacing and 80 cols

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366)
2016-08-02 09:59:23 +02:00
Andy Polyakov
abdb460d8a evp/bio_enc.c: perform enc_read operation without using overlapping buffers.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:21 +02:00
Andy Polyakov
83151b73a4 evp/evp_enc.c: make assert error message more readable
and add EVPerr(PARTIALLY_OVERLAPPED)

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:11 +02:00
Dr. Stephen Henson
976ef6adcc Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 22:42:31 +01:00
Dr. Stephen Henson
ee6ce5cc36 Set error if EVP_CipherUpdate fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:51:49 +01:00
Jakub Zelenka
c1054bb4d2 Add EVP_ENCODE_CTX_copy
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)
2016-07-24 19:23:00 +01:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Andy Polyakov
365f95ad53 evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 23:37:31 +02:00
FdaSilvaYY
68efafc513 Add checks on sk_TYPE_push() returned value
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-05 17:45:50 +01:00
Matt Caswell
3ce2fdabe6 Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-30 15:51:57 +01:00
FdaSilvaYY
02e112a885 Whitespace cleanup in crypto
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1264)
2016-06-29 09:56:39 -04:00
Emilia Kasper
2cdce3e32f base64 macro: parenthesize for clarity
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-28 17:23:11 +02:00
Andy Polyakov
5fc77684f1 evp/evp_enc.c: refine partial buffer overlap detection.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-27 10:09:07 +02:00
Andy Polyakov
c3a73daf0a evp/evp_enc.c: check for partially[!] overlapping buffers
in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in
general case it's impossible to provide guarantee that partially[!]
overlapping buffers can be tolerated.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-27 10:08:01 +02:00
Matt Caswell
0def528bc5 Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-24 13:25:00 +01:00
Rich Salz
fe2d149119 RT2867: des_ede3_cfb1 ignored "size in bits" flag
Code and tests by Steve.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-23 10:03:50 -04:00
Kurt Cancemi
b88e95f3a0 crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1231)
2016-06-20 09:38:37 -04:00
FdaSilvaYY
823146d65f Useless header include of openssl/rand.h
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
2016-06-16 13:33:47 -04:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 09:50:48 +01:00
Andy Polyakov
46f047d76b evp/e_aes.c: wire hardware-assisted XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:35 +02:00
Matt Caswell
d356dc5619 Add some missing return value checks
Some misc return value checks

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 17:38:39 +01:00
Dr. Stephen Henson
f72f00d495 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:06:16 +01:00
Todd Short
c01a3c6df0 Fix braces in e_aes.c: aes_init_key
This compiles correctly, but depending on what may be defined, it's
possible that this could fail compilation. The braces are mismatched,
and it's possible to end up with an else followed by another else.

This presumes the indentation is mostly correct and indicative of
intent. Found via static analysis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1118)
2016-05-24 10:51:14 -04:00
J Mohan Rao Arisankala
a93e0e78db #4342: few missing malloc return checks and free in error paths
ossl_hmac_cleanup, pkey_hmac_cleanup:
 - allow to invoke with NULL data
 - using EVP_PKEY_CTX_[get|set]_data

EVP_DigestInit_ex:
 - remove additional check for ‘type’ and doing clear free instead of
free

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 23:08:22 +01:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
Kazuki Yamaguchi
d2dfd4820b Fix a NULL dereference in chacha20_poly1305_init_key()
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 11:08:55 +02:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
aa6bb1352b Copyright consolidation 05/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 15:38:09 -04:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Matt Caswell
a7f9e0a45f Remove an unneccessary check of cipher
Due to short-circuiting we only need to check "cipher" for NULL once.

PR#699

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 20:28:03 +01:00
FdaSilvaYY
c5ebfcab71 Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 10:17:33 +01:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
J Mohan Rao Arisankala
e0d32e98f0 fix check
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
J Mohan Rao Arisankala
cb1d435cac few missing allocation failure checks and releases on error paths
- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
Dr. Stephen Henson
c0aa8c2748 Use default ASN.1 for SEED.
The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 23:59:01 +01:00
Kurt Roeckx
70428eada9 Check that we have enough padding characters.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

CVE-2016-2107

MR: #2572
2016-05-03 13:15:39 +01:00
Matt Caswell
2bd5d70ce5 Ensure EVP_EncodeUpdate handles an output length that is too long
With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:56:23 +01:00
Matt Caswell
ee1e3cac2e Avoid overflow in EVP_EncodeUpdate
An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:56:23 +01:00
Matt Caswell
3f3582139f Fix encrypt overflow
An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-03 08:57:06 +01:00
Andy Polyakov
b1a07c3854 Remove obsolete defined(__INTEL__) condition.
This macro was defined by no-longer-supported __MWERKS__ compiler.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 12:35:01 +02:00
Kirill Marinushkin
842dc98705 Add aliases for des-ede-ecb and des-ede3-ecb ciphers.
Currently we can get all block ciphers with
	EVP_get_cipherbyname("<alg_name>-<block-mode-name>")
for example, by names "aes-128-ecb" or "des-ede-cbc".
I found a problem with des-ede-ecb and des-ede3-ecb ciphers as
they can be accessed only with names:
	EVP_get_cipherbyname("des-ede")
	EVP_get_cipherbyname("des-ede3")
It breaks the general concept.

In this patch I add aliases which allow to use names:
	EVP_get_cipherbyname("des-ede-ecb")
	EVP_get_cipherbyname("des-ede3-ecb")
in addition to the currently used names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 09:17:09 -04:00
Michel
098a23828f Fix missing IDEA renames (windows build)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 14:48:54 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Andy Polyakov
6944565bd5 evp/aes_aes.c: engage Fujitsu SPARC64 X AES support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 09:57:43 +02:00
Rich Salz
14f051a0ae Make string_to_hex/hex_to_string public
Give the API new names, document it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 09:02:11 -04:00
Rich Salz
9021a5dfb3 Rename some lowercase API's
Make OBJ_name_cmp internal
Rename idea_xxx to IDEA_xxx
Rename get_rfc_xxx to BN_get_rfc_xxx
Rename v3_addr and v3_asid functions to X509v3_...

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-18 08:22:00 -04:00
Matt Caswell
d064e6ab52 Remove OPENSSL_NO_SHA guards
no-sha is no longer an option so remove OPENSSL_NO_SHA guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Matt Caswell
5158c763f5 Remove OPENSSL_NO_AES guards
no-aes is no longer a Configure option and therefore the OPENSSL_NO_AES
guards can be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Dr. Stephen Henson
a535fe12f6 Remove check_defer()
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.

Remove obj_cleanup() call in OID config module: it is not needed
any more either.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:05:07 +01:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Matt Caswell
7b8cc9b345 Deprecate OBJ_cleanup() and make it a no-op
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
22c84afa77 Deprecate EVP_cleanup() and make it a no-op
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Rich Salz
921de151d2 Move dso.h to internal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-23 09:12:11 -04:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Matt Caswell
8d9fb8c8db Fix no-seed
Fix compilation with --strict-warnings and no-seed

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-21 14:42:46 +00:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Matt Caswell
b4a3aeebd9 Fix no-cmac
There were a couple of CMAC references without OPENSSL_NO_CMAC guards.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 17:07:11 +00:00
Matt Caswell
c4aede204e Mark OCB as an AEAD cipher
OCB is AEAD capable but was not marked as such with the
EVP_CIPH_FLAG_AEAD_CIPHER flag.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-18 12:05:29 +00:00
Matt Caswell
ffe9150b15 Fix a potential double free in EVP_DigestInit_ex
There is a potential double free in EVP_DigestInit_ex. This is believed
to be reached only as a result of programmer error - but we should fix it
anyway.

Issue reported by Guido Vranken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 11:40:00 +00:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Andy Polyakov
12940f08f4 crypto/*/build.info: SPARC-specific fixups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:29:55 +01:00
Richard Levitte
dca5c70121 Add extra include directory for includers of ppc_arch.h
crypto/evp/e_aes.c and crypto/modes/gcm128.c include ppc_arch.h, which
is located in crypto/, so add that as extra include directory for them.

Issue reported by Jeffrey Walton <noloader@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:07:15 +01:00
Alessandro Ghedini
03273d61e7 Convert CRYPTO_LOCK_EVP_PKEY to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
David Woodhouse
db922318b3 Elide EVP_read_pw_string() and friends for no-ui
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07 12:52:56 -05:00
Dr. Stephen Henson
54dbf42398 Make PKCS8_PRIV_KEY_INFO opaque.
Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.

The old handling of broken formats has been removed and the corresponding
structures simplified.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:11:21 +00:00
Alessandro Ghedini
aacfb134be GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.

It is required to implement the QUIC and TLS 1.3 protocols (among others).

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-03 18:21:20 -05:00
Dr. Stephen Henson
99119000ad EVP_PKEY_CTX utility functions.
Utility functions to pass a string or hex string to EVP_PKEY_CTX_ctrl().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 20:57:32 +00:00
Rich Salz
7c96dbcdab GH715: ENGINE_finish can take NULL
Simplifies calling code.  Also fixed up any !ptr tests that were
nearby, turning them into NULL tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-25 15:19:42 -05:00
FdaSilvaYY
a2d0baa2d9 GH678: Add a few more zalloc
Remove some duplicated NULL/zero init.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 12:13:37 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Andy Polyakov
7687f52550 evp/e_des[3].c: address compiler warnings, fix formatting.
RT#4210

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 22:09:04 +01:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Rich Salz
84c15091ec Fix GH 327.
Valgrind complains about using unitialized memory.  So call
OPENSSL_zalloc, not malloc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:13:18 -05:00
Dmitry-Me
cc9c568946 Ensure allocation size fits into size_t
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #630
2016-02-10 20:13:26 +01:00
Matt Caswell
0fc32b0718 The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Rich Salz
effaf4dee9 Use NON_EMPTY_TRANSLATION_UNIT, consistently.
This also closes RT 4123

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 20:13:29 -05:00
Matt Caswell
5c858c5915 Update build.info files for auto-init/de-init
Various Makefile.in files have changes for auto-init/de-init. Make the
equivalent changes in build.info.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Rich Salz
43ecb9c35c GH641: Don't care openssl_zmalloc
Don't cast malloc-family return values.
Also found some places where (a) blank line was missing; and (b)
the *wrong* return value was checked.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 11:09:16 -05:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Dmitry-Me
19f7130beb GH608: Ensure 64-bit shift no matter sizeof(long)
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-02-02 11:22:32 -05:00
Richard Levitte
777a288270 unified build scheme: add build.info files
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files.  They have been generated from the
Makefiles in the same directories.  Things that are platform specific
will appear in later commits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-01 12:46:58 +01:00
Rich Salz
ced2c2c598 Templatize util/domd
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 16:56:07 -05:00
Rich Salz
349807608f Remove /* foo.c */ comments
This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 16:40:43 -05:00
Rich Salz
56c77c52e1 Remove update tags
Also remove depend/local_depend.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 09:09:14 -05:00
Dr. Stephen Henson
3aeb934865 make EVP_PKEY opaque
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 03:24:59 +00:00
Dr. Stephen Henson
1eff3485b6 Add TLS PRF method.
Add EVP_PKEY algorithm for TLS1 PRF.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-19 14:00:32 +00:00
Rich Salz
ee6d9f4eb6 Remove some old makefile targets
Remove lint, tags, dclean, tests.
This is prep for a new makedepend scheme.
This is temporary pending unified makefile, and might help it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-17 14:47:32 -05:00
Rich Salz
0b3a231efd RT4247: Add missing patch
Missed the camellia EVP update.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-17 09:18:43 -05:00
Rich Salz
ecdd0ff733 RT4247: Fix EVP_CIPHER_CTX opaque on sparc
Via Rainer Jung

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-15 22:47:01 -05:00
Richard Levitte
b97c8c0ef2 After EVP_CIPHER turned opaque, e_rc5.c needs to include evp_int.h
We missed this one because rc5 is disabled by default.

Notified by The Doctor <doctor@doctor.nl2k.ab.ca>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 17:46:07 +01:00
Rich Salz
d10dac1187 Move Makefiles to Makefile.in
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12 16:26:56 -05:00
Richard Levitte
ff4b7fafb3 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:58:29 +01:00
Richard Levitte
3dcb9e4e0f EVP_CIPHER_CTX_new_cipher_data was a temporary measure, not needed any more
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
6435f0f6c6 Adapt builtin cipher implementations to opaque EVP_CIPHER
They all stop including evp_locl.h, so we also take care of their
adaptation to opaque EVP_CIPHER_CTX, as was promised in an earlier
commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
135727abe0 Adapt the internal EVP routines to opaque EVP_CIPHER
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
e79f877333 Make EVP_CIPHER opaque and add creator/destructor/accessor/writer functions
We follow the method used for EVP_MD.
Also, move all the internal EVP_CIPHER building macros from evp_locl.h
to evp_int.h.  This will benefit our builtin EVP_CIPHERs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
480d33237d Remove EVP_CIPHER_CTX_flags, it's only confusing
EVP_CIPHER_CTX_flags was returning the flags of its associated
EVP_CIPHER.  However, EVP_CIPHER_CTX has flags of its own, so this
function is quite confusing and therefore error prone.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
846ec07d90 Adapt all EVP_CIPHER_CTX users for it becoming opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
936166aff2 Adapt cipher implementations to opaque EVP_CIPHER_CTX
Note: there's a larger number of implementations in crypto/evp/ that
aren't affected because they include evp_locl.h.  They will be handled
in a separate commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
c0ca39bdd6 Adapt the internal EVP routines to opaque EVP_CIPHER_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
83b0634702 Add accessors and writers for EVP_CIPHER_CTX
New functions:

- EVP_CIPHER_CTX_encrypting()
- EVP_CIPHER_CTX_iv()
- EVP_CIPHER_CTX_iv_noconst()
- EVP_CIPHER_CTX_original_iv()
- EVP_CIPHER_CTX_buf_noconst()
- EVP_CIPHER_CTX_num()
- EVP_CIPHER_CTX_set_num()
- EVP_CIPHER_CTX_cipher_data()
- EVP_CIPHER_CTX_new_cipher_data()

Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them (that would be the case when
they are flagged EVP_CIPH_CUSTOM_IV or EVP_CIPH_FLAG_CUSTOM_CIPHER).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Richard Levitte
8baf9968df Make EVP_CIPHER_CTX opaque and renew the creator / destructor functions
Following the method used for EVP_MD_CTX and HMAC_CTX,
EVP_CIPHER_CTX_init and EVP_CIPHER_CTX_cleanup are joined together
into one function, EVP_CIPHER_CTX_reset, with EVP_CIPHER_CTX_init kept
as an alias.
EVP_CIPHER_CTX_cleanup fills no purpose of its own any more and is
therefore removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-12 13:52:22 +01:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Dr. Stephen Henson
4a1f3f2741 Only declare stacks in headers
Don't define stacks in C source files: it causes warnings
about unused functions in some compilers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
8588571572 Rename DECLARE*STACK_OF to DEFINE*STACK_OF
Applications wishing to include their own stacks now just need to include

DEFINE_STACK_OF(foo)

in a header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Dr. Stephen Henson
4a640fb6c3 Fix declarations and constification for inline stack.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 18:00:51 +00:00
Richard Levitte
6aa0ba4bb2 Fix a possible memleak
If there's a failure allocating md_data, the destination pctx will have
a shared pointer with the source EVP_MD_CTX, which will lead to problems
when either the source or the destination is freed.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-02 20:39:24 +01:00
Ben Laurie
33bed28b39 Fix no-engine.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-29 12:52:06 +00:00
Richard Levitte
31384753c7 Remove the "eay" c-file-style indicators
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-18 13:08:40 +01:00
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Dr. Stephen Henson
2872dbe1c4 Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2986ecdc08 Extend EVP_PKEY_copy_parameters()
Make EVP_PKEY_copy_parameters() work if the destination has no type
(e.g. if obtained from EVP_PKEY_new()) or the underlying key is NULL.
This is useful where we want to copy the parameters from an existing
key to a new key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Ben Laurie
6c3b566497 Remove no longer existant structure member and direct references to EVP_MD_CTX internals.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 14:59:10 +00:00
Andy Polyakov
30a5f32227 evp/e_chacha20_poly1305.c: TLS interop fixes.
Thanks to: David Benjamin of Chromuim.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 21:07:51 +01:00
Richard Levitte
6ebe8dac3e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:35 +01:00
Richard Levitte
b518d2d5f8 Adapt BIO_f_base64 to the opaque EVP_ENCODE_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Richard Levitte
a0be4fd17b Make EVP_ENCODE_CTX opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-11 16:18:01 +01:00
Andy Polyakov
02dc0b82ab evp/e_aes.c: wire hardware-assisted block function to OCB.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:46 +01:00
Andy Polyakov
bd30091c97 x86[_64] assembly pack: add optimized AES-NI OCB subroutines.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 13:11:26 +01:00
Andy Polyakov
bd3385d845 evp/c_allc.c: wire ChaCha20-Poly1305 and add tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:03:41 +01:00
Andy Polyakov
bd989745b7 crypto/evp: add e_chacha20_poly1305.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:29 +01:00
Andy Polyakov
f6b9427923 evp/evp_enc.c: allow EVP_CIPHER.ctx_size to be 0.
In such case it would be EVP_CIPHER.cleanup's reponsibility to wipe
EVP_CIPHEX_CTX.cipher_data.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:00:05 +01:00
Dr. Stephen Henson
3c4e064e78 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-09 22:09:19 +00:00
Richard Levitte
b3bb779997 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
a87a0a6e5e Cleanup: fix all sources that used HMAC_CTX_init
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
bfb0641f93 Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
959ed5316c Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free)
Looking over names, it seems like we usually use names ending with
_new and _free as object constructors and destructors.  Also, since
EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be
named accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
6756532358 Cleanup: Remove M_EVP_MD_* macros
These macros were only meant for crypto/evp, and are now entirely
unused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
eda34e4bef Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
74cabf3fef Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init
The idea is that with EVP_MD_CTX_create() and EVP_MD_CTX_destroy(),
EVP_MD_CTX_cleanup and EVP_MD_CTX_init is not used the same as before.
Instead, we need a single function that can be used to reinitialise an
existing EVP_MD_CTX that's been created with EVP_MD_CTX_create()
previously.  Combining EVP_MD_CTX_cleanup and EVP_MD_CTX_init into
that one function is the answer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
bf7c68177b Adapt the rest of the source to the opaque HMAC_CTX
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
ab0a14bbc7 Add inclusion of internal/evp_int.h to all crypto/ files that need it
These are the files that add new EVP_MDs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
2db6bf6f85 Make the definition of EVP_MD opaque
This moves the definition to crypto/include/internal/evp_int.h and
defines all the necessary method creators, destructors, writers and
accessors.  The name standard for the latter is inspired from the
corresponding functions to manipulate UI methods.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
6e59a892db Adjust all accesses to EVP_MD_CTX to use accessor functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:39:23 +01:00
Richard Levitte
fa0c23de83 Adapt HMAC to the EVP_MD_CTX changes
This change required some special treatment, as HMAC is intertwined
with EVP_MD.  For now, all local HMAC_CTX variables MUST be
initialised with HMAC_CTX_EMPTY, or whatever happens to be on the
stack will be mistaken for actual pointers to EVP_MD_CTX.  This will
change as soon as HMAC_CTX becomes opaque.

Also, since HMAC_CTX_init() can fail now, its return type changes from
void to int, and it will return 0 on failure, 1 on success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Richard Levitte
77a01145be Have other crypto/evp files include evp_locl.h
Note: this does not include the files in crypto/evp that are just
instanciations of EVP_MD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Richard Levitte
7638370ca6 Make the definition of EVP_MD_CTX opaque
This moves the definitionto crypto/evp/evp_locl.h, along with a few
associated accessor macros.  A few accessor/writer functions added.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Dr. Stephen Henson
7f572e958b Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.

Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.

Remove now obsolete EVP_dss1() and EVP_ecdsa().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 17:52:01 +00:00
Dr. Stephen Henson
00f5263b78 Add ctrl for SHA1 and SSLv3
Add SSLv3 ctrl to EVP_sha1() this is only needed if SSLv3 client
authentication is used with DSA/ECDSA.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
9cc6fa1ce8 make update
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
396d5fd091 Add EVP_MD_CTX_ctrl function.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
93972b8c72 Add ssl3 ctrl to EVP_md5_sha1().
Add a ctrl to EVP_md5_sha1() to handle the additional operations needed
to handle SSL v3 client authentication and finished message.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Dr. Stephen Henson
2f142ada2c Add MD5+SHA1
Add digest combining MD5 and SHA1. This is used by RSA signatures for
TLS 1.1 and earlier.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-24 19:18:44 +00:00
Alessandro Ghedini
3003e0a422 Fix (minor) problems found by ubsan
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-21 14:21:04 +01:00
Andy Polyakov
a5fd24d19b aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.
It was also found that stich performs suboptimally on AMD Jaguar, hence
execution is limited to XOP-capable and Intel processors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-16 13:06:10 +01:00
Matt Caswell
90945fa31a Continue standardising malloc style for libcrypto
Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-09 22:48:41 +00:00
Dr. Stephen Henson
b8fb59897b Rebuild error source files.
Rebuild error source files: the new mkerr.pl functionality will now
pick up and translate static function names properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-05 15:48:37 +00:00
Ben Laurie
84cf97af06 Improve make depend.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-24 17:34:21 +01:00
Ben Laurie
2f1a5d1694 Fix undeclared variable warnings.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-10-24 16:42:51 +01:00
Alessandro Ghedini
070c23325a Remove useless code
RT#4081

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
8cf9d71a3a Check memory allocation
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Alessandro Ghedini
3f6c769187 Fix memory leaks and other mistakes on errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Emilia Kasper
6f73d28c20 Remove EVP_CHECK_DES_KEY
Thanks to the OpenBSD community for bringing this to our attention.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 18:45:33 +02:00
Dr. Stephen Henson
4ec36aff2a RFC5753 compliance.
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 22:57:47 +01:00
Dr. Stephen Henson
c69ce93513 Typo.
PR#4079

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-11 00:06:56 +01:00
Dr. Stephen Henson
8bbda94c6e make depend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 16:37:07 +01:00
Matt Caswell
eeb1c3976c Add GOST extensions to PKCS#5
GOST extends PKCS5 PBES2/PBKDF2 with some additional GOST specific PRFs.

Based on a patch provided by Dmitry Belyavsky <beldmit@gmail.com>

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-21 10:30:49 +01:00
Dr. Stephen Henson
01a4e8764d remove unneeded includes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:56 +01:00
Dr. Stephen Henson
37f3a3b327 make no-dh work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-20 12:50:55 +01:00
Viktor Dukhovni
4fe1cbdff8 Fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-19 09:04:16 -04:00
Emilia Kasper
b785504a10 base64 decode: check for high bit
Previously, the conversion would silently coerce to ASCII. Now, we error
out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-17 21:42:38 +02:00
Emilia Kasper
3cdd1e94b1 RT3757: base64 encoding bugs
Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2015-09-17 19:48:14 +02:00
Matt Caswell
8011f64efb make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-16 12:40:55 +01:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Dr. Stephen Henson
e7451ed137 EVP_PKEY_METHOD accessor functions.
Functions to retrieve the function pointer of an existing method: this
can be used to create a method which intercepts or modifies the behaviour
of an existing method while retaining most of the existing behaviour.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-10 18:20:27 +01:00
Emilia Kasper
e34c66c6b0 RT3754: check for NULL pointer
Fix both the caller to error out on malloc failure, as well as the
eventual callee to handle a NULL gracefully.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-09-10 17:21:23 +02:00
Rich Salz
b0809bc8ff RT3998: Allow scrypt to be disabled
This does 64-bit division and multiplication, and on 32-bit platforms
pulls in libgcc symbols (and MSVC does similar) which may not be
available.  Mostly done by David Woodhouse.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-04 14:09:14 -04:00
Rich Salz
a939b0aab5 More zalloc nits
Found on GitHub by dimman

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-04 11:45:44 -04:00
Rich Salz
64b25758ed remove 0 assignments.
After openssl_zalloc, cleanup more "set to 0/NULL" assignments.
Many are from github feedback.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:26:34 -04:00
Dr. Stephen Henson
d95466931d PBE lookup test
Add test to check PBE lookups: these can fail if the PBE table is not
correctly orders. Add to "make test".

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-03 18:37:27 +01:00
Rich Salz
b51bce9420 Add and use OPENSSL_zalloc
There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-02 22:05:37 -04:00
Dr. Stephen Henson
e75c5a794e CCM support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:56:11 +01:00
Dr. Stephen Henson
2acdef5e97 Return error for unsupported modes.
PR#3974
PR#3975

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-12 13:54:56 +01:00
Rich Salz
fbfcb22439 RT3999: Remove sub-component version strings
Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:13:32 -04:00
Dr. Stephen Henson
9cca7be11d Relax CCM tag check.
In CCM mode don't require a tag before initialising decrypt: this allows
the tag length to be set without requiring the tag.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-06 15:42:23 +01:00
Andy Polyakov
f0fa5c8306 e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-11 10:12:54 +02:00
Emilia Kasper
1e4a355dca Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-08 14:55:50 +02:00
Dr. Stephen Henson
f2e19cb15e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:24:59 +01:00
Dr. Stephen Henson
fef034f85e Error if memory limit exceeded.
Set a specific error if the parameters are otherwise valid but exceed the
memory limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:25 +01:00