summaryrefslogtreecommitdiff
path: root/providers/implementations
Commit message (Collapse)AuthorAgeFilesLines
* s390x: Fix Keccak implementationJuergen Christ2022-07-141-1/+18
| | | | | | | | | | | | | | | | | s390x does not directly support keccak via CPACF since these instructions hard-code the padding to either SHA-3 or SHAKE for the "compute last message digest" function. This caused test errors on Keccak digests. Fix it by using "compute intermediate message digest" and manually computing the padding for Keccak. Fixes: a8b238f0e4c1 ("Fix SHA, SHAKE, and KECCAK ASM flag passing") Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18794)
* use #pragma comment(lib) with _MSC_VER onlyViktor Szakats2022-07-111-1/+3
| | | | | | | | | | | | | | | | | Avoid this warning when compiled with llvm/gcc + mingw-w64 and `USE_BCRYPTGENRANDOM` enabled: ``` ../providers/implementations/rands/seeding/rand_win.c:31:11: warning: unknown pragma ignored [-Wunknown-pragmas] ^ 1 warning generated. ``` CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18709)
* Fix Coverity 1498605 & 1498606: uninitialised valuePauli2022-07-062-2/+4
| | | | | | | | | Both of these are false positives but better to be rid of the issue permanently than for it to repeatedly return to haunt us. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17896)
* kdf objects missing a return if malloc fails.slontis2022-06-282-3/+7
| | | | | | | | | | I have searched through all references of ERR_R_MALLOC_FAILURE for any other instances.. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18638)
* The flag "decoded-from-explicit" must be imp/exportableTomas Mraz2022-06-231-1/+2
| | | | | | | | | | | Otherwise the information that the EC group was imported from explicit parameters is lost when the key is moved across providers. Fixes #18600 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18609)
* providers/implementations/exchange/kdf_exch.c: fix unavailable SIZE_MAXRichard Levitte2022-06-201-0/+1
| | | | | | | | | | | SIZE_MAX is used in a recent fix of this file, but without including internal/numbers.h, so that macro ends up not existing on some platforms, resulting in build failures. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18605)
* providers/implementations/exchange/kdf_exch.c: Fix kdf_derive()Richard Levitte2022-06-151-2/+21
| | | | | | | | | | | | | kdf_derive() calls EVP_KDF_derive(), but didn't do enough to adapt its input buffer length arguments to fit the requirements to call EVP_KDF_derive(). Fixes #18517 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18533) (cherry picked from commit e906eab8d863ac7bdadc671e8d0686fead88c4bf)
* Fix the export routines to not return success if param alloc failedMatt Caswell2022-06-154-10/+14
| | | | | | | | | | | | | We fix the dsa, dh, ec and rsa export routines so that they are consistent with each other and do not report success if the allocation of parameters failed. This is essentially the same fix as applied in #18483 but applied to all relevant key types. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18507)
* sm2_dupctx: Avoid potential use after free of the mdTomas Mraz2022-06-101-0/+2
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18494)
* Fix a use after free in error handling of hmac_dupBernd Edlinger2022-06-101-0/+1
| | | | | | | | | | | dst->digest needs to be zeroized in case HMAC_CTX_copy or ossl_prov_digest_copy return failure. Fixes #18493 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18502)
* providers: cipher: aes: add riscv64 zkn supportHongren (Zenithal) Zheng2022-06-108-4/+192
| | | | | | | | | Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me> Tested-by: Jiatai He <jiatai2021@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18197)
* Don't report success from ec_export if OSSL_PARAM_BLD_to_param failedMatt Caswell2022-06-081-0/+2
| | | | | | | | | | | | If the call to OSSL_PARAM_BLD_to_param() failed then ec_export was reporting success, even though it has never called the param_cb. Found due to: https://github.com/openssl/openssl/pull/18355#issuecomment-1145993650 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18483)
* Check return value of ossl_parse_property()Tomas Mraz2022-06-061-1/+1
| | | | | | | | | | Also check if we have d2i_public_key() function pointer. Fixes https://github.com/openssl/openssl/pull/18355#issuecomment-1144893289 Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18462)
* Fix the incorrect checks of EVP_CIPHER_CTX_set_key_lengthPeiwei Hu2022-05-271-1/+3
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18397)
* Fix check of EVP_CIPHER_CTX_ctrlPeiwei Hu2022-05-241-2/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
* Fix regression in default key length for Blowfish CFB and OFB ciphersTomas Mraz2022-05-232-4/+4
| | | | | | | | Fixes #18359 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18362)
* Make IV/buf in prov_cipher_ctx_st alignedHongren (Zenithal) Zheng2022-05-111-6/+7
| | | | | | | | | | | | | | | | | Make IV/buf aligned will drastically improve performance as some architecture performs badly on misaligned memory access. Ref to https://gist.github.com/ZenithalHourlyRate/7b5175734f87acb73d0bbc53391d7140#file-2-openssl-long-md Ref to openssl#18197 Signed-off-by: Hongren (Zenithal) Zheng <i@zenithal.me> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18267)
* Remove duplicated #include headersJHH202022-05-045-6/+0
| | | | | | | | | CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
* Update copyright yearMatt Caswell2022-05-0362-62/+62
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Fix the RC4-MD5 cipherMatt Caswell2022-05-031-1/+1
| | | | | | | | | | | | | A copy&paste error meant that the RC4-MD5 cipher (used in TLS) used the TLS AAD data as the MAC key. CVE-2022-1434 Fixes #18112 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org>
* poly1305: Properly copy the whole context on dupTomas Mraz2022-04-291-2/+3
| | | | | | | | Also reset the updated flag when Poly1305_Init is called. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18143)
* siphash: Properly set mac size in sipcopyTomas Mraz2022-04-271-4/+6
| | | | | | | | Also fully duplicate the context on dup Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18142)
* str[n]casecmp => OPENSSL_strncasecmpDmitry Belyavskiy2022-04-2212-24/+16
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Avoid undefined behavior of provided macs on EVP_MAC reinitializationTomas Mraz2022-04-195-33/+39
| | | | | | | | | | | | | | | When the context is reinitialized, i.e. the same key should be used we must properly reinitialize the underlying implementation. However in POLY1305 case it does not make sense as this special MAC should not reuse keys. We fail with this provided implementation when reinitialization happens. Fixes #17811 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18100)
* fix some typoscuishuang2022-04-191-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18023)
* SM4 optimization for ARM by ASIMDDaniel Hu2022-04-122-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch optimizes SM4 for ARM processor using ASIMD instruction It will improve performance if both of following conditions are met: 1) Input data equal to or more than 4 blocks 2) Cipher mode allows parallelism, including ECB,CTR,GCM or CBC decryption This patch implements SM4 SBOX lookup in vector registers, with the benefit of constant processing time over existing C implementation. It is only enabled for micro-architecture N1/V1. In the ideal scenario, performance can reach up to 2.7X When either of above two conditions is not met, e.g. single block input or CFB/OFB mode, CBC encryption, performance could drop about 50%. The assembly code has been reviewed internally by ARM engineer Fangming.Fang@arm.com Signed-off-by: Daniel Hu <Daniel.Hu@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17951)
* ec_export: Other parameters are exportable with domain parametersTomas Mraz2022-04-111-3/+0
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17981)
* sm2: Allow setting 0 length SM2 dist ID paramTomas Mraz2022-04-111-2/+3
| | | | | | | | Fixes #18022 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18052)
* kdf: avoid NULL dereference on malloc failure in sshkdfPauli2022-04-111-1/+2
| | | | | | | | Fixes #18009 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18011)
* Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATAHugo Landau2022-04-012-20/+8
| | | | | | | | | | | | | This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized eagerly rather than lazily, which avoids the need for locking on access in most cases. Fixes #17116. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17881)
* Fix bug in scrypt KDF provider dup methodHugo Landau2022-03-141-3/+8
| | | | | | | | | | | The scrypt KDF provider's dup method calls kdf_scrypt_new passing a libctx, but a provider context is expected. Since the provider context is passed as void *, this was not caught. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17873)
* DH: Make padding always on when X9.42 KDF is usedTomas Mraz2022-03-141-5/+6
| | | | | | | | Fixes #17834 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/17859)
* Further acceleration for SM4-GCM on ARMDaniel Hu2022-03-071-1/+24
| | | | | | | | | | | | | | | | | | | | | | | | This patch will allow the SM4-GCM function to leverage the SM4 high-performance CTR crypto interface already implemented for ARM, which is faster than current single block cipher routine used for GCM It does not address the acceleration of GHASH function of GCM, which can be a future task, still we can see immediate uplift of performance (up to 4X) Before this patch: type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes SM4-GCM 186432.92k 394234.05k 587916.46k 639365.12k 648486.91k 652924.25k After the patch: SM4-GCM 193924.87k 860940.35k 1696083.71k 2302548.31k 2580411.73k 2607398.91k Signed-off-by: Daniel Hu <Daniel.Hu@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17814)
* Add define guards to avoid multi-inclusionWeiguo Li2022-02-164-52/+76
| | | | | | | | | | | | | | This header files are included by multiple other headers. It's better to add define guards to prevent multi-inclusion. Adhere to the coding style, all preprocessor directives inside the guards gain a space. Signed-off-by: Weiguo Li <liwg06@foxmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/17666)
* dh_exch.c: Add check for OPENSSL_strdupJiasheng Jiang2022-02-141-4/+16
| | | | | | | | | | | Since the OPENSSL_strdup() may return NULL if allocation fails, it should be better to check the return value. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17651)
* AES-GCM enabled with AVX512 vAES and vPCLMULQDQ.Andrey Matyukov2022-02-102-2/+216
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Vectorized 'stitched' encrypt + ghash implementation of AES-GCM enabled with AVX512 vAES and vPCLMULQDQ instructions (available starting Intel's IceLake micro-architecture). The performance details for representative IceLake Server and Client platforms are shown below Performance data: OpenSSL Speed KBs/Sec Intel(R) Xeon(R) Platinum 8380 CPU @ 2.30GHz (1Core/1Thread) Payload in Bytes 16 64 256 1024 8192 16384 AES-128-GCM Baseline 478708.27 1118296.96 2428092.52 3518199.4 4172355.99 4235762.07 Patched 534613.95 2009345.55 3775588.15 5059517.64 8476794.88 8941541.79 Speedup 1.12 1.80 1.55 1.44 2.03 2.11 AES-256-GCM Baseline 399237.27 961699.9 2136377.65 2979889.15 3554823.37 3617757.5 Patched 475948.13 1720128.51 3462407.12 4696832.2 7532013.16 7924953.91 Speedup 1.19 1.79 1.62 1.58 2.12 2.19 Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz (1Core/1Thread) Payload in Bytes 16 64 256 1024 8192 16384 AES-128-GCM Baseline 259128.54 570756.43 1362554.16 1990654.57 2359128.88 2401671.58 Patched 292139.47 1079320.95 2001974.63 2829007.46 4510318.59 4705314.41 Speedup 1.13 1.89 1.47 1.42 1.91 1.96 AES-256-GCM Baseline 236000.34 550506.76 1234638.08 1716734.57 2011255.6 2028099.99 Patched 247256.32 919731.34 1773270.43 2553239.55 3953115.14 4111227.29 Speedup 1.05 1.67 1.44 1.49 1.97 2.03 Reviewed-by: TJ O'Dwyer, Marcel Cornu, Pablo de Lara Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17239)
* Fixed counter overflowDanny Tsen2022-02-071-1/+81
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17607)
* Move e_os.h to include/internalRichard Levitte2022-02-0515-15/+15
| | | | | | | | | | | | Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
* Fix copyrightsTodd Short2022-02-031-0/+9
| | | | | | | | | Add copyright to files that were missing it. Update license from OpenSSL to Apache as needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17606)
* Fix EVP todata and fromdata when used with selection of EVP_PKEY_PUBLIC_KEY.slontis2022-02-034-25/+56
| | | | | | | | | | The private key for rsa, dsa, dh and ecx was being included when the selector was just the public key. (ec was working correctly). This matches the documented behaviour. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17200)
* tls1 prf: implement ctx dup operationPauli2022-02-011-0/+27
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* pkcs12 kdf: implement ctx dup operationPauli2022-02-011-0/+25
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* k942 kdf: implement ctx dup operationPauli2022-02-011-0/+37
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* ss KDF: implement ctx dup operationPauli2022-02-011-0/+32
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* ssh kdf: implement ctx dup operationPauli2022-02-011-0/+26
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* scrypt: implement ctx dup operationPauli2022-02-011-0/+35
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* pvk kdf: implement ctx dup operationPauli2022-02-011-0/+22
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* krb5kdf: implement ctx dup operationPauli2022-02-011-0/+23
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* kbkdf: implement ctx dup operationPauli2022-02-011-0/+32
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
* hkdf: implement ctx dup operationPauli2022-02-011-0/+33
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17572)
View Lorry Controller Status