| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is necessary because ctx->cipher_data is an EVP_AES_WRAP_CTX
containing a pointer to ctx->iv. EVP_CIPHER_CTX_copy() uses memcpy
to copy cipher_data to the target struct. The result is that the
copy contains a pointer to the wrong struct, which then leads to a
use-after-free. The custom copy handler fixes things up to avoid
that.
Issue reported by Guido Vranken
ok beck inoguchi jsing
|
| |
|
|
|
|
|
| |
It is possible to do this by abusing the EVP_CTRL_INIT API.
Pointed out by jsing.
ok inoguchi jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal}, as this leaks the authentication key.
Issue reported and fix tested by Guido Vranken.
ok beck, jsing
This commit adds a constant to a public header despite library lock,
as discussed with deraadt and sthen.
|
| |
|
|
|
|
|
|
|
| |
assigned from aesni_ccm_init_key() via CRYPTO_ccm128_init(), so it needs
to be copied over...
Pointed out by Guido Vranken.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
aesni_gcm_init_key() via CRYPTO_gcm128_init(), so it needs to be
copied over...
Fixes cryptofuzz issue #14352 and likely also #14374.
ok beck jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
This reverts part of OpenSSL c2fd5d79, which added the same code to AES
CCM, GCM and XTS. In the case of CCM and GCM nothing assigns {ccm,gcm}.key
so there is never going to be anything to update (unlike XTS).
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
implementation based on the one in OpenSSL 1.0.2r which is
still freely licensed.
The functions are undocumented in OpenSSL. To use them, one
needs to set the undocumented EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
flag on the EVP_CIPHER_CTX.
resolves #505
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
| |
|
|
|
|
|
|
| |
This patch is originally from master branch of OpenSSL.
- 2198b3a crypto/evp: harden AEAD ciphers.
- 8e20499 crypto/evp: harden RC4_MD5 cipher.
ok tom@
|
| |
|
|
|
|
| |
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.
While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.
Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.
i386 tests and ok jsing@
|
| |
|
|
|
|
|
| |
faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in
the SHA512 code, and had not been enabled in years, if at all.
ok tom@ bcook@
|
| |
|
|
| |
ok miod@
|
| |
|
|
| |
ok doug@ deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
arc4random_buf() is guaranteed to always succeed - it is worth noting
that a number of the replaced function calls were already missing return
value checks.
ok deraadt@
|
| |
|
|
| |
definitions using C99 field initializers. No functional change.
|
| |
|
|
|
|
|
|
| |
Internal pointers in CCM, GCM and XTS contexts should either be
NULL or set to point to the appropriate key schedule. This needs
to be adjusted when copying contexts.
OpenSSL PR #3272 with further fixes, from OpenSSL trunk
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| | |
|
| |
|
|
| |
ok beck@ miod@
|
| |
|
|
|
|
|
| |
EVP_AES_GCM_CTX, leaving the AES key untouched - clean the entire context,
rather than just part of it.
ok beck@ miod@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_AEAD_CTX_{open,seal} functions previously returned an ssize_t that was
overloaded to indicate success/failure, along with the number of bytes
written as output. This change adds an explicit *out_len argument which
is used to return the number of output bytes and the return value is now
an int that is purely used to identify success or failure.
This change effectively rides the last libcrypto crank (although I do not
expect there to be many users of the EVP AEAD API currently).
Thanks to Adam Langley for providing the improved code that this diff is
based on.
ok miod@
|
| |
|
|
|
| |
as new stuff was brought in.
ok miod@
|
| | |
|
| |
|
|
|
|
|
| |
implementations. This largely pulls in Adam Langley's AEAD patches from
Chromium's OpenSSL.
ok miod@
|
| |
|
|
|
|
| |
is amusing.
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From:
commit e9c80e04c1a3b5a0de8e666155ab4ecb2697a77d
Author: Andy Polyakov <appro@openssl.org>
Date: Wed Dec 18 21:42:46 2013 +0100
evp/e_[aes|camellia].c: fix typo in CBC subroutine.
It worked because it was never called.
Our e_camellia.c does not have this problem.
ok miod@ deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
correctly autogenerate obj_mac.h
|
| |
|
