aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/evp
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/evp')
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c13
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c21
-rw-r--r--crypto/evp/evp.h92
-rw-r--r--crypto/evp/evp_key.c20
-rw-r--r--crypto/evp/pmeth_lib.c167
5 files changed, 293 insertions, 20 deletions
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index d114710e98ec..b25fc6d541d4 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
- ret &= constant_time_ge(maxpad, pad);
+ mask = constant_time_ge(maxpad, pad);
+ ret &= mask;
+ /*
+ * If pad is invalid then we will fail the above test but we must
+ * continue anyway because we are in constant time code. However,
+ * we'll use the maxpad value instead of the supplied pad to make
+ * sure we perform well defined pointer arithmetic.
+ */
+ pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
- mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
- inp_len &= mask;
- ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 917ae0751dee..9a8a2ad7787c 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
* to identify it and avoid stitch invocation. So that after we
* establish that current CPU supports AVX, we even see if it's
* either even XOP-capable Bulldozer-based or GenuineIntel one.
+ * But SHAEXT-capable go ahead...
*/
- if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */
- ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
- | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */
+ if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */
+ ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
+ ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
+ | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */
plen > (sha_off + iv) &&
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
SHA256_Update(&key->md, in + iv, sha_off);
@@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
- ret &= constant_time_ge(maxpad, pad);
+ mask = constant_time_ge(maxpad, pad);
+ ret &= mask;
+ /*
+ * If pad is invalid then we will fail the above test but we must
+ * continue anyway because we are in constant time code. However,
+ * we'll use the maxpad value instead of the supplied pad to make
+ * sure we perform well defined pointer arithmetic.
+ */
+ pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
- mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
- inp_len &= mask;
- ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index d258ef870a36..cf1de15e6d03 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
const char *type,
const char *value));
+void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+ int (**pinit) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+ int (**pcopy) (EVP_PKEY_CTX *dst,
+ EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+ void (**pcleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+ int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+ int (**pparamgen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+ int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+ int (**pkeygen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+ int (**psign_init) (EVP_PKEY_CTX *ctx),
+ int (**psign) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_init) (EVP_PKEY_CTX *ctx),
+ int (**pverify) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_recover_init) (EVP_PKEY_CTX
+ *ctx),
+ int (**pverify_recover) (EVP_PKEY_CTX
+ *ctx,
+ unsigned char
+ *sig,
+ size_t *siglen,
+ const unsigned
+ char *tbs,
+ size_t tbslen));
+
+void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+ int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**psignctx) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig,
+ size_t *siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+ int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ int siglen,
+ EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen));
+
+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen));
+
+void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+ int (**pderive_init) (EVP_PKEY_CTX *ctx),
+ int (**pderive) (EVP_PKEY_CTX *ctx,
+ unsigned char *key,
+ size_t *keylen));
+
+void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+ int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+ void *p2),
+ int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+ const char *type,
+ const char *value));
+
void EVP_add_alg_module(void);
/* BEGIN ERROR CODES */
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 5be9e336f9e7..cdffe1c8c428 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
{
- int ret;
+ int ret = -1;
char buff[BUFSIZ];
UI *ui;
@@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
prompt = prompt_string;
ui = UI_new();
if (ui == NULL)
- return -1;
- UI_add_input_string(ui, prompt, 0, buf, min,
- (len >= BUFSIZ) ? BUFSIZ - 1 : len);
- if (verify)
- UI_add_verify_string(ui, prompt, 0,
- buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
- buf);
+ return ret;
+ if (UI_add_input_string(ui, prompt, 0, buf, min,
+ (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
+ || (verify
+ && UI_add_verify_string(ui, prompt, 0, buff, min,
+ (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+ buf) < 0))
+ goto end;
ret = UI_process(ui);
- UI_free(ui);
OPENSSL_cleanse(buff, BUFSIZ);
+ end:
+ UI_free(ui);
return ret;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index b7b7bdcd0290..e50826b568d8 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -589,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl = ctrl;
pmeth->ctrl_str = ctrl_str;
}
+
+void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
+ int (**pinit) (EVP_PKEY_CTX *ctx))
+{
+ *pinit = pmeth->init;
+}
+
+void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
+ int (**pcopy) (EVP_PKEY_CTX *dst,
+ EVP_PKEY_CTX *src))
+{
+ *pcopy = pmeth->copy;
+}
+
+void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
+ void (**pcleanup) (EVP_PKEY_CTX *ctx))
+{
+ *pcleanup = pmeth->cleanup;
+}
+
+void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
+ int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+ int (**pparamgen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey))
+{
+ if (pparamgen_init)
+ *pparamgen_init = pmeth->paramgen_init;
+ if (pparamgen)
+ *pparamgen = pmeth->paramgen;
+}
+
+void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
+ int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+ int (**pkeygen) (EVP_PKEY_CTX *ctx,
+ EVP_PKEY *pkey))
+{
+ if (pkeygen_init)
+ *pkeygen_init = pmeth->keygen_init;
+ if (pkeygen)
+ *pkeygen = pmeth->keygen;
+}
+
+void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
+ int (**psign_init) (EVP_PKEY_CTX *ctx),
+ int (**psign) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs,
+ size_t tbslen))
+{
+ if (psign_init)
+ *psign_init = pmeth->sign_init;
+ if (psign)
+ *psign = pmeth->sign;
+}
+
+void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_init) (EVP_PKEY_CTX *ctx),
+ int (**pverify) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ size_t siglen,
+ const unsigned char *tbs,
+ size_t tbslen))
+{
+ if (pverify_init)
+ *pverify_init = pmeth->verify_init;
+ if (pverify)
+ *pverify = pmeth->verify;
+}
+
+void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
+ int (**pverify_recover_init) (EVP_PKEY_CTX
+ *ctx),
+ int (**pverify_recover) (EVP_PKEY_CTX
+ *ctx,
+ unsigned char
+ *sig,
+ size_t *siglen,
+ const unsigned
+ char *tbs,
+ size_t tbslen))
+{
+ if (pverify_recover_init)
+ *pverify_recover_init = pmeth->verify_recover_init;
+ if (pverify_recover)
+ *pverify_recover = pmeth->verify_recover;
+}
+
+void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
+ int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**psignctx) (EVP_PKEY_CTX *ctx,
+ unsigned char *sig,
+ size_t *siglen,
+ EVP_MD_CTX *mctx))
+{
+ if (psignctx_init)
+ *psignctx_init = pmeth->signctx_init;
+ if (psignctx)
+ *psignctx = pmeth->signctx;
+}
+
+void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
+ int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+ EVP_MD_CTX *mctx),
+ int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+ const unsigned char *sig,
+ int siglen,
+ EVP_MD_CTX *mctx))
+{
+ if (pverifyctx_init)
+ *pverifyctx_init = pmeth->verifyctx_init;
+ if (pverifyctx)
+ *pverifyctx = pmeth->verifyctx;
+}
+
+void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen))
+{
+ if (pencrypt_init)
+ *pencrypt_init = pmeth->encrypt_init;
+ if (pencryptfn)
+ *pencryptfn = pmeth->encrypt;
+}
+
+void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
+ int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+ int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+ unsigned char *out,
+ size_t *outlen,
+ const unsigned char *in,
+ size_t inlen))
+{
+ if (pdecrypt_init)
+ *pdecrypt_init = pmeth->decrypt_init;
+ if (pdecrypt)
+ *pdecrypt = pmeth->decrypt;
+}
+
+void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
+ int (**pderive_init) (EVP_PKEY_CTX *ctx),
+ int (**pderive) (EVP_PKEY_CTX *ctx,
+ unsigned char *key,
+ size_t *keylen))
+{
+ if (pderive_init)
+ *pderive_init = pmeth->derive_init;
+ if (pderive)
+ *pderive = pmeth->derive;
+}
+
+void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
+ int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+ void *p2),
+ int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+ const char *type,
+ const char *value))
+{
+ if (pctrl)
+ *pctrl = pmeth->ctrl;
+ if (pctrl_str)
+ *pctrl_str = pmeth->ctrl_str;
+}