summaryrefslogtreecommitdiffstats
path: root/crypto
AgeCommit message (Collapse)Author
2018-09-21typo-fixes: miscellaneous typo fixesagnosticdev
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277)
2018-09-21crypto/bn/asm/x86_64-gcc.c: remove unnecessary redefinition of BN_ULONGRichard Levitte
This module includes bn.h via other headers, so it picks up the definition from there and doesn't need to define them locally (any more?). Worst case scenario, the redefinition may be different and cause all sorts of compile errors. Fixes #7227 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7287)
2018-09-20/dev/crypto engine: add missing RC4 parameterRichard Levitte
Fixes #7280 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7281)
2018-09-20crypto/ui/ui_openssl.c: make sure to recognise ENXIO and EIO tooRichard Levitte
These both indicate that the file descriptor we're trying to use as a terminal isn't, in fact, a terminal. Fixes #7271 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7272)
2018-09-17Add missing include file.Pauli
Specifically, include e_os.h to pick up alloca definition for WIN32. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7234)
2018-09-17Use 'i' as parameter name not 'I'.Pauli
The latter causes problems when complex.h is #included. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-15VMS: only use the high precision on VMS v8.4 and upRichard Levitte
It simply isn't available on older versions. Issue submitted by Mark Daniels Fixes #7229 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7230) (cherry picked from commit d6d6aa3521e207c2727bbd1e5c97772502d15739)
2018-09-13Make some return checks consistent with othersPaul Yang
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7209)
2018-09-12Replace the public RAND_DRBG_USED_FLAGS #define by an internal constantDr. Matthias St. Pierre
The new DRBG API added the aforementioned #define. However, it is used internally only and having it defined publicly does not serve any purpose except causing potential version compatibility problems. Fixes #7182 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7190)
2018-09-12minor fixes for WindowsViktor Szakats
- fix to use secure URL in generated Windows resources - fix a potentially uninitialized variable - fix an unused variable warning CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7189)
2018-09-12crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly definedRichard Levitte
Fixes #7186 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7193)
2018-09-12Limit the number of AES-GCM keys allowed in TLS. A new error is raised if thisPauli
limit is ever reached. This is a FIPS 140-2 requirement from IG A.5 "Key/IV Pair Uniqueness Requirements from SP 800-38D". Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7129)
2018-09-12FIPS 140-2 IG A.9 XTS key check.Pauli
Add a check that the two keys used for AES-XTS are different. One test case uses the same key for both of the AES-XTS keys. This causes a failure under FIP 140-2 IG A.9. Mark the test as returning a failure. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7120)
2018-09-11Update copyright yearMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-10Check the return value from ASN1_INTEGER_setMatt Caswell
Found by Coverity Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7169)
2018-09-10Validate the SM2 digest len before useMatt Caswell
Fixes a Coverity complaint. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7170)
2018-09-10crypto/rsa/rsa_pss.c: silence coverity warningDr. Matthias St. Pierre
Reported by Coverity Scan (CID 1439138) [extended tests] Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7156)
2018-09-09ASN.1 DER: Make INT32 / INT64 types read badly encoded LONG zeroesRichard Levitte
The deprecated ASN.1 type LONG / ZLONG (incorrectly) produced zero length INTEGER encoding for zeroes. For the sake of backward compatibility, we allow those to be read without fault when using the replacement types INT32 / UINT32 / INT64 / UINT64. Fixes #7134 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7144)
2018-09-09SipHash: add separate setter for the hash sizeRichard Levitte
This was originally part of SipHash_Init. However, there are cases where there isn't any key material to initialize from when setting the hash size, and we do allow doing so with a EVP_PKEY control. The solution is to provide a separate hash_size setter and to use it in the corresponding EVP_PKEY_METHOD. Fixes #7143 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7145)
2018-09-09SipHash: make it possible to control the hash size through string controlsRichard Levitte
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7154)
2018-09-07Add missing SM2err and fix doc nitsPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctxPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Update document for SM2 stuffsPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Support setting SM2 IDPaul Yang
zero-length ID is allowed, but it's not allowed to skip the ID. Fixes: #6534 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Make SM2 ID stick to specificationPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Support pmeth->digest_customPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Introduce EVP_MD_CTX_set_pkey_ctxPaul Yang
Thus users can use this function to set customized EVP_PKEY_CTX to EVP_MD_CTX structure. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Remove unnecessary sm2_za.cPaul Yang
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07Avoid SEGV when giving X509_sign a NULL private key.Pauli
Put a NULL check back in to avoid dereferencing the NULL pointer. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7146)
2018-09-06RSA padding Zeroization fixesShane Lontis
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7090)
2018-09-06Key zeroization fix for EVP_SealInit + added simple testShane Lontis
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7105)
2018-09-05Harmonize the error handling codepathNicola Tuveri
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7121)
2018-09-05Fix segfault in RSA_free() (and DSA/DH/EC_KEY)Nicola Tuveri
`RSA_free()` and friends are called in case of error from `RSA_new_method(ENGINE *e)` (or the respective equivalent functions). For the rest of the description I'll talk about `RSA_*`, but the same applies for the equivalent `DSA_free()`, `DH_free()`, `EC_KEY_free()`. If `RSA_new_method()` fails because the engine does not implement the required method, when `RSA_free(RSA *r)` is called, `r->meth == NULL` and a segfault happens while checking if `r->meth->finish` is defined. This commit fixes this issue by ensuring that `r->meth` is not NULL before dereferencing it to check for `r->meth->finish`. Fixes #7102 . Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7121)
2018-09-05hkdf zeroization fixShane Lontis
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7106)
2018-09-05key zeroisation fix for p12Shane Lontis
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7109)
2018-09-05key zeroisation for pvkfmt now done on all branch pathsShane Lontis
Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7107)
2018-09-04Fix HMAC SHA3-224 and HMAC SHA3-256.Pauli
Added NIST test cases for these two as well. Additionally deprecate the public definiton of HMAC_MAX_MD_CBLOCK in 1.2.0. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6972)
2018-09-04Make OBJ_NAME case insensitive.Pauli
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7089)
2018-09-04hmac_init cleanup and fix key zeroization issueShane Lontis
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7092)
2018-09-03[test] throw error from wrapper function instead of an EC_METHOD specific oneBilly Brumley
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7028)
2018-09-03Fix the comment of PEM_read_bio_exwzhang
Add one more unit test case Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> (Merged from https://github.com/openssl/openssl/pull/6892)
2018-09-03add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESPPaul Kehrer
fixes #7081 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-03Check the return from BN_sub() in BN_X931_generate_Xpq().Pauli
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7088)
2018-09-03Check for a failure return from EVP_MD_CTX_new() in OCSP_basic_sign().Pauli
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7087)
2018-09-03Remove redundant ASN1_INTEGER_set callEric Brown
This trivial patch removes a duplicated call to ASN1_INTEGER_set. Fixes Issue #6977 Signed-off-by: Eric Brown <browne@vmware.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6984)
2018-08-29fix out-of-bounds write in sm2_crypt.cymlbright
asn1_encode has two form length octets: short form(1 byte), long form(1+n byte). CLA: Trivial Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7027)
2018-08-26x509v3/v3_purp.c: refine lock-free check in x509v3_cache_extensions.Andy Polyakov
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6996)
2018-08-23bn/bn_lib.c: conceal even memmory access pattern in bn2binpad.Andy Polyakov
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
2018-08-23bn/bn_blind.c: use Montgomery multiplication when possible.Andy Polyakov
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
2018-08-23rsa/rsa_ossl.c: implement variant of "Smooth CRT-RSA."Andy Polyakov
In [most common] case of p and q being of same width, it's possible to replace CRT modulo operations with Montgomery reductions. And those are even fixed-length Montgomery reductions... Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6915)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 08:13:39 +0000