summaryrefslogtreecommitdiff
path: root/engines
Commit message (Collapse)AuthorAgeFilesLines
* Fix the padlock engineBernd Edlinger2023-05-051-2/+13
| | | | | | | | | | | | | | ... after it was broken for almost 5 years, since the first 1.1.1 release. Note: The last working version was 1.1.0l release. Fixes #20073 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20146)
* /dev/crypto: Suppress warning when open /dev/crypto fails with ENXIO.Taylor R Campbell2023-03-311-1/+1
| | | | | | | | | | | | | | | On NetBSD the device node is essentially always present, but these days it's mostly not useful except for testing the kernel crypto stack since the cost of CPU crypto has gone down much faster than the cost of I/O to external crypto engines. So on most systems it is disabled in a way that makes open fail with ENXIO. NetBSD has had this warning for ENXIO patched away for years. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20636)
* Padlock: fix byte swapping assembly for AES-192 and 256ValdikSS2023-01-202-0/+4
| | | | | | | | | | | | | | | | | Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware. This commit correctly sets the number of swapping loops to be done. Fixes #20073 CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20077)
* Cleanup : directly include of `internal/nelem.h` when required.FdaSilvaYY2022-11-231-0/+1
| | | | | | | | And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
* Add a test case for the engine crash with AES-256-CTRBernd Edlinger2022-11-021-0/+67
| | | | | | | | | | | | | Implement the AES-256-CTR cipher in the dasync engine. Use that to reproduce the reported problems with the devcrypto engine in our normal test environment. See #17995 and #17532 for details. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19386)
* Add af_alg errors to the error queueramin2022-10-214-3/+29
| | | | | | | | | | | If the kernel operation failed the EVP functions just returned without any error message. This commit adds them. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19289)
* apps & al : Fix various typos, repeated words, align some spelling to LDP.FdaSilvaYY2022-10-121-2/+2
| | | | | | | | | | | | Mostly revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
* Add {lib}_R_{lib}_LIB, for our engines and other "external" modulesRichard Levitte2022-10-052-2/+10
| | | | | | | | | | | | Engines lacked the possibility to refer to themselves in this form: WHATEVERerr(WHATEVER_F_SOMETHING, WHATEVER_R_WHATEVER_LIB); This little change makes that possible, and gets used in e_capi. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
* Stop raising ERR_R_MALLOC_FAILURE in most placesRichard Levitte2022-10-053-89/+79
| | | | | | | | | | | | | | | | | | | | | | | Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
* Fix the checks of UI_add_input_stringPeiwei Hu2022-06-021-2/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18424)
* Rename x86-32 assembly files from .s to .S.Sebastian Andrzej Siewior2022-05-241-2/+2
| | | | | | | | | | | | | Rename x86-32 assembly files from .s to .S. While processing the .S file gcc will use the pre-processor whic will evaluate macros and ifdef. This is turn will be used to enable the endbr32 opcode based on the __CET__ define. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18353)
* Update copyright yearMatt Caswell2022-05-033-3/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* str[n]casecmp => OPENSSL_strncasecmpDmitry Belyavskiy2022-04-222-6/+7
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Move e_os.h to include/internalRichard Levitte2022-02-052-2/+2
| | | | | | | | | | | | Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
* e_dasync: remove empty statementPauli2022-01-181-1/+0
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17528)
* add OSSL_STACK_OF_X509_free() for commonly used patternDr. David von Oheimb2021-12-211-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
* ossl_do_blob_header: fix return checkPeiwei Hu2021-11-221-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17028)
* Move more general parts of internal/cryptlib.h to new internal/common.hDr. David von Oheimb2021-11-172-2/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
* Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and ↵Dr. David von Oheimb2021-11-172-23/+13
| | | | | | | HAS_CASE_SUFFIX() Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
* fix some code with obvious wrong coding stylex20182021-10-284-6/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
* Make sure EVP_CIPHER_CTX_copy works with the dasync engineMatt Caswell2021-10-191-5/+20
| | | | | | | | | | | Ciphers in the daysnc engine were failing to copy their context properly in the event of EVP_CIPHER_CTX_copy() because they did not define the flag EVP_CIPH_CUSTOM_FLAG Fixes #16844 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16846)
* Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.cBernd Edlinger2021-10-061-18/+198
| | | | | | | | | | This replaces the AES-128-CBC-HMAC-SHA1 cipher with a non-encrypting version for use the test suite. [extended tests] Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16693)
* Fix a memory leak in the afalg engineBernd Edlinger2021-10-061-5/+2
| | | | | | | Fixes: #16743 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16744)
* Fix for the dasync engineDmitry Belyavskiy2021-10-061-7/+11
| | | | | | | | Fixes: #16724 Fixes: #16735 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16734)
* afalg: add some memory initialisation calls to pacify memory sanitisation.Pauli2021-07-011-0/+9
| | | | | | | | | The engine is modifying memory without the sanitiser realising. By pre- initialising this memory, the sanitiser now thinks that read accesses are okay. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15952)
* Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.cDr. David von Oheimb2021-06-251-4/+5
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15892)
* Update copyright yearMatt Caswell2021-06-173-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
* afalg: fix coverity 1485661 improper use of negative valuePauli2021-06-081-3/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15635)
* fix coverity 1485660 improper use of negative valuePauli2021-06-081-1/+6
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15635)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-015-37/+37
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* ERR: Rebuild generated engine error filesSven Schwermer2021-05-285-10/+10
| | | | | | | | | | | CLA: trivial Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15495)
* Use "" for include crypto/xxxRich Salz2021-05-271-1/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15468)
* Make it possible to disable the loader_attic engineRichard Levitte2021-05-221-10/+12
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15320)
* Update copyright yearMatt Caswell2021-05-201-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
* Add bounds checking to length returned by wcslen in wide_to_asc conversion ↵Jake Cooke2021-05-191-1/+10
| | | | | | | | | to resolve integer overflow flaw Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15316)
* Make sure to include "crypto/ctype.h" to get ossl_isdigit()Richard Levitte2021-05-191-0/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15319)
* e_loader_attic: fix a use after free issuePauli2021-05-131-1/+1
| | | | | | | | Fixes #15116 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15238)
* engine: fix double free on error path.Pauli2021-04-211-0/+1
| | | | | | | | | | | | | In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481. If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8. In the nop8 branch, p8 is freed again at line 491. Bug reported by @Yunlongs Fixes #14915 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14921)
* Add "origin" field to EVP_CIPHER, EVP_MDRich Salz2021-04-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
* Update copyright yearMatt Caswell2021-03-111-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14512)
* Fixup support for io_pgetevents_time64 syscallAlistair Francis2021-03-091-13/+42
| | | | | | | | | | | | | | | This is a fixup for the original commit 5b5e2985f355c8e99c196d9ce5d02c15bebadfbc "Add support for io_pgetevents_time64 syscall" that didn't correctly work for 32-bit architecutres with a 64-bit time_t that aren't RISC-V. For a full discussion of the issue see: https://github.com/openssl/openssl/commit/5b5e2985f355c8e99c196d9ce5d02c15bebadfbc Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14432)
* Fix build of /dev/crypto engine with no-dynamic-engine optionUndefBehavior2021-03-011-1/+0
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/14329)
* Update copyright yearMatt Caswell2021-02-1810-10/+10
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
* ERR: Rebuild all generated error headers and source filesRichard Levitte2021-02-0510-119/+0
| | | | | | | This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13392)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1Dr. David von Oheimb2021-01-131-1/+2
| | | | | | | | Deprecate X509_NAME_hash() Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_hash() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13762)
* Close /dev/crypto file descriptor after CRIOGET ioctl().John Baldwin2021-01-111-0/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13807)
* Update copyright yearMatt Caswell2021-01-071-1/+1
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13800)
* Support session information on FreeBSD.John Baldwin2021-01-051-12/+60
| | | | | | | | | | | | | | | | | | | | | | | | | FreeBSD's /dev/crypto does not provide a CIOCGSESSINFO ioctl, but it does provide other ioctls that can be used to provide similar functionality. First, FreeBSD's /dev/crypto defines a CIOCGESSION2 ioctl which accepts a 'struct session2_op'. This structure extends 'struct session_op' with a 'crid' member which can be used to either request an individual driver by id, or a class of drivers via flags. To determine if the available drivers for a given algorithm are accelerated or not, use CIOCGESSION2 to first attempt to create an accelerated (hardware) session. If that fails, fall back to attempting a software session. In addition, when requesting a new cipher session, use the current setting of the 'use_softdrivers' flag to determine the value assigned to 'crid' when invoking CIOCGSESSION2. Finally, use the returned 'crid' value from CIOCGSESSION2 to look up the name of the associated driver via the CIOCFINDDEV ioctl. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13468)
* Use CRIOGET to fetch a crypto descriptor when present.John Baldwin2021-01-051-1/+13
| | | | | | | | | | FreeBSD's current /dev/crypto implementation requires that consumers clone a separate file descriptor via the CRIOGET ioctl that can then be used with other ioctls such as CIOCGSESSION. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/13468)
View Lorry Controller Status