aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/evp
Commit message (Collapse)AuthorAgeFilesLines
* Convert X509* functions to use const gettersDr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify private key decode.Dr. Stephen Henson2016-08-171-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add point ctrls to X25519Dr. Stephen Henson2016-08-131-4/+28
| | | | | | | Add ctrl operations to set or retrieve encoded point in EVP_PKEY structures containing X25519 keys. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add X25519 methods to internal tablesDr. Stephen Henson2016-08-131-0/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix spelling of error codeKurt Roeckx2016-08-102-3/+3
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1421)
* Constify some ASN1_OBJECT *obj input parametersFdaSilvaYY2016-08-041-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix some style issues...FdaSilvaYY2016-08-021-3/+5
| | | | | | | extra spacing and 80 cols Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1366)
* evp/bio_enc.c: perform enc_read operation without using overlapping buffers.Andy Polyakov2016-07-311-9/+27
| | | | Reviewed-by: Stephen Henson <steve@openssl.org>
* evp/evp_enc.c: make assert error message more readableAndy Polyakov2016-07-312-9/+22
| | | | | | and add EVPerr(PARTIALLY_OVERLAPPED) Reviewed-by: Stephen Henson <steve@openssl.org>
* Note cipher BIO write errors too.Dr. Stephen Henson2016-07-261-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Set error if EVP_CipherUpdate fails.Dr. Stephen Henson2016-07-261-0/+1
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add EVP_ENCODE_CTX_copyJakub Zelenka2016-07-241-0/+8
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1344)
* Check for errors allocating the error strings.Kurt Roeckx2016-07-201-2/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.Andy Polyakov2016-07-161-2/+4
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add checks on sk_TYPE_push() returned valueFdaSilvaYY2016-07-051-1/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Convert memset calls to OPENSSL_cleanseMatt Caswell2016-06-301-2/+2
| | | | | | | | Ensure things really do get cleared when we intend them to. Addresses an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Whitespace cleanup in cryptoFdaSilvaYY2016-06-292-2/+2
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* base64 macro: parenthesize for clarityEmilia Kasper2016-06-281-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* evp/evp_enc.c: refine partial buffer overlap detection.Andy Polyakov2016-06-271-9/+21
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* evp/evp_enc.c: check for partially[!] overlapping buffersAndy Polyakov2016-06-271-0/+41
| | | | | | | | in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in general case it's impossible to provide guarantee that partially[!] overlapping buffers can be tolerated. Reviewed-by: Matt Caswell <matt@openssl.org>
* Ensure HMAC key gets cleansed after useMatt Caswell2016-06-241-0/+2
| | | | | | | | | aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't. Fixes an OCAP Audit issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
* RT2867: des_ede3_cfb1 ignored "size in bits" flagRich Salz2016-06-231-0/+2
| | | | | | | Code and tests by Steve. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memsetKurt Cancemi2016-06-201-4/+3
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1231)
* Useless header include of openssl/rand.hFdaSilvaYY2016-06-182-2/+0
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1168)
* Add EVP_PKEY_get0_hmac() functionNathaniel McCallum2016-06-162-0/+14
| | | | | | | | Before the addition of this function, it was impossible to read the symmetric key from an EVP_PKEY_HMAC type EVP_PKEY. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1217)
* Change the return type of EVP_EncodeUpdateMatt Caswell2016-06-162-7/+10
| | | | | | | | Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been changed to an int, with 0 indicating error and 1 indicating success. Reviewed-by: Rich Salz <rsalz@openssl.org>
* evp/e_aes.c: wire hardware-assisted XTS subroutines.Andy Polyakov2016-06-141-0/+14
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add some missing return value checksMatt Caswell2016-06-131-4/+5
| | | | | | Some misc return value checks Reviewed-by: Rich Salz <rsalz@openssl.org>
* Parameter copy sanity checks.Dr. Stephen Henson2016-05-311-0/+8
| | | | | | | | | | | | Don't copy parameters is they're already present in the destination. Return error if an attempt is made to copy different parameters to destination. Update documentation. If key type is not initialised return missing parameters RT#4149 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix braces in e_aes.c: aes_init_keyTodd Short2016-05-241-1/+2
| | | | | | | | | | | | This compiles correctly, but depending on what may be defined, it's possible that this could fail compilation. The braces are mismatched, and it's possible to end up with an else followed by another else. This presumes the indentation is mostly correct and indicative of intent. Found via static analysis. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1118)
* #4342: few missing malloc return checks and free in error pathsJ Mohan Rao Arisankala2016-05-231-5/+3
| | | | | | | | | | | | | ossl_hmac_cleanup, pkey_hmac_cleanup: - allow to invoke with NULL data - using EVP_PKEY_CTX_[get|set]_data EVP_DigestInit_ex: - remove additional check for ‘type’ and doing clear free instead of free Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove unused error/function codes.Rich Salz2016-05-231-47/+5
| | | | | | | | Add script to find unused err/reason codes Remove unused reason codes. Remove entries for unused functions Reviewed-by: Matt Caswell <matt@openssl.org>
* Fix a NULL dereference in chacha20_poly1305_init_key()Kazuki Yamaguchi2016-05-181-9/+13
| | | | | | | | | chacha20_poly1305_init_key() dereferences NULL when called with inkey != NULL && iv == NULL. This function is called by EVP_EncryptInit_ex() family, whose documentation allows setting key and iv in separate calls. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Manual fixes after copyright consolidationRich Salz2016-05-171-51/+6
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 05/10Rich Salz2016-05-1717-841/+100
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Copyright consolidation 04/10Rich Salz2016-05-1741-2241/+237
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove an unneccessary check of cipherMatt Caswell2016-05-161-1/+1
| | | | | | | | Due to short-circuiting we only need to check "cipher" for NULL once. PR#699 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Unify <TYPE>_up_ref methods signature and behaviour.FdaSilvaYY2016-05-161-2/+8
| | | | | | | | | Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* fix tab-space mixed indentationFdaSilvaYY2016-05-091-1/+1
| | | | | | | No code change Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* fix checkJ Mohan Rao Arisankala2016-05-091-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* few missing allocation failure checks and releases on error pathsJ Mohan Rao Arisankala2016-05-092-1/+10
| | | | | | | | - Missing checks for allocation failure. - releasing memory in few missing error paths Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Use default ASN.1 for SEED.Dr. Stephen Henson2016-05-051-1/+2
| | | | | | | | | The default ASN.1 handling can be used for SEED. This also makes CMS work with SEED. PR#4504 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Check that we have enough padding characters.Kurt Roeckx2016-05-032-0/+6
| | | | | | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> CVE-2016-2107 MR: #2572
* Ensure EVP_EncodeUpdate handles an output length that is too longMatt Caswell2016-05-031-2/+8
| | | | | | | | | | With the EVP_EncodeUpdate function it is the caller's responsibility to determine how big the output buffer should be. The function writes the amount actually used to |*outl|. However this could go negative with a sufficiently large value for |inl|. We add a check for this error condition. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Avoid overflow in EVP_EncodeUpdateMatt Caswell2016-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | An overflow can occur in the EVP_EncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Due to the very large amounts of data involved this will most likely result in a crash. Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the PEM_write_bio* family of functions. These are mainly used within the OpenSSL command line applications, so any application which processes data from an untrusted source and outputs it as a PEM file should be considered vulnerable to this issue. User applications that call these APIs directly with large amounts of untrusted data may also be vulnerable. Issue reported by Guido Vranken. CVE-2016-2105 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix encrypt overflowMatt Caswell2016-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An overflow can occur in the EVP_EncryptUpdate function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate function all usage is one of two forms. The first form is like this: EVP_EncryptInit() EVP_EncryptUpdate() i.e. where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, I believe that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). Therefore I have checked all instances of these calls too, and came to the same conclusion, i.e. there are no instances in internal usage where an overflow could occur. This could still represent a security issue for end user code that calls this function directly. CVE-2016-2106 Issue reported by Guido Vranken. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Remove obsolete defined(__INTEL__) condition.Andy Polyakov2016-05-024-8/+4
| | | | | | This macro was defined by no-longer-supported __MWERKS__ compiler. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add aliases for des-ede-ecb and des-ede3-ecb ciphers.Kirill Marinushkin2016-04-291-0/+4
| | | | | | | | | | | | | | | | | | | Currently we can get all block ciphers with EVP_get_cipherbyname("<alg_name>-<block-mode-name>") for example, by names "aes-128-ecb" or "des-ede-cbc". I found a problem with des-ede-ecb and des-ede3-ecb ciphers as they can be accessed only with names: EVP_get_cipherbyname("des-ede") EVP_get_cipherbyname("des-ede3") It breaks the general concept. In this patch I add aliases which allow to use names: EVP_get_cipherbyname("des-ede-ecb") EVP_get_cipherbyname("des-ede3-ecb") in addition to the currently used names. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix missing IDEA renames (windows build)Michel2016-04-201-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Remove --classic build entirelyRichard Levitte2016-04-201-68/+0
| | | | | | | | The Unix build was the last to retain the classic build scheme. The new unified scheme has matured enough, even though some details may need polishing. Reviewed-by: Rich Salz <rsalz@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-13 00:19:24 +0000