summaryrefslogtreecommitdiff
path: root/crypto
Commit message (Collapse)AuthorAgeFilesLines
...
* Enable AES optimisation on Apple Silicon M2-based systemsTom Cosgrove2023-01-301-1/+2
| | | | | | | | | Gives a performance enhancement of 16-38%, similar to the M1. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20141)
* Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() codeTomas Mraz2023-01-271-76/+263
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* Revert "Give BIO_s_mem() the ability to support datagrams"Tomas Mraz2023-01-271-118/+8
| | | | | | | | This reverts commit 5a4ba72f00f9b336a4d65abff822699ceb9617c6. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* Fix Coverity 1520485: logically dead codePauli2023-01-261-4/+0
| | | | | | | | | | The check is unnecessary as the condition is already checked before the switch statement. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20121)
* OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it ↵Dr. David von Oheimb2023-01-261-31/+54
| | | | | | | | | makes sense Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()Dr. David von Oheimb2023-01-261-0/+25
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* Fix incomplete checks for EVP_CIPHER_asn1_to_paramNiels Dossche2023-01-253-3/+3
| | | | | | | | | | | | | | | | EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and a value greater than 0 in case of success. Two callsites only check for < 0 instead of <= 0. The other callsites perform this check correctly. Change the two callsites to <= 0. Additionally correctly handle a zero return value from EVP_CIPHER_get_asn1_iv as success. Fixes: #20116 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/201213)
* APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is givenDr. David von Oheimb2023-01-241-0/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
* X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return valuesDr. David von Oheimb2023-01-243-47/+64
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
* set_trace_data(): prevent double free on OPENSSL_strdup() failureDr. David von Oheimb2023-01-241-5/+9
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19959)
* Fix corruption when searching for CRLs in hashed directoriesHugo Landau2023-01-241-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track how many sequentially numbered CRL files have been loaded for a given X509_NAME hash which is being requested. This avoids loading already loaded CRL files and repeated stat() calls. This OPENSSL_STACK is searched using sk_find, however this mutates the OPENSSL_STACK unless it is known to be sorted. This operation therefore requires a write lock, which was not taken. Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This guarantees no mutation will occur during sk_find. This is chosen over taking a write lock during sk_find as retrieving a CRL by X509_NAME is assumed to be a hotter path than the case where a new CRL is installed. Also optimise the code by avoiding creating the structure to track the last CRL file sequence number in the circumstance where it would match the initial value, namely where no CRL with the given hash is installed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20076)
* X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in ↵Dr. David von Oheimb2023-01-231-1/+1
| | | | | | | | | X509_VERIFY_PARAM_clear_flags doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20052)
* cmp_client.c: fix handling of total_timeout for RR and GENM transactionsDr. David von Oheimb2023-01-231-12/+10
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
* cmp_client_test.c: add tests for end_time being initialized for RR/GENMDr. David von Oheimb2023-01-232-5/+9
| | | | | | | | | To this end, tweak the internal handling of ctx->total_timeout. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19391)
* Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()Niels Dossche2023-01-231-1/+1
| | | | | | | | | | | | | | RAND_bytes_ex() can also return 0 on failure. Other callers do check this correctly. Change the check from <0 to <=0. Fixes: #20100 CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20106)
* bn2bin(): Don't accept len < 0Richard Levitte2023-01-201-0/+4
| | | | | | | | | Test included Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20033)
* bin2bn(): When len==0, just return a zero BIGNUMRichard Levitte2023-01-201-0/+9
| | | | | | | | | | This allows calls with s==NULL and len==0 to be safe. It probably already was, but address sanitizers could still complain. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20033)
* Correct property EBNF for unquoted stringsPauli2023-01-201-18/+0
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20023)
* Fix incorrect error return value in i2r_ADMISSION_SYNTAX()Niels Dossche2023-01-191-1/+1
| | | | | | | | | | | | | | The other implementations of i2r return 0 in case of an error, but i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not catch the error. Change it to return 0 like the others do. Fixes: #20066 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20068)
* remove unused macro in cast_local.h and des_local.hzhangzhilei2023-01-172-60/+0
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20048)
* PKCS12 - Add additional libctx and propq support.slontis2023-01-168-17/+128
| | | | | | | | | | | | | | | | | Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
* Fix big-endian issue in chacha20 SVE implementation on aarch64fangming.fang2023-01-161-9/+16
| | | | | | | | Fixes: #19902 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20028)
* Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttimeBernd Edlinger2023-01-143-8/+48
| | | | | | | | | | Otherwise the alloca can cause an exception. Issue reported by Jiayi Lin. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
* Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"Bernd Edlinger2023-01-141-9/+0
| | | | | | | | This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20005)
* QUIC: Enable building with QUIC support disabledHugo Landau2023-01-132-0/+15
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Add BIO poll descriptorsHugo Landau2023-01-132-0/+20
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Support all five EdDSA instances from RFC 8032James Muir2023-01-134-59/+100
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #6277 Description: Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519, Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs. The desired EdDSA instance is specified via an OSSL_PARAM. All instances, except for Ed25519, allow context strings as input. Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the context string must be nonempty. Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that the full message (not a digest) must be passed to sign and verify operations. Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input message is hashed before sign and verify. Testing: All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt (thanks to Shane Lontis for showing how to do that). Those 21 test vectors are exercised by evp_test.c and cover all five instances. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19705)
* Make RSA_generate_multi_prime_key() not segfault if e is NULL.slontis2023-01-121-6/+7
| | | | | | | | | | | | This is not a big problem for higher level keygen, as these set e beforehand to a default value. But the logic at the lower level is incorrect since it was doing a NULL check in one place but then segfaulting during a later BN_copy(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20025)
* remove unused macro in rc2_local.h and rc5_local.hzhangzhilei2023-01-122-127/+0
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20015)
* Do not check definition of a macro and use it in a single conditionTomas Mraz2023-01-121-2/+3
| | | | | | | | | | | The condition evaluation in #if conditions does not tolerate this if the macro is not defined. Fixes #19628 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20018)
* OSSL_PARAM_BLD and BIGNUM; ensure at least one byte is allocatedRichard Levitte2023-01-111-0/+4
| | | | | | | | | | | | A zero BIGNUM contains zero bytes, while OSSL_PARAMs with an INTEGER (or UNSIGNED INTEGER) data type are expected to have at least one data byte allocated, containing a zero. This wasn't handled correctly. Fixes #20011 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20013)
* In OSSL_PARAM_set_BN(), make sure that the data_size field is at least 1Richard Levitte2023-01-111-0/+3
| | | | | | | | | This way, we guarantee that a zero is represented with one byte of data that's set to zero. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20013)
* info.c: Fix typos in seed macro name and description stringGreg McLearn2023-01-101-2/+2
| | | | | | | | | | | Fixes: #19996 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20001)
* rsaz_exp_x2.c: Remove unused ALIGN64 macroTomas Mraz2023-01-091-8/+0
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19597)
* rsaz_exp_x2.c: Avoid potential undefined behavior with strict aliasingTomas Mraz2023-01-091-4/+12
| | | | | | | | Fixes #19584 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19597)
* Revert "Fix an occasional CI failure due to unaligned access"Tomas Mraz2023-01-091-9/+7
| | | | | | | | This reverts commit 8511520842b744d1794ea794c032ce5f78cd874b. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19597)
* Fix SM4 test failures on big-endian ARM processorsXu Yizhou2023-01-061-26/+26
| | | | | | | | Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19910)
* Write SSL_R alerts to error state to keep updated stringsTomas Mraz2023-01-052-2/+33
| | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19950)
* Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.slontis2023-01-041-1/+3
| | | | | | | | Fixes #9205 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19954)
* Fixed typos in documentation and commentsSemen Zhydenko2023-01-041-1/+1
| | | | | | | | | | | | | | | | Fixed typo: accomodate -> accommodate Fixed typo: analagous -> analogous Fixed typo: auxilliary -> auxiliary Fixed typo: eigth -> eighth Fixed typo: explotation -> exploitation Fixed typo: originaly -> originally Fixed typo: simplier -> simpler Fixed typo: sucessful -> successful Fixed typo: recievers -> receivers Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19977)
* Fix possible UB in init_info_stringsBernd Edlinger2022-12-221-4/+4
| | | | | | | | | | | "openssl version -c" may create undefined behavior in the shift: crypto/info.c:42:50: runtime error: left shift of 4275712515 by 32 places cannot be represented in type 'long long int' Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19668)
* Avoid ifdefs in trace categoriesTomas Mraz2022-12-221-14/+7
| | | | | | | | | | | The trace code assumes all categories are present and the category numbers are equal to the index in the table. Fixes #19915 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19917)
* Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OIDMatt Caswell2022-12-223-0/+8
| | | | | | | | | | | If the cipher being used in ossl_cms_EncryptedContent_init_bio() has no associated OID then we should report an error rather than continuing on regardless. Continuing on still ends up failing - but later on and with a more cryptic error message. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
* Fix BIO_f_asn1() to properly report some errorsMatt Caswell2022-12-221-2/+2
| | | | | | | | | | Some things that may go wrong in asn1_bio_write() are serious errors that should be reported as -1, rather than 0 (which just means "we wrote no data"). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
* Fix SMIME_crlf_copy() to properly report an errorMatt Caswell2022-12-221-1/+5
| | | | | | | | | | If the BIO unexpectedly fails to flush then SMIME_crlf_copy() was not correctly reporting the error. We modify it to properly propagate the error condition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
* Fix BIO_f_cipher() flushingMatt Caswell2022-12-221-1/+8
| | | | | | | | | | | | | | | | | If an error occurs during a flush on a BIO_f_cipher() then in some cases we could get into an infinite loop. We add a check to make sure we are making progress during flush and exit if not. This issue was reported by Octavio Galland who also demonstrated an infinite loop in CMS encryption as a result of this bug. The security team has assessed this issue as not a CVE. This occurs on *encryption* only which is typically processing trusted data. We are not aware of a way to trigger this with untrusted data. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19918)
* Refine the documents of several APIsPeiwei Hu2022-12-164-5/+11
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19816)
* Address coverity issue CID 1517105slontis2022-12-161-2/+5
| | | | | | | | | | | The code path for this resource leak indicates that this is a false positive (if you look at the callers). Rather than ignoring the warning an extra check has been added, in case future callers do the wrong thing. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19799)
* Do not build P10-specific AES-GCM assembler on AIXTomas Mraz2022-12-141-1/+4
| | | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19865) (cherry picked from commit 5c92ac52c282dbcb07e3880c2edd3a1bce452396)
* Do not build P10-specific Chacha20 assembler on AIXTomas Mraz2022-12-142-3/+8
| | | | | | | | | | Fixes #18145 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19865) (cherry picked from commit cdcc439aa0acba8a50b5e3444fb12d6e1157b991)
View Lorry Controller Status