Richard Levitte [Sat, 25 Feb 2017 22:38:46 +0000 (23:38 +0100)]
Refactor PEM_read_bio_{PrivateKey,Parameters,DHparams}
They now go through internal STORE routines to do their job.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2746)
Rich Salz [Thu, 7 Nov 2019 20:08:30 +0000 (06:08 +1000)]
Add "sections" to -help output
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help
Add output section
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
Richard Levitte [Thu, 17 Oct 2019 21:53:44 +0000 (23:53 +0200)]
Add a test for EVP_PKEY_keymake() and EVP_PKEY_make()
This test is a bit lame, but will either be completed as functionality
is added in the default provider, or the new functions may start
getting used in evp_test.c and this program will disappear.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)
Richard Levitte [Tue, 15 Oct 2019 12:50:35 +0000 (14:50 +0200)]
Add EVP functionality to create domain params and keys by user data
This is the EVP operation that corresponds to creating direct RSA, DH
and DSA keys and set their numbers, to then assign them to an EVP_PKEY,
but done entirely using an algorithm agnostic EVP interface.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)
Richard Levitte [Tue, 5 Nov 2019 16:48:33 +0000 (17:48 +0100)]
Update INSTALL to document the changed '--api' and 'no-deprecated'
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:38:24 +0000 (17:38 +0100)]
include/openssl/asn1.h: Remove version dependent inclusion of <openssl/bn.h>
It's unclear if this dependency was because ASN1 functions that use
BIGNUM didn't exist before 1.1.0, or if it was a mistaken attempt at
deprecation. Since there exist ASN1 functions using BIGNUM now, it
seems pointless to keep that check, and unnecessarily including
<openssl/bn.h> should be harmless either way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:37:17 +0000 (17:37 +0100)]
Update the check surround the BN_zero() implementation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:36:44 +0000 (17:36 +0100)]
Update some inclusions of <openssl/macros.h>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:35:12 +0000 (17:35 +0100)]
include/openssl/opensslconf.h.in: remove spurious HEADER_FILE_H definition
This macro was never defined in existing releases, there's no reason
for us to create a macro that we immediately deprecate.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:34:09 +0000 (17:34 +0100)]
Update source files for pre-3.0 deprecation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:28:50 +0000 (17:28 +0100)]
Update source files for deprecation at 3.0
Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version. However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.
Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:00:33 +0000 (17:00 +0100)]
Change the logic and behaviour surrounding '--api' and 'no-deprecated'
At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.
At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis. In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.
At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level. BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.
This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.
If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.
Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired. For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().
Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value. If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Rich Salz [Fri, 1 Nov 2019 16:29:34 +0000 (12:29 -0400)]
Strip much out of ssl.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Rich Salz [Fri, 1 Nov 2019 16:27:29 +0000 (12:27 -0400)]
Add L<ssl(7)> to all SSL pages
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Rich Salz [Thu, 17 Oct 2019 20:06:15 +0000 (16:06 -0400)]
Remove outdated info from man7/ssl
There were two paragraphs of useful information about SSL_dup, so
copy that to the right manpage.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Matt Caswell [Fri, 1 Nov 2019 16:09:21 +0000 (16:09 +0000)]
Test EVP_get_[digest|cipher]byname() use the namemap
Following on from the previous commit, we test that if an algorithm has
a provider supplied alias in the namemap then EVP_get_digestbyname() and
EVP_get_cipherbyname() can still find it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)
Matt Caswell [Fri, 1 Nov 2019 14:13:49 +0000 (14:13 +0000)]
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases
Now that we have an EVP namemap containing all aliases that providers
know about for any given algorithm, it is possible that an application
attempts to look up a digest or a cipher via EVP_get_digestbyname() or
EVP_get_cipherbyname() with an algorithm name that is unknown to the
legacy method database. Therefore we extend those functions to
additionally check the aliases in the namemap when searching for a
method in the event that our initial lookup attempt fails.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)
Richard Levitte [Mon, 4 Nov 2019 10:41:01 +0000 (11:41 +0100)]
test/recipes/02-test_ordinals.t: Take '?' and '?+' into account
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:36:54 +0000 (10:36 +0100)]
util/mknum.pl: output stats on unassigned symbols
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:34:10 +0000 (10:34 +0100)]
util/mknum.pl: Call OpenSSL::Ordinals::renumber() for real releases
When the source isn't in development any more (the version number
doesn't the tags 'dev' or 'alpha'), we renumber the unassigned symbols
to ensure that we have fixed numbers on all.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:33:10 +0000 (10:33 +0100)]
util/mkdef.pl: writer_VMS(): handle symbols with no assigned number
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:31:04 +0000 (10:31 +0100)]
OpenSSL::Ordinals: when validating, collect statistics on unassigned syms
If a script wants to display how many symbols have assigned numbers
and how many don't, this gives them those numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:29:53 +0000 (10:29 +0100)]
OpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols
This should be used when it's time to assign constant numbers to the
unassigned symbols.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:28:00 +0000 (10:28 +0100)]
OpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers
We preserve the number or '?' or '?+', but assign numbers internally
on the latter, to ensure we keep the order of the input.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 08:02:28 +0000 (09:02 +0100)]
util/*.num: deassign ordinal numbers from new symbols
Symbols that have appeared since 1.1.1 was released are considered
unassigned in the development branch. This is marked by having a
question mark as its ordinal number.
This introduces two new markers to be used instead of ordinal numbers:
? signifying it gets the previous symbol's number plus one
?+ signifying it gets the same number as the previous symbol
'?+' should remain rare, but is useful to create aliases when needed
(for example when two different symbols clash because they only differ
in character case, see include/openssl/symhacks.h)
The intention is that a development branch won't have set numbers for
new symbols, and that the final numbers will only get allocated when
making beta or final releases.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Wed, 30 Oct 2019 16:06:48 +0000 (17:06 +0100)]
Minimal adaptation of tests back to how it was before
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 15:59:34 +0000 (16:59 +0100)]
EVP: Make the SIGNATURE implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new
signature algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 17:03:07 +0000 (18:03 +0100)]
EVP: Make the KEYEXCH implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new key
exchange algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)
Patrick Steuer [Sat, 2 Nov 2019 23:32:04 +0000 (00:32 +0100)]
s390x assembly pack: process x25519 and x448 non-canonical values
...in constant time.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 23:01:20 +0000 (00:01 +0100)]
Add self-generated test vector for x448 non-canonical values
x25519 has such a test vector obtained from wycheproof but wycheproof
does not have a corresponding x448 test vector.
So add a self-generated test vector for that case.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 22:50:26 +0000 (23:50 +0100)]
s390x assembly pack: fix x448 handling of non-canonical values
The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sun, 3 Nov 2019 21:44:28 +0000 (22:44 +0100)]
s390x assembly pack: perlasm module update
- add instructions: clfi, stck, stckf, kdsa
- clfi and clgfi belong to extended-immediate (not long-displacement)
- some cleanup
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10346)
Matt Caswell [Wed, 30 Oct 2019 13:23:18 +0000 (13:23 +0000)]
Don't assume the type we read was the type we expected
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.
This issue was recently added by commit
4baee2d.
Credit to OSSFuzz for finding this issue.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Matt Caswell [Wed, 30 Oct 2019 13:20:33 +0000 (13:20 +0000)]
Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
stack and then returns a pointer to the stack, or NULL on failure. If
the passed in stack is itself NULL then it allocates one.
i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
returned from i2v_GENERAL_NAME. If a stack had already been allocated then
it just leaked it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Paul Yang [Mon, 4 Nov 2019 03:49:35 +0000 (11:49 +0800)]
Fix no-sm2 issue
Some code is not covered by the macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10319)
Richard Levitte [Mon, 2 Sep 2019 05:59:17 +0000 (07:59 +0200)]
Document added SSL functions related to X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:43:19 +0000 (23:43 +0100)]
X509_LOOKUP_store: Add CHANGES note
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:41:27 +0000 (23:41 +0100)]
Document X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 00:09:44 +0000 (01:09 +0100)]
Adapt two test programs that were using now deprecated functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:28:05 +0000 (15:28 +0100)]
Add a basic test of -CAstore
This code is mainly copied from test_ssl_old
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:27:15 +0000 (15:27 +0100)]
OSSL_STORE: add tracing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:26:34 +0000 (15:26 +0100)]
Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:34:19 +0000 (23:34 +0100)]
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI
This is a wrapper around OSSL_STORE.
This also adds necessary support functions:
- X509_STORE_load_file
- X509_STORE_load_path
- X509_STORE_load_store
- SSL_add_store_cert_subjects_to_stack
- SSL_CTX_set_default_verify_store
- SSL_CTX_load_verify_file
- SSL_CTX_load_verify_dir
- SSL_CTX_load_verify_store
and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations,
as they aren't extensible.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:32:07 +0000 (23:32 +0100)]
OSSL_STORE: constify the criterion parameter a bit more
For some reason, OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_find()
accepted a non-const OSSL_STORE_SEARCH criterion, which isn't at all
necessary.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 1 Nov 2019 15:56:31 +0000 (16:56 +0100)]
Change EVP_PKEY_CTX_new_provided() to take a library context too.
With provided algorithms, the library context is ever present, so of
course it should be specified alongside the algorithm name and
property query string.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Richard Levitte [Thu, 31 Oct 2019 10:43:31 +0000 (11:43 +0100)]
Make EVP_PKEY_CTX initialization more precise
There is a vagueness around how the provider data (algorithm name and
property query string) is initialized in the presence of an engine.
This change modifies this slightly so that the algorithm name for use
with providers is never set if the initilization was given an engine.
This makes it easier for other functions to simply check ctx->algorithm
to see if the context is meant to be used for strictly legacy stuff or
not.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Patrick Steuer [Sat, 2 Nov 2019 13:50:28 +0000 (14:50 +0100)]
Fix --strict-warnings build
The %zd format corresponds to ssize_t which is used for
function to either return a valid size or a negative value
to indicate an error. Since size_t is in [-1,SSIZE_MAX] it
is not a portable way to represent a pointer diff. For
the %td format which corresponds to ptrdiff_t is C11,
we chose to cast to long instead as it is already done
in other places.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10335)
Patrick Steuer [Fri, 1 Nov 2019 22:29:04 +0000 (23:29 +0100)]
s390x assembly pack: enable clang build
clang imposes some restrictions on the assembler code that
gcc does not.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10330)
Richard Levitte [Fri, 1 Nov 2019 21:58:27 +0000 (22:58 +0100)]
doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 21:18:38 +0000 (22:18 +0100)]
test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN()
Now, the returned size check matches the check made for all other
integer types.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 19:44:14 +0000 (20:44 +0100)]
Fix OSSL_PARAM_set_BN() to fill the given buffer correctly.
OSSL_PARAM_set_BN() filled the buffer from the left with as many bytes
as that the BIGNUM takes, regardless of buffer size or native
endianness. This was due to BN_bn2nativepad() being given the size of
the BIGNUM rather than the size of the buffer (which meant it never
had to pad anything).
The fix is to given BN_bn2nativepad() the size of the buffer instead.
This aligns well with the corresponding _set_ functions for native
integer types work.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Sat, 2 Nov 2019 10:18:31 +0000 (11:18 +0100)]
test/build.info: add missing inclusion for ssl_ctx_test
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10334)
Richard Levitte [Tue, 14 May 2019 00:15:14 +0000 (17:15 -0700)]
VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
This system services is based on FreeBSD 12's getentropy(), and is
therefore treated the same way as getentropy() with regards to amount
of entropy bits per data bit.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8926)
Christian Heimes [Sun, 21 Jan 2018 12:19:05 +0000 (13:19 +0100)]
Add test cases for min/max protocol API
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6553)
Richard Levitte [Tue, 29 Oct 2019 12:37:54 +0000 (13:37 +0100)]
Configure: Make --strict-warnings meaningful with MSVC cl
We also add this to our x86_64 builds on appveyor
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10287)
Richard Levitte [Tue, 13 Nov 2018 14:17:21 +0000 (15:17 +0100)]
BIO_s_connect: add an error state and use it
If no connection could be made, addr_iter will eventually end up being
NULL, and if the user didn't check the returned error value, the
BIO_CONN_S_CONNECT code will be performed again and will crash.
So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
when we run out of addresses to try. That state will just simply say
"error" back, until the user does something better with the BIO, such
as free it or reset it.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7630)
Pauli [Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)]
DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Pauli [Fri, 1 Nov 2019 02:47:06 +0000 (12:47 +1000)]
DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).
In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Patrick Steuer [Thu, 31 Oct 2019 20:41:30 +0000 (21:41 +0100)]
s390x: fix build errors
ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10317)
jayaram [Wed, 30 Oct 2019 07:26:18 +0000 (12:56 +0530)]
fix for Missing null check after OPENSSL_zalloc
Fixes #10283
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10296)
Patrick Steuer [Thu, 31 Oct 2019 13:17:31 +0000 (14:17 +0100)]
md4/md5: macros should not include the line following them
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10311)
Scott Wilson [Thu, 31 Oct 2019 11:37:51 +0000 (22:37 +1100)]
Fix potential memory leak in dh_ameth.c
Free dukm in error handling of dh_cms_encrypt()
Fixes #10294
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10310)
Rich Salz [Fri, 4 Oct 2019 21:09:19 +0000 (17:09 -0400)]
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit
a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
Richard Levitte [Tue, 29 Oct 2019 21:17:19 +0000 (22:17 +0100)]
evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)
Jakub Zelenka [Sun, 8 Sep 2019 16:38:35 +0000 (17:38 +0100)]
Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
Billy Brumley [Thu, 17 Oct 2019 20:30:18 +0000 (23:30 +0300)]
[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
Kelvin Lee [Sun, 27 Oct 2019 12:04:39 +0000 (23:04 +1100)]
Fix typo in cipher_chacha20_poly1305_hw.c.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10275)
Tanzinul Islam [Fri, 25 Oct 2019 16:47:25 +0000 (17:47 +0100)]
Fix find/rm command in Unix clean recipe
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).
>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)
Exclude directories from being matched by the `find` commands.
CLA: trivial
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
John Baldwin [Wed, 9 Oct 2019 18:33:00 +0000 (11:33 -0700)]
Don't generate a MAC when using KTLS.
The kernel will generate the MAC when transmitting the frame. Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts. Note that this path is not taken when
using stitched cipher suites.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 23:42:48 +0000 (16:42 -0700)]
Fix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.
This partially reverts
3119ab3c9e6d211c461a245f3744893e17b6c193. In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET. This caused all of the checks
to fail breaking KTLS.
The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.
This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 20:56:09 +0000 (13:56 -0700)]
Simplify NO_KTLS path in SSL_sendfile.
Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Wed, 31 Oct 2018 19:01:47 +0000 (15:01 -0400)]
Bypass multiblock and send individual records when using KTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Mon, 22 Oct 2018 15:02:19 +0000 (11:02 -0400)]
Add support for in-kernel TLS (KTLS) on FreeBSD.
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Richard Levitte [Thu, 24 Oct 2019 15:04:01 +0000 (17:04 +0200)]
crypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10257)
Pauli [Wed, 30 Oct 2019 01:00:19 +0000 (11:00 +1000)]
KDF: use string names not macros to align with other algorithms.
Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly. This brings the KDFs and PRFs into
line with the rest.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)
Dr. Matthias St. Pierre [Sun, 27 Oct 2019 23:55:29 +0000 (00:55 +0100)]
Add a GitHub issue template for documentation issues
This template automatically adds the [issue: documentation] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Dr. Matthias St. Pierre [Sat, 3 Aug 2019 11:30:47 +0000 (13:30 +0200)]
Add a GitHub issue template for questions
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.
This template automatically adds the [issue: question] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Kelvin Lee [Sun, 27 Oct 2019 07:22:34 +0000 (18:22 +1100)]
Fix undefined array OPENSSL_ia32cap_P.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10274)
Pavel Karagodin [Mon, 28 Oct 2019 02:12:06 +0000 (09:12 +0700)]
apps/dgst.c: allocate a new signature buffer
... if the fixed-size buffer is too small.
Fixes #9732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)
Dr. David von Oheimb [Fri, 27 Sep 2019 08:22:23 +0000 (10:22 +0200)]
chunk 5 of CMP contribution to OpenSSL
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)
Matt Caswell [Fri, 18 Oct 2019 15:40:44 +0000 (16:40 +0100)]
Fix an s_server arbitrary file read issue on Windows
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check for this for Unix paths but it is not sufficient
for Windows.
Since s_server is a test tool no CVE is assigned.
Thanks to Jobert Abma for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
Matt Caswell [Wed, 23 Oct 2019 18:32:05 +0000 (19:32 +0100)]
Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
Pauli [Mon, 28 Oct 2019 12:16:50 +0000 (22:16 +1000)]
Clarify the description of the NULL argument in SSL_set1_host().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)
Tobias Nießen [Fri, 18 Oct 2019 18:44:49 +0000 (20:44 +0200)]
Allow EVP_PKEY_get0_RSA for RSA-PSS keys
RSA-PSS keys use the same internal structure as RSA keys but do not
allow accessing it through EVP_PKEY_get0_RSA. This commit changes that
behavior.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10217)
Johannes Bauer [Wed, 23 Oct 2019 12:03:32 +0000 (14:03 +0200)]
Cleanup hardcoded cipher suite codepoints in s_server
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS
PSK server callback. However, they seem to have been refactored a while
ago to use tls13_aes128gcmsha256_id, so these defines are not necessary
within the s_server code anymore.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10243)
Dr. Matthias St. Pierre [Fri, 25 Oct 2019 22:12:23 +0000 (00:12 +0200)]
github: switch issue templates to new labels
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10266)
Dmitry Belyavskiy [Sun, 6 Oct 2019 19:25:10 +0000 (22:25 +0300)]
Strip BOM on loading PEM files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
Rich Salz [Sat, 5 Oct 2019 18:03:57 +0000 (14:03 -0400)]
Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
Tomas Mraz [Wed, 23 Oct 2019 10:48:18 +0000 (12:48 +0200)]
20-test_enc_more.t: Replace deprecated -ciphers option with -list
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)
Rich Salz [Fri, 18 Oct 2019 16:24:39 +0000 (12:24 -0400)]
Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:53:51 +0000 (14:53 +0300)]
Enable runtime testing of no-deprecated builds in Travis
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:41:01 +0000 (14:41 +0300)]
Update control logic for BN_gcd
PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.
When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.
This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Rich Salz [Thu, 10 Oct 2019 01:48:33 +0000 (21:48 -0400)]
Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
Rich Salz [Fri, 18 Oct 2019 13:52:17 +0000 (09:52 -0400)]
Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
Simo Sorce [Tue, 17 Sep 2019 20:35:23 +0000 (16:35 -0400)]
Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
Nicola Tuveri [Mon, 21 Oct 2019 13:07:22 +0000 (16:07 +0300)]
Fix doc for EC_GROUP_set_curve()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Fri, 18 Oct 2019 13:24:08 +0000 (16:24 +0300)]
Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Fri, 18 Oct 2019 12:54:20 +0000 (15:54 +0300)]
Deprecate EC_GROUP_clear_free()
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.
See https://github.com/openssl/openssl/issues/9822
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Wed, 11 Sep 2019 23:25:45 +0000 (02:25 +0300)]
Avoid using EC_GROUP_clear_free() internally
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.
See https://github.com/openssl/openssl/issues/9822
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)