summaryrefslogtreecommitdiffstats
path: root/crypto/err (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Print thread IDs nicely.Pauli2019-06-211-15/+7
| | | | | | | | | | Remove the union that effectively cast thread IDs to long integers before display and instead print a hex dump of the entire object. Refer #9191 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9194)
* Provide an ability to deregister thread stop handlersMatt Caswell2019-06-191-1/+1
| | | | | | | | | If a provider gets unloaded then any thread stop handlers that it had registered will be left hanging. We should clean them up before tearing down the provider. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9186)
* Change ERR_add_error_[v]data to appendRich Salz2019-06-181-16/+25
| | | | | | | | | | | The "add error data" functions now append to the current error. Add a test for this. Cleanup some of the ERR_put functions. In the FIPS module, always append "(in the FIPS module)" to any errors. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9181)
* Tell the FIPS provider about thread stop eventsMatt Caswell2019-06-171-2/+2
| | | | | | | | | The RAND code needs to know about threads stopping in order to cleanup local thread data. Therefore we add a callback for libcrypto to tell providers about such events. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9040)
* Convert thread stop handling into a publish/subscribe modelMatt Caswell2019-06-171-2/+3
| | | | | | | | | | In later commits this will allow providers to subscribe to thread stop events. We will need this in the FIPS module. We also make thread stop handling OPENSSL_CTX aware (different OPENSSL_CTXs may have different thread local data that needs cleaning up). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9040)
* TLS1.3 FFDHE Supportraja-ashok2019-06-121-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8178)
* Make BIGNUM code available from within the FIPS moduleMatt Caswell2019-06-121-0/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9130)
* Create BN_CTX_new_ex() and BN_CTX_secure_new_ex()Matt Caswell2019-06-121-0/+1
| | | | | | | | | | These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing an OPENSSL_CTX so that we can access this where needed throughout the BIGNUM sub library. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9130)
* PBKDF2 updates to conform to SP800-132Shane Lontis2019-06-111-0/+5
| | | | | | | | | | | | | | | | The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
* Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()Kurt Roeckx2019-06-061-1/+2
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> GH: #7651
* build_SYS_str_reasons: Fix a crash caused by overlong localesVitezslav Cizek2019-06-041-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales. The Russian locales consume 6856 bytes, Ukrainian even 7000. build_SYS_str_reasons() contains an overflow check: if (cnt > sizeof(strerror_pool)) cnt = sizeof(strerror_pool); But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer works as cnt is incremented once more after the condition. cnt greater than sizeof(strerror_pool) results in an unbounded OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash. When the first received error string was empty or contained only spaces, cur would move in front of the start of the strerror_pool. Also don't call openssl_strerror_r when the pool is full. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8966)
* Add the content type attribute to additional CMS signerinfo.Shane Lontis2019-06-031-0/+2
| | | | | | | | | | | | | | | | | Fixes #8923 Found using the openssl cms -resign option. This uses an alternate path to do the signing which was not adding the required signed attribute content type. The content type attribute should always exist since it is required is there are any signed attributes. As the signing time attribute is always added in code, the content type attribute is also required. The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes e.g. The message digest attribute is a signed attribute that must exist if any signed attributes exist, it cannot be an unsigned attribute and there must only be one instance containing a single value. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8944)
* Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSLAndreas Kretschmer2019-05-303-0/+4
| | | | | | | | | | | | | | | Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 1362190b1b78 of 2018-09-26 3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8669)
* Join the x509 and x509v3 directoriesRichard Levitte2019-05-291-1/+1
| | | | | | | | | | | | This has been long overdue. Note that this does not join the X509 and X509V3 error modules, that will be too many macro changes at this stage. Fixes #8919 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8925)
* Add d2i_KeyParams/i2d_KeyParams API's.Shane Lontis2019-05-271-0/+2
| | | | | | | | | | | Convert EVP_PKEY Parameters to/from binary. This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters in a similar way to Public and Private Keys. The API's can be used by applications (including openssl apps) that only want to use EVP_PKEY without needing to access low level key API's. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8903)
* Clear CRMF vs CMP confusionRichard Levitte2019-05-201-1/+1
| | | | | | | | | | | | | | | | In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8897)
* Added X963KDF APIShane Lontis2019-05-161-0/+2
| | | | | | | | | | | | X963 KDF is used for CMS ec keyagree Recipient Info. The X963 KDF that is used by CMS EC Key Agreement has been moved into a EVP_KDF object. This KDF is almost identical to the the SSKDF hash variant, so it has been implemented inside the SSKDF code with its own method table. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8902)
* Coverity CID 1444960: Error handling issuesPauli2019-05-081-0/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8888)
* ssl: Add SSL_sendfileBoris Pismenny2019-05-071-0/+1
| | | | | | | | | | | This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
* Added generated files for EVP_KDF changesShane Lontis2019-05-031-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8808)
* Instead of global data store it in an OPENSSL_CTXMatt Caswell2019-05-021-0/+2
| | | | | | | | Various core and property related code files used global data. We should store all of that in an OPENSSL_CTX instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8857)
* Create provider errors and use themMatt Caswell2019-04-194-1/+28
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8700)
* Implement AES CBC ciphers in the default providerMatt Caswell2019-04-191-0/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8700)
* Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider awareMatt Caswell2019-04-191-0/+3
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8700)
* Reseeding without derivation function is not supported in FIPS mode.Pauli2019-04-111-0/+3
| | | | | Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8648)
* EVP_set_default_properties(): New function to set global propertiesRichard Levitte2019-04-051-0/+1
| | | | | | | | | | | EVP_MD_fetch() can be given a property query string. However, there are cases when it won't, for example in implicit fetches. Therefore, we also need a way to set a global property query string to be used in all subsequent fetches. This also applies to all future algorithm fetching functions. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8681)
* Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZERichard Levitte2019-04-051-3/+3
| | | | | | | | | The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY and EVP_F_AES_XTS_INIT_KEY are affected. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8682)
* Move the AES-XTS mode duplicated key check into the init_key function ratherPauli2019-04-051-0/+4
| | | | | | | | than the update call. The means an earlier error return at the cost of some duplicated code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8625)
* Correct EVP_F_EVP_MD_BLOCK_SIZE numberRichard Levitte2019-04-041-1/+1
| | | | | | | The number that was used was already taken Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8656)
* Support EVP_MD_block_size() with providersMatt Caswell2019-04-031-0/+1
| | | | | | | Fixes #8565 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8604)
* Replumbing: add a configuration module for providersRichard Levitte2019-04-031-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This configuration module supports a configuration structure pretty much like the engine configuration module, i.e. something like this: openssl_conf = openssl_init [openssl_init] providers = provider_section [provider_section] # Configure the provider named "foo" foo = foo_section # Configure the provider named "bar" bar = bar_section [foo_section] # Override name given in the provider section identity = myfoo # The exact path of the module. This is platform specific module_path = /opt/openssl/modules/foo.so # Whether it should be automatically activated. Value is unimportant activate = whatever # Anything else goes as well, and becomes parameters that the # provider can get what = 1 # sub-sections will be followed as well ever = ever_section [ever_section] cookie = monster All the configurations in a provider section and its sub-sections become parameters for the provider to get, i.e. the "foo" provider will be able to get values for the following keys (with associated values shown): identity => myfoo module_path => /opt/openssl/modules/foo.so activate => whatever what => 1 ever.cookie => monster Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8549)
* Replumbing: add functionality to set provider parametersRichard Levitte2019-04-031-0/+2
| | | | | | | | | Provider parameters are parameters set by the core that the provider can retrieve. The primary use it to support making OpenSSL configuration data available to the provider. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8549)
* AES-XTS block limit.Pauli2019-04-031-0/+2
| | | | | | | | | | | Limit the number of AES blocks in a data unit to 2^20 or less. This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E. Note: that this is a change from IEEE Std 1619-2007 which only recommended this limit. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8627)
* Remove heartbeats completelyRichard Levitte2019-03-291-3/+0
| | | | | | | Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
* Make err_clear_constant_time really constant timeBernd Edlinger2019-03-221-26/+23
| | | | | | | [extended tests] Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8542)
* Make EVP_Digest* functions provider awareMatt Caswell2019-03-211-0/+5
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8513)
* Replumbing: Add a mechanism to pre-populate the provider storeRichard Levitte2019-03-191-0/+2
| | | | | | | | | | | | | | | | | OpenSSL will come with a set of well known providers, some of which need to be accessible from the start. These are typically built in providers, or providers that will work as fallbacks. We do this when creating a new provider store, which means that this will happen in every library context, regardless of if it's the global default one, or an explicitely created one. We keep the data about the known providers we want to make accessible this way in crypto/provider_predefined.h, which may become generated. For now, though, we make it simple and edited manually. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8480)
* Replumbing: add fallback provider capabilityRichard Levitte2019-03-191-0/+1
| | | | | | | | | | | To ensure that old applications aren't left without any provider, and at the same time not forcing any default provider on applications that know how to deal with them, we device the concept of fallback providers, which are automatically activated if no other provider is already activated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8480)
* Single step kdf implementationShane Lontis2019-03-191-1/+8
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8230)
* Support SM2 certificate verification杨洋2019-03-131-0/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8321)
* 2nd chunk: CRMF code (crypto/crmf/, ) and its integrationDavid von Oheimb2019-03-124-0/+47
| | | | | | | | | in INSTALL, Configure, crypto/build.info, include/openssl/crmferr.h, crypto/err/, include/openssl/err.h, and (to be updated:) util/libcrypto.num Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7646)
* added generated filesShane Lontis2019-03-121-1/+13
| | | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6652)
* Replumbing: New public API to load or add providersRichard Levitte2019-03-111-0/+1
| | | | | | | | | | | | | | Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in providers, be it in the OpenSSL libraries or in any application. "Loading" a provider is defined broadly. A built in provider is already "loaded" in essence and only needs activating, while a provider in a dynamically loadable module requires actually loading the module itself. In this API, "loading" a provider does both. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* Replumbing: Add the Provider Object, type OSSL_PROVIDERRichard Levitte2019-03-111-0/+4
| | | | | | | | | The OSSL_PROVIDER is the core object involved in loading a provider module, initialize a provider and do the initial communication of provider wide and core wide dispatch tables. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
* Implement SSH KDFSimo Sorce2019-02-271-0/+7
| | | | | | | | | | SSH's KDF is defined in RFC 4253 in Section 7.2 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7290)
* Don't interleave handshake and other record types in TLSv1.3Matt Caswell2019-02-191-0/+2
| | | | | | | | | | In TLSv1.3 it is illegal to interleave handshake records with non handshake records. Fixes #8189 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8191)
* generated filesPauli2019-02-181-0/+19
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8224)
* Properties for implementation selection.Pauli2019-02-182-1/+4
| | | | | | | | | | | | | | | | | | | Properties are a sequence of comma separated name=value pairs. A name without a corresponding value is assumed to be a Boolean and have the true value 'yes'. Values are either strings or numbers. Strings can be quoted either _"_ or _'_ or unquoted (with restrictions). There are no escape characters inside strings. Number are either decimal digits or '0x' followed by hexidecimal digits. Numbers are represented internally as signed sixty four bit values. Queries on properties are a sequence comma separated conditional tests. These take the form of name=value (equality test), name!=value (inequality test) or name (Boolean test for truth). Queries can be parsed, compared against a definition or merged pairwise. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8224)
* SCA hardening for mod. field inversion in EC_GROUPBilly Brumley2019-02-171-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a dedicated function in `EC_METHOD` to access a modular field inversion implementation suitable for the specifics of the implemented curve, featuring SCA countermeasures. The new pointer is defined as: `int (*field_inv)(const EC_GROUP*, BIGNUM *r, const BIGNUM *a, BN_CTX*)` and computes the multiplicative inverse of `a` in the underlying field, storing the result in `r`. Three implementations are included, each including specific SCA countermeasures: - `ec_GFp_simple_field_inv()`, featuring SCA hardening through blinding. - `ec_GFp_mont_field_inv()`, featuring SCA hardening through Fermat's Little Theorem (FLT) inversion. - `ec_GF2m_simple_field_inv()`, that uses `BN_GF2m_mod_inv()` which already features SCA hardening through blinding. From a security point of view, this also helps addressing a leakage previously affecting conversions from projective to affine coordinates. This commit also adds a new error reason code (i.e., `EC_R_CANNOT_INVERT`) to improve consistency between the three implementations as all of them could fail for the same reason but through different code paths resulting in inconsistent error stack states. Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/8254)
* Added new EVP/KDF API.David Makepeace2019-02-131-0/+25
| | | | | | | | | | Changed PKEY/KDF API to call the new API. Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs. Documentation updated. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6674)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 15:16:06 +0100