Commit Graph

8850 Commits

Author SHA1 Message Date
Richard Levitte
165f1c3ef3 In err_cleanup(), cleanup the thread local storage too
Fixes #3033

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3035)
2017-03-27 12:54:40 +02:00
Andy Polyakov
0822d41b6d aes/asm/bsaes-armv7.pl: relax stack alignment requirement.
Even though Apple refers to Procedure Call Standard for ARM Architecture
(AAPCS), they apparently adhere to custom version that doesn't follow
stack alignment constraints in the said standard. [Why or why? If it's
vendor lock-in thing, then it would be like worst spot ever.] And since
bsaes-armv7 relied on standard alignment, it became problematic to
execute the code on iOS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-26 18:29:03 +02:00
Bernd Edlinger
1b6f5a4d3b Don't access memory before checking the correct length in aesni_cbc_hmac_sha256_ctrl in case EVP_CTRL_AEAD_TLS1_AAD.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3023)
2017-03-25 11:12:18 +01:00
Andy Polyakov
120a9e1a82 bn/asm/sparcv9-mont.pl: fix squaring code path.
This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-24 12:18:35 +01:00
Andy Polyakov
a2bb183623 modes/ocb128.c: fix misaligned access in ILP32 builds on 64-bit processors.
One could have fixed the problem by arranging 64-bit alignment of
EVP_AES_OCB_CTX.aad_buf in evp/e_aes.c, but CRYPTO_ocb128_aad
prototype doesn't imply alignment and we have to honour it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2994)
2017-03-22 11:09:12 +01:00
Andy Polyakov
08d09628d2 aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)
2017-03-22 11:02:56 +01:00
Andy Polyakov
0a5d1a38f2 poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_8x.
As hinted by its name new subroutine processes 8 input blocks in
parallel by loading data to 512-bit registers. It still needs more
work, as it needs to handle some specific input lengths better.
In this sense it's yet another intermediate step...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-22 10:59:59 +01:00
Andy Polyakov
6cbfd94d08 x86_64 assembly pack: add some Ryzen performance results.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2017-03-22 10:58:01 +01:00
David Benjamin
b6ef12c4ba Remove duplicate X509_OBJECT free function.
These two functions do the same thing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3001)
2017-03-21 10:17:19 +00:00
Richard Levitte
ca2045dc54 Fix decoding of ASN.1 LONG and ZLONG items
LONG and ZLONG items (which are OpenSSL private special cases of
ASN1_INTEGER) are encoded into DER with padding if the leading octet
has the high bit set, where the padding can be 0x00 (for positive
numbers) or 0xff (for negative ones).

When decoding DER to LONG or ZLONG, the padding wasn't taken in
account at all, which means that if the encoded size with padding
is one byte more than the size of long, decoding fails.  This change
fixes that issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3000)
2017-03-20 22:09:57 +01:00
Bernd Edlinger
b3c31a6572 Fix the error handling in CRYPTO_dup_ex_data.
Fix a strict aliasing issue in ui_dup_method_data.
Add test coverage for CRYPTO_dup_ex_data, use OPENSSL_assert.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2988)
2017-03-20 13:11:31 +01:00
Kurt Roeckx
43c564170c Use memcmp() instead of CRYPTO_memcmp() when fuzzing
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:34:07 +01:00
Kurt Roeckx
497910833e Make the CRYPTO_memcmp() prototype match memcmp()
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2633
2017-03-19 14:33:54 +01:00
Péter Budai
fa013b6524 Fixed PKCS5_PBKDF2_HMAC() to adhere to the documentation.
The documentation of this function states that the password parameter
can be NULL. However, the implementation returns an error in this case
due to the inner workings of the HMAC_Init_ex() function.
With this change, NULL password will be treated as an empty string and
PKCS5_PBKDF2_HMAC() no longer fails on this input.

I have also added two new test cases that tests the handling of the
special values NULL and -1 of the password and passlen parameters,
respectively.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1692)
2017-03-17 08:47:11 -04:00
Bernd Edlinger
29d1fad788 Fixed a crash in print_notice.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2935)
2017-03-15 17:32:28 -04:00
Richard Levitte
d1da335c55 Add EC_KEY_get0_engine()
Just as for DH, DSA and RSA, this gives the engine associated with the
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2960)
2017-03-15 15:03:11 +01:00
Bernd Edlinger
108909d30e Fix a crash or unbounded allocation in RSA_padding_add_PKCS1_PSS_mgf1
and RSA_verify_PKCS1_PSS_mgf1 with 512-bit RSA vs. sha-512.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2801)
2017-03-13 21:59:53 +01:00
Andy Polyakov
c2b935904a poly1305/asm/poly1305-x86_64.pl: add poly1305_blocks_vpmadd52_4x.
As hinted by its name new subroutine processes 4 input blocks in
parallel. It still operates on 256-bit registers and is just
another step toward full-blown AVX512IFMA procedure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-13 18:48:34 +01:00
Andy Polyakov
a25cef89fd poly1305/asm/poly1305-armv8.pl: ilp32-specific poly1305_init fix.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-13 18:46:11 +01:00
Andy Polyakov
1aed5e1ac2 crypto/x86*cpuid.pl: move extended feature detection.
Exteneded feature flags were not pulled on AMD processors, as result
a number of extensions were effectively masked on Ryzen. Original fix
for x86_64cpuid.pl addressed this problem, but messed up processor
vendor detection. This fix moves extended feature detection past
basic feature detection where it belongs. 32-bit counterpart is
harmonized too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-13 18:42:10 +01:00
Matt Caswell
8a585601fe Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
Richard Levitte
6e470e1908 Fix UI_get0_action_string()
It shouldn't try to return an action description for UIT_PROMPT type
UI strings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2904)
2017-03-11 01:25:06 +01:00
Jon Spillett
f125430063 Exit the loop on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2805)
2017-03-09 09:26:13 -05:00
Andy Polyakov
f8418d87e1 crypto/x86_64cpuid.pl: move extended feature detection upwards.
Exteneded feature flags were not pulled on AMD processors, as result a
number of extensions were effectively masked on Ryzen. It should have
been reported for Excavator since it implements AVX2 extension, but
apparently nobody noticed or cared...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-07 11:17:32 +01:00
Rich Salz
697958313b Fix an endless loop in rsa_builtin_keygen.
And add a test case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2757)
2017-03-06 09:54:17 -05:00
Matt Caswell
d08086645f Ensure we don't call memcpy with a NULL pointer
Commit d5aa14dd simplified the bn_expand_internal() and BN_copy() functions.
Unfortunately it also removed some checks which are still required,
otherwise we call memcpy passing in NULL which is not allowed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2836)
2017-03-03 23:49:24 +00:00
Bernd Edlinger
d734582275 Reset executable bits on files where not needed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2835)
2017-03-03 09:13:40 +01:00
Rich Salz
332dc4fa5e sh_malloc & sh_free prototype change to match POSIX
CLA: trivial

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2823)
2017-03-02 19:16:57 -05:00
Andy Polyakov
3e49ee23ea bio/b_addr.c: omit private hstrerror.
Private hstrerror was introduced to address linking problem on HP-UX,
but truth be told conemporary systems, HP-UX included, wouldn't come
to that call, they would use getaddrinfo and gai_strerror, while
gethostbyname and h_errno are there to serve legacy systems. Since
legacy systems are naturally disappearing breed, we can as well just
let user interpret number.

GH#2816

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:28:54 +01:00
Andy Polyakov
ea750b5929 aes/aes_x86core.c: clarify reference implementation status.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:26:01 +01:00
Andy Polyakov
5908555c96 evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:25:36 +01:00
Andy Polyakov
eac54143fd bn/asm: clean up unused PA-RISC modules.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-03-02 16:19:54 +01:00
Andy Polyakov
604c853d45 des/des_locl.h: clean up unused/irrelevant macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-02 16:16:52 +01:00
Richard Levitte
48ce800aa5 VMS: compensate for gmtime_r() parameter pointer size
With VMS C, the second parameter takes a 32-bit pointer.  When
building with 64-bit pointer size default, we must compensate.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2811)
2017-03-01 11:46:23 +01:00
Richard Levitte
15d95dd7ea Don't use deprecated EVP_CIPHER_CTX_cleanup() internally
Use EVP_CIPHER_CTX_reset() instead

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2812)
2017-03-01 11:42:50 +01:00
Emilia Kasper
2f0ca54c32 Remove some obsolete/obscure internal define switches:
- FLAT_INC
- PKCS1_CHECK (the SSL_OP_PKCS1_CHECK options have been
  no-oped)
- PKCS_TESTVECT (debugging leftovers)
- SSL_AD_MISSING_SRP_USERNAME (unfinished feature)
- DTLS_AD_MISSING_HANDSHAKE_MESSAGE (unfinished feature)
- USE_OBJ_MAC (note this removes a define from the public header but
   very unlikely someone would be depending on it)
- SSL_FORBID_ENULL

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-03-01 10:44:49 +01:00
Benjamin Kaduk
06611d0a16 Remove OPENSSL_indirect_call()
It's undocumented and unused in the tree.  The idea seems to have
never gained much traction, and can be removed without breaking
ABI compatibility.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2800)
2017-02-28 20:14:31 -05:00
Benjamin Kaduk
5c6c4c5c33 Don't free in cleanup routine
Cleanse instead, and free in the free routine.

Seems to have been introduced in commit
846ec07d90 when EVP_CIPHER_CTX was made
opaque.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2798)
2017-02-28 19:45:19 -05:00
Andy Polyakov
695ecf8b44 crypto/des: remove unreferenced rcp_enc.c module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 23:40:23 +01:00
Bernd Edlinger
1bcbf658a6 Fix handling of EVP_PKEY_CTRL_PKCS7_ENCRYPT/DECRYPT with OPENSSL_NO_CMS.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2764)
2017-02-28 15:28:18 -05:00
Richard Levitte
9c5e87bf34 Code health: With the VAX C-ism gone, OPENSSL_GLOBAL can be removed too
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2785)
2017-02-28 20:23:07 +01:00
Emilia Kasper
d5aa14dde5 Remove memcpy unrolling in bn_lib.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2017-02-28 19:47:36 +01:00
Emilia Kasper
c26f655fdd Remove support for HMAC_TEST_PRIVATE_KEY_FORMAT
This is a bogus, undocumented format that was intended for testing; I
don't think anyone is using it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-02-28 19:46:01 +01:00
Matt Caswell
7f517c2676 Remove some commented out code in libcrypto
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2774)
2017-02-28 16:02:11 +00:00
Matt Caswell
a7ab9755da Remove a pointless "#ifndef" from bf_enc.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2778)
2017-02-28 15:17:46 +00:00
Matt Caswell
6bb900698d Remove bf_cbc.c
It is never built and the code is duplicated in bf_enc.c.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2778)
2017-02-28 15:17:46 +00:00
Matt Caswell
1fef2f8050 Remove dead code in bn
There are a number of symbols in bn which are internal only and never used
by anything. They should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2766)
2017-02-28 14:46:24 +00:00
Todd Short
2722ff506d Remove some #if 0 code in ssl, crypto/bio
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2781)
2017-02-28 09:32:41 -05:00
Richard Levitte
14097b6a92 Code health: Stop using timeb.h / ftime() (VMS only)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2775)
2017-02-28 15:32:01 +01:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00