[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Jul 5 21:07:01 UTC 2017
The branch master has been updated
via e2dba64c8460a3c08cd6021184b5a8163df28306 (commit)
via f48ad5cbdf47c28f68f88e3c9b2f487a4dccc7b8 (commit)
via 28f298e70aa8c65b275e6c915b5717a59090932d (commit)
via 0791bef0d42ddc9a2c2851f279f4a2db39153b6e (commit)
via 810ef917070902f729e3913f1656371c9b0855f8 (commit)
via f472560879a48bc68a3f7f63264457da37751845 (commit)
from 11d66064f36e6968faffb48a2cfd58cbe37eff0c (commit)
- Log -----------------------------------------------------------------
commit e2dba64c8460a3c08cd6021184b5a8163df28306
Author: Rich Salz <rsalz at openssl.org>
Date: Thu Jun 15 18:51:10 2017 -0400
Fix crash
[extended tests]
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
commit f48ad5cbdf47c28f68f88e3c9b2f487a4dccc7b8
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jun 14 15:08:39 2017 -0400
Undo commit dc00fb9
Original text:
Document openssl dgst -hmac option
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
commit 28f298e70aa8c65b275e6c915b5717a59090932d
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jun 14 15:07:52 2017 -0400
Undo commit cd359b2
Original text:
Clarify use of |$end0| in stitched x86-64 AES-GCM code.
There was some uncertainty about what the code is doing with |$end0|
and whether it was necessary for |$len| to be a multiple of 16 or 96.
Hopefully these added comments make it clear that the code is correct
except for the caveat regarding low memory addresses.
Change-Id: Iea546a59dc7aeb400f50ac5d2d7b9cb88ace9027
Reviewed-on: https://boringssl-review.googlesource.com/7194
Reviewed-by: Adam Langley <agl at google.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
commit 0791bef0d42ddc9a2c2851f279f4a2db39153b6e
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jun 14 13:54:04 2017 -0400
Undo commit 40720ce
Comment in the commit:
/* Ignore NULLs, thanks to Bob Beck <beck at obtuse.com> */
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
commit 810ef917070902f729e3913f1656371c9b0855f8
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jun 14 13:53:01 2017 -0400
Undo commit de02ec2
Original text:
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus at openbsd.or
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
commit f472560879a48bc68a3f7f63264457da37751845
Author: Rich Salz <rsalz at openssl.org>
Date: Wed Jun 14 13:47:17 2017 -0400
Undo commit 0755217
Original text:
Fix Perl problems on sparc64.
This is part of a large change submitted by Markus Friedl
<markus at openbsd.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/err.c | 23 ++++++++++----------
crypto/modes/asm/aesni-gcm-x86_64.pl | 41 ------------------------------------
crypto/objects/obj_dat.pl | 1 -
crypto/rand/rand_unix.c | 19 +----------------
crypto/rand/randfile.c | 41 ------------------------------------
doc/man1/dgst.pod | 5 -----
6 files changed, 12 insertions(+), 118 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index adbd41e..e50c6d6 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -757,20 +757,19 @@ void ERR_add_error_vdata(int num, va_list args)
n = 0;
for (i = 0; i < num; i++) {
a = va_arg(args, char *);
- /* ignore NULLs, thanks to Bob Beck <beck at obtuse.com> */
- if (a != NULL) {
- n += strlen(a);
- if (n > s) {
- s = n + 20;
- p = OPENSSL_realloc(str, s + 1);
- if (p == NULL) {
- OPENSSL_free(str);
- return;
- }
- str = p;
+ if (a == NULL)
+ a = "<NULL>";
+ n += strlen(a);
+ if (n > s) {
+ s = n + 20;
+ p = OPENSSL_realloc(str, s + 1);
+ if (p == NULL) {
+ OPENSSL_free(str);
+ return;
}
- OPENSSL_strlcat(str, a, (size_t)s + 1);
+ str = p;
}
+ OPENSSL_strlcat(str, a, (size_t)s + 1);
}
ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
}
diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
index 5e69cb8..3cd231e 100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -116,23 +116,6 @@ _aesni_ctr32_ghash_6x:
vpxor $rndkey,$inout3,$inout3
vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey
vpclmulqdq \$0x01,$Hkey,$Z3,$Z2
-
- # At this point, the current block of 96 (0x60) bytes has already been
- # loaded into registers. Concurrently with processing it, we want to
- # load the next 96 bytes of input for the next round. Obviously, we can
- # only do this if there are at least 96 more bytes of input beyond the
- # input we're currently processing, or else we'd read past the end of
- # the input buffer. Here, we set |%r12| to 96 if there are at least 96
- # bytes of input beyond the 96 bytes we're already processing, and we
- # set |%r12| to 0 otherwise. In the case where we set |%r12| to 96,
- # we'll read in the next block so that it is in registers for the next
- # loop iteration. In the case where we set |%r12| to 0, we'll re-read
- # the current block and then ignore what we re-read.
- #
- # At this point, |$in0| points to the current (already read into
- # registers) block, and |$end0| points to 2*96 bytes before the end of
- # the input. Thus, |$in0| > |$end0| means that we do not have the next
- # 96-byte block to read in, and |$in0| <= |$end0| means we do.
xor %r12,%r12
cmp $in0,$end0
@@ -426,9 +409,6 @@ $code.=<<___;
aesni_gcm_decrypt:
.cfi_startproc
xor $ret,$ret
-
- # We call |_aesni_ctr32_ghash_6x|, which requires at least 96 (0x60)
- # bytes of input.
cmp \$0x60,$len # minimal accepted length
jb .Lgcm_dec_abort
@@ -490,15 +470,7 @@ $code.=<<___;
vmovdqu 0x50($inp),$Z3 # I[5]
lea ($inp),$in0
vmovdqu 0x40($inp),$Z0
-
- # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
- # bytes before the end of the input. Note, in particular, that this is
- # correct even if |$len| is not an even multiple of 96 or 16. XXX: This
- # seems to require that |$inp| + |$len| >= 2*96 (0xc0); i.e. |$inp| must
- # not be near the very beginning of the address space when |$len| < 2*96
- # (0xc0).
lea -0xc0($inp,$len),$end0
-
vmovdqu 0x30($inp),$Z1
shr \$4,$len
xor $ret,$ret
@@ -663,10 +635,6 @@ _aesni_ctr32_6x:
aesni_gcm_encrypt:
.cfi_startproc
xor $ret,$ret
-
- # We call |_aesni_ctr32_6x| twice, each call consuming 96 bytes of
- # input. Then we call |_aesni_ctr32_ghash_6x|, which requires at
- # least 96 more bytes of input.
cmp \$0x60*3,$len # minimal accepted length
jb .Lgcm_enc_abort
@@ -723,16 +691,7 @@ $code.=<<___;
.Lenc_no_key_aliasing:
lea ($out),$in0
-
- # |_aesni_ctr32_ghash_6x| requires |$end0| to point to 2*96 (0xc0)
- # bytes before the end of the input. Note, in particular, that this is
- # correct even if |$len| is not an even multiple of 96 or 16. Unlike in
- # the decryption case, there's no caveat that |$out| must not be near
- # the very beginning of the address space, because we know that
- # |$len| >= 3*96 from the check above, and so we know
- # |$out| + |$len| >= 2*96 (0xc0).
lea -0xc0($out,$len),$end0
-
shr \$4,$len
call _aesni_ctr32_6x
diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
index 947ccee..3e201c3 100644
--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
@@ -6,7 +6,6 @@
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
-use integer;
use strict;
use warnings;
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index ecba2dc..241f287 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -121,24 +121,7 @@ int RAND_poll(void)
}
return 1;
}
-# elif defined __OpenBSD__
-int RAND_poll(void)
-{
- u_int32_t rnd = 0, i;
- unsigned char buf[ENTROPY_NEEDED];
-
- for (i = 0; i < sizeof(buf); i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- buf[i] = rnd;
- rnd >>= 8;
- }
- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- OPENSSL_cleanse(buf, sizeof(buf));
-
- return 1;
-}
-# else /* !defined(__OpenBSD__) */
+# else
int RAND_poll(void)
{
unsigned long l;
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 15fa9dc..1c2043e 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -145,17 +145,6 @@ int RAND_load_file(const char *file, long bytes)
goto err;
RAND_add(&sb, sizeof(sb), 0.0);
-# if defined(S_ISBLK) && defined(S_ISCHR)
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't want read an infinite number of
- * bytes from a random device, nor do we want to use buffered I/O
- * because we will waste system entropy.
- */
- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
- setbuf(in, NULL); /* don't do buffered reads */
- }
-# endif
#endif
for (;;) {
if (bytes > 0)
@@ -188,7 +177,6 @@ int RAND_write_file(const char *file)
FILE *out = NULL;
int n;
#ifndef OPENSSL_NO_POSIX_IO
- struct stat sb;
# if defined(S_ISBLK) && defined(S_ISCHR)
# ifdef _WIN32
@@ -197,18 +185,6 @@ int RAND_write_file(const char *file)
* because driver paths are always ASCII.
*/
# endif
- i = stat(file, &sb);
- if (i != -1) {
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't write back to it. we
- * "succeed" on the assumption this is some sort of random
- * device. Otherwise attempting to write to and chmod the device
- * causes problems.
- */
- return 1;
- }
- }
# endif
#endif
@@ -283,9 +259,6 @@ const char *RAND_file_name(char *buf, size_t size)
{
char *s = NULL;
int use_randfile = 1;
-#ifdef __OpenBSD__
- struct stat sb;
-#endif
#if defined(_WIN32) && defined(CP_UTF8)
DWORD len;
@@ -348,19 +321,5 @@ const char *RAND_file_name(char *buf, size_t size)
buf[0] = '\0'; /* no file name */
}
-#ifdef __OpenBSD__
- /*
- * given that all random loads just fail if the file can't be seen on a
- * stat, we stat the file we're returning, if it fails, use /dev/arandom
- * instead. this allows the user to use their own source for good random
- * data, but defaults to something hopefully decent if that isn't
- * available.
- */
-
- if (!buf[0] || stat(buf, &sb) == -1)
- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
- return NULL;
- }
-#endif
return buf[0] ? buf : NULL;
}
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 677f2b2..a11f190 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -21,7 +21,6 @@ B<openssl> B<dgst>
[B<-verify filename>]
[B<-prverify filename>]
[B<-signature filename>]
-[B<-hmac key>]
[B<-fips-fingerprint>]
[B<-engine id>]
[B<-engine_impl>]
@@ -116,10 +115,6 @@ Verify the signature using the private key in "filename".
The actual signature to verify.
-=item B<-hmac key>
-
-Create a hashed MAC using "key".
-
=item B<-mac alg>
Create MAC (keyed Message Authentication Code). The most popular MAC
More information about the openssl-commits
mailing list