oweals/openssl.git
4 years agoTemporarily disable some Travis external tests
Matt Caswell [Mon, 23 Dec 2019 14:52:03 +0000 (14:52 +0000)]
Temporarily disable some Travis external tests

The pyca-cryptography external test has been failing for a long time.
It looks like upstream needs to make some changes to adapt to 3.0.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)

4 years agoDon't run test_conf in cross compiled builds
Matt Caswell [Mon, 23 Dec 2019 14:39:57 +0000 (14:39 +0000)]
Don't run test_conf in cross compiled builds

test_conf was failing in travis for mingw builds. We run these on linux
via wine. However due to line break differences the tests were failing.
We just skip these in a cross compiled build.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)

4 years agoFix a race condition in the speed command
Bernd Edlinger [Sun, 22 Dec 2019 18:40:03 +0000 (19:40 +0100)]
Fix a race condition in the speed command

The timer alarm sets run = 0, while the benchmark
does run = 1 in the initialization code.  That is
a race condition, if the timer goes off too early
the benchmark runs forever.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10680)

4 years agoConfigurations/windows-makefile.tmpl: HTMLDOCS are files, not directories
Richard Levitte [Mon, 2 Dec 2019 08:48:44 +0000 (09:48 +0100)]
Configurations/windows-makefile.tmpl: HTMLDOCS are files, not directories

Remove them using "del", not "rmdir"

Fixes #10553

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10555)

4 years agoRemoved now documented stuff from util/missing*.txt
Richard Levitte [Mon, 23 Dec 2019 17:43:26 +0000 (18:43 +0100)]
Removed now documented stuff from util/missing*.txt

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10683)

4 years agoutil/find-doc-nits: when loading "missing" files, check if documented
Richard Levitte [Sun, 22 Dec 2019 22:52:30 +0000 (23:52 +0100)]
util/find-doc-nits: when loading "missing" files, check if documented

It may be that some "missing" manuals have been written since their
insertion in the "missing" files.  Make sure to alert when such manual
references are found.

This works, because we collect all existing manual references into
%name_map first.

Fixes #10681

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10683)

4 years agoUpdate the krb5 submodule
Benjamin Kaduk [Mon, 23 Dec 2019 18:35:48 +0000 (10:35 -0800)]
Update the krb5 submodule

Bring us up to date with upstream's 1.17.1 release.  Among other
things, it includes commit c2497d46b4bad473e164943d67b58cd1ae261c3a
which fixes several issues that affect running the test suite under
Travis CI.  Hopefully those will work transitively for us as well.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10690)

4 years agoAdd some missing cfi frame info in rc4-md5-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 17:50:51 +0000 (18:50 +0100)]
Add some missing cfi frame info in rc4-md5-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10679)

4 years agoAdd some missing cfi frame info in poly1305-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 15:29:17 +0000 (16:29 +0100)]
Add some missing cfi frame info in poly1305-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10678)

4 years agoAdd some missing cfi frame info in aesni-gcm-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 14:39:58 +0000 (15:39 +0100)]
Add some missing cfi frame info in aesni-gcm-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10677)

4 years agoAdd some missing cfi frame info in x25519-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 10:48:54 +0000 (11:48 +0100)]
Add some missing cfi frame info in x25519-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10676)

4 years agoFix aesni_cbc_sha256_enc_avx2 backtrace info
Bernd Edlinger [Sat, 21 Dec 2019 21:09:45 +0000 (22:09 +0100)]
Fix aesni_cbc_sha256_enc_avx2 backtrace info

We store a secondary frame pointer info for the debugger
in the red zone.  This fixes a crash in the unwinder when
this function is interrupted.

Additionally the missing cfi function annotation is added
to aesni_cbc_sha256_enc_shaext.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10674)

4 years agoAdd some missing cfi frame info in ecp_nistz256-x86_64.pl
Bernd Edlinger [Fri, 20 Dec 2019 23:20:31 +0000 (00:20 +0100)]
Add some missing cfi frame info in ecp_nistz256-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10672)

4 years agoFix no-dsa builds
Matt Caswell [Wed, 18 Dec 2019 11:22:17 +0000 (11:22 +0000)]
Fix no-dsa builds

Add a guard in a build.info file for no-dsa builds

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoFix no-dh
Matt Caswell [Wed, 18 Dec 2019 11:14:29 +0000 (11:14 +0000)]
Fix no-dh

The new serializer code broke no-dh builds so we add some more guards to fix it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoFix evp_extra_test with no-dh
Matt Caswell [Wed, 18 Dec 2019 11:00:42 +0000 (11:00 +0000)]
Fix evp_extra_test with no-dh

The new DH test in evp_extra_test.c broke the no-dh build so we add some
guards to fix it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoAdd fips self test DEP for solaris and hpux
Shane Lontis [Sat, 21 Dec 2019 23:44:38 +0000 (09:44 +1000)]
Add fips self test DEP for solaris and hpux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10640)

4 years agoRemove asn1 module dependency from RSASSA-PKCS1-v1_5 implementation.
Shane Lontis [Sat, 21 Dec 2019 23:37:17 +0000 (09:37 +1000)]
Remove asn1 module dependency from RSASSA-PKCS1-v1_5 implementation.

Replace use of the asn1 module (X509_SIG, X509_ALGOR, ASN1_TYPE,
ASN1_OCTET_STRING, i2d_X509_SIG(), etc.) as well as OID lookups using
OBJ_nid2obj() with pre-generated DigestInfo encodings for MD2, MD5, MDC-2,
SHA-1, SHA-2 and SHA-3; the encoding is selected based on the NID. This is
similar to the approach used by the old FOM.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9138)

4 years agoRename doc/man7/provider-asymcipher.pod
Richard Levitte [Fri, 13 Dec 2019 10:57:57 +0000 (11:57 +0100)]
Rename doc/man7/provider-asymcipher.pod

The correct name is doc/man7/provider-asym_cipher.pod, to match the
name in the NAME section.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agodoc/man1/openssl-cmds.pod: Add invisble name 'openssl-cmds'
Richard Levitte [Fri, 13 Dec 2019 10:57:04 +0000 (11:57 +0100)]
doc/man1/openssl-cmds.pod: Add invisble name 'openssl-cmds'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoOpenSSL::Util::extract_pod_info(): Allow invisible names
Richard Levitte [Fri, 13 Dec 2019 10:54:55 +0000 (11:54 +0100)]
OpenSSL::Util::extract_pod_info(): Allow invisible names

This should be very unusual, but we do have a case of a name we don't
want to display.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoOpenSSL::Util::extract_pod_info(): Read the POD one paragraph at a time
Richard Levitte [Fri, 13 Dec 2019 10:53:31 +0000 (11:53 +0100)]
OpenSSL::Util::extract_pod_info(): Read the POD one paragraph at a time

POD files should always be treated this way

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoAdjust all util/missing*.txt to include the section number
Richard Levitte [Thu, 12 Dec 2019 18:55:16 +0000 (19:55 +0100)]
Adjust all util/missing*.txt to include the section number

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoutil/find-doc-nits: Better checking of missing documentation
Richard Levitte [Thu, 12 Dec 2019 18:50:41 +0000 (19:50 +0100)]
util/find-doc-nits: Better checking of missing documentation

The names collected in util/missing*.txt are not file names, but
symbol names, and to compare properly with script data, the section
name must be included.

All symbols found in util/lib*.num are library functions, so we know
that they are in manual section 3 and can simply add that info.  The
same goes for all macros found in C headers.

Finally, we get rid of getdocced() and its associated hash table
%docced.  We already have the appropriate information in %name_map.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoperl: OpenSSL::Util::Pod::extract_pod_info() now saves the file contents
Richard Levitte [Thu, 12 Dec 2019 18:49:49 +0000 (19:49 +0100)]
perl: OpenSSL::Util::Pod::extract_pod_info() now saves the file contents

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoAdd some missing cfi frame info in aesni-sha and sha-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 22:15:03 +0000 (23:15 +0100)]
Add some missing cfi frame info in aesni-sha and sha-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10655)

4 years agoAdd some missing cfi frame info in keccak1600-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 21:31:00 +0000 (22:31 +0100)]
Add some missing cfi frame info in keccak1600-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10654)

4 years agoAdd some missing cfi frame info in aesni-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 19:20:53 +0000 (20:20 +0100)]
Add some missing cfi frame info in aesni-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10653)

4 years agoAdd some missing cfi frame info in rsaz-x86_64
Bernd Edlinger [Wed, 18 Dec 2019 18:27:55 +0000 (19:27 +0100)]
Add some missing cfi frame info in rsaz-x86_64

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10652)

4 years agoAdd some missing cfi frame info in x86_64-mont5.pl
Bernd Edlinger [Wed, 18 Dec 2019 17:35:12 +0000 (18:35 +0100)]
Add some missing cfi frame info in x86_64-mont5.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10651)

4 years agoAdd some missing cfi frame info in aes-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 16:33:03 +0000 (17:33 +0100)]
Add some missing cfi frame info in aes-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10650)

4 years agoAdd some missing cfi frame info in camellia-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 09:12:26 +0000 (10:12 +0100)]
Add some missing cfi frame info in camellia-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10642)

4 years agoFix no-des build
Bernd Edlinger [Wed, 18 Dec 2019 10:14:45 +0000 (11:14 +0100)]
Fix no-des build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10643)

4 years agoEVP & PROV: Fix all platform inclusions
Richard Levitte [Thu, 19 Dec 2019 12:33:35 +0000 (13:33 +0100)]
EVP & PROV: Fix all platform inclusions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)

4 years agoCRYPTO: split cipher_platform.h into algorithm specific headers
Richard Levitte [Thu, 19 Dec 2019 12:31:29 +0000 (13:31 +0100)]
CRYPTO: split cipher_platform.h into algorithm specific headers

aes_platform.h
cmll_platform.h
des_platform.h

To make this possible, we must also define DES_ASM and CMLL_ASM to
indicate that we have the necessary internal support.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)

4 years agoFix regression on x509 keyform argument
Jussi Keranen [Wed, 11 Dec 2019 13:08:04 +0000 (15:08 +0200)]
Fix regression on x509 keyform argument

In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
which doesn't support engine. This changes type of keyform argument
to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
including keyform and CAkeyform.

This restores the pre 1.1.0 behavior.

This issue is very similar than https://github.com/openssl/openssl/issues/4366

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10609)

4 years agoUse a function to generate do-not-edit comment
Rich Salz [Thu, 31 Oct 2019 03:35:08 +0000 (23:35 -0400)]
Use a function to generate do-not-edit comment

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10316)

4 years agoMake Windows build more robust
Haohui Mai [Sat, 7 Dec 2019 08:44:16 +0000 (00:44 -0800)]
Make Windows build more robust

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10586)

4 years agoFix travis timeout by excluding arm64 gcc -fsanitize=address build
Shane Lontis [Thu, 19 Dec 2019 07:50:50 +0000 (17:50 +1000)]
Fix travis timeout by excluding arm64 gcc -fsanitize=address build

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10639)

4 years agoOptimize AES-GCM implementation on aarch64
Fangming.Fang [Fri, 31 May 2019 10:15:10 +0000 (10:15 +0000)]
Optimize AES-GCM implementation on aarch64

Comparing to current implementation, this change can get more
performance improved by tunning the loop-unrolling factor in
interleave implementation as well as by enabling high level parallelism.

Performance(A72)

new
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     113065.51k   375743.00k   848359.51k  1517865.98k  1964040.19k  1986663.77k
aes-192-gcm     110679.32k   364470.63k   799322.88k  1428084.05k  1826917.03k  1848967.17k
aes-256-gcm     104919.86k   352939.29k   759477.76k  1330683.56k  1663175.34k  1670430.72k

old
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     115595.32k   382348.65k   855891.29k  1236452.35k  1425670.14k  1429793.45k
aes-192-gcm     112227.02k   369543.47k   810046.55k  1147948.37k  1286288.73k  1296941.06k
aes-256-gcm     111543.90k   361902.36k   769543.59k  1070693.03k  1208576.68k  1207511.72k

Change-Id: I28a2dca85c001a63a2a942e80c7c64f7a4fdfcf7

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9818)

4 years agoTEST: Add test recipe and help program to test BIO_f_prefix()
Richard Levitte [Thu, 12 Dec 2019 13:51:59 +0000 (14:51 +0100)]
TEST: Add test recipe and help program to test BIO_f_prefix()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoEVP: Adapt EVP_PKEY_print_ routines to use BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 17:35:48 +0000 (18:35 +0100)]
EVP: Adapt EVP_PKEY_print_ routines to use BIO_f_prefix()

We take the opportunity to refactor EVP_PKEY_print_public,
EVP_PKEY_print_private, EVP_PKEY_print_params to lessen the amount of
code copying.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoASN1: Adapt ASN.1 output routines to use BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 16:58:01 +0000 (17:58 +0100)]
ASN1: Adapt ASN.1 output routines to use BIO_f_prefix()

We modify asn1_print_info() to print the full line.  It pushes a
BIO_f_prefix() BIO to the given |bp| if it can't detect that it's
already present, then uses both the prefix and indent settings to get
formatting right.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoAPPS & TEST: Adapt to use the new BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 15:13:12 +0000 (16:13 +0100)]
APPS & TEST: Adapt to use the new BIO_f_prefix()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoBIO: Add BIO_f_prefix(), a text line prefixing filter
Richard Levitte [Wed, 27 Nov 2019 15:02:33 +0000 (16:02 +0100)]
BIO: Add BIO_f_prefix(), a text line prefixing filter

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agocrypto/bio/build.info: split the source files in categories
Richard Levitte [Wed, 27 Nov 2019 15:01:32 +0000 (16:01 +0100)]
crypto/bio/build.info: split the source files in categories

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoFix unwind info for some trivial functions
Bernd Edlinger [Tue, 17 Dec 2019 08:05:32 +0000 (09:05 +0100)]
Fix unwind info for some trivial functions

While stack unwinding works with gdb here, the
function _Unwind_Backtrace gives up when something outside
.cfi_startproc/.cfi_endproc is found in the call stack, like
OPENSSL_cleanse, OPENSSL_atomic_add, OPENSSL_rdtsc, CRYPTO_memcmp
and other trivial functions which don't save anything in the stack.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10635)

4 years agoFix build when enabling mdebug options.
Rich Salz [Sat, 14 Dec 2019 23:54:14 +0000 (18:54 -0500)]
Fix build when enabling mdebug options.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10629)

4 years agoCleanup legacy digest methods.
Shane Lontis [Wed, 18 Dec 2019 04:46:01 +0000 (14:46 +1000)]
Cleanup legacy digest methods.

Macros have been added to generate the simple legacy methods.
Engines and EVP_MD_METH_get methods still require access to the old legacy methods,
so they needed to be added back in.
They may only be removed after engines are deprecated and removed.
Removed some unnecessary #includes and #ifndef guards (which are done in build.info instead).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10602)

4 years agoapps/speed.c: Fix eddsa sign and verify output with -multi option
Saritha [Tue, 29 Oct 2019 06:40:55 +0000 (12:10 +0530)]
apps/speed.c: Fix eddsa sign and verify output with -multi option

Fixes #10261
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10285)

4 years agoEVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY
Richard Levitte [Mon, 2 Dec 2019 11:00:58 +0000 (12:00 +0100)]
EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY

The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY
(no legacy data) wasn't handled properly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10618)

4 years agoUpdate the HISTORY entry for RSA_get0_pss_params()
Matt Caswell [Wed, 4 Dec 2019 10:21:52 +0000 (10:21 +0000)]
Update the HISTORY entry for RSA_get0_pss_params()

Make a note of when this function was first introduced

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10568)

(cherry picked from commit e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d)

4 years agoTest that EVP_PKEY_set1_DH() correctly identifies the DH type
Matt Caswell [Mon, 9 Dec 2019 12:03:02 +0000 (12:03 +0000)]
Test that EVP_PKEY_set1_DH() correctly identifies the DH type

Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)

4 years agoEnsure EVP_PKEY_set1_DH detects X9.42 keys
Matt Caswell [Mon, 9 Dec 2019 11:51:48 +0000 (11:51 +0000)]
Ensure EVP_PKEY_set1_DH detects X9.42 keys

OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.

Fixes #10592

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)

4 years agoReturn 1 when openssl req -addext kv is duplicated
kinichiro [Thu, 5 Dec 2019 11:00:50 +0000 (20:00 +0900)]
Return 1 when openssl req -addext kv is duplicated

CLA: trivial

Fixes #10273

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10578)

4 years agoDeprecated crypto-mdebug-backtrace
Rich Salz [Wed, 11 Dec 2019 15:56:12 +0000 (10:56 -0500)]
Deprecated crypto-mdebug-backtrace

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)

4 years agoDeprecate most of debug-memory
Rich Salz [Wed, 4 Dec 2019 18:15:08 +0000 (13:15 -0500)]
Deprecate most of debug-memory

Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains.  OpenSSL recommends using
the compiler's leak-detection instead.

The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed.  All of the
above are now deprecated.

Merge (now really small) mem_dbg.c into mem.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)

4 years agoParse large GOST ClientKeyExchange messages
Dmitry Belyavskiy [Thu, 7 Nov 2019 14:35:13 +0000 (17:35 +0300)]
Parse large GOST ClientKeyExchange messages

Large GOST ClientKeyExchange messages are sent by VipNet CSP, one of
Russian certified products implementing GOST TLS, when a server
certificate contains 512-bit keys.

This behaviour was present in 1.0.2 branch and needs to be restored.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10376)

4 years agoRemove CRYPTO_secure_allocated from util/missingcrypto111.txt
Richard Levitte [Wed, 11 Dec 2019 18:21:49 +0000 (19:21 +0100)]
Remove CRYPTO_secure_allocated from util/missingcrypto111.txt

Followup on #10523

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10611)

4 years agoAdd better support for using deprecated symbols internally
Richard Levitte [Wed, 11 Dec 2019 13:36:36 +0000 (14:36 +0100)]
Add better support for using deprecated symbols internally

OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the
deprecation macros not to add the warning attribute.  However, with
'no-deprecated', the symbols are still removed entirely, while we
might still want to use them internally.

The solution is to permit <openssl/opensslconf.h> macros to be
modified internally, such as undefining OPENSSL_NO_DEPRECATED in this
case.

However, with the way <openssl/opensslconf.h> includes
<openssl/macros.h>, that's easier said than done.  That's solved by
generating <openssl/configuration.h> instead, and add a new
<openssl/opensslconf.h> that includes <openssl/configuration.h> as
well as <openssl/macros.h>, thus allowing to replace an inclusion of
<openssl/opensslconf.h> with this:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

    #include <openssl/macros.h>

Or simply add the following prior to any other openssl inclusion:

    #include <openssl/configuration.h>

    #undef OPENSSL_NO_DEPRECATED
    #define OPENSSL_SUPPRESS_DEPRECATED

Note that undefining OPENSSL_NO_DEPRECATED must never be done by
applications, since the symbols must still be exported by the
library.  Internal test programs are excempt of this rule, though.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10608)

4 years agotest/namemap_internal_test.c: use "cookie" instead of "foo"...
Richard Levitte [Tue, 10 Dec 2019 19:38:09 +0000 (20:38 +0100)]
test/namemap_internal_test.c: use "cookie" instead of "foo"...

... in test_namemap()

Because tests may sometimes run in random order (subject of the
environment variable OPENSSL_TEST_RAND_ORDER being defined), and we're
dealing with the global namemap, each test must use names that are
globally unique for that test.  Unfortunately, we used "foo" in two of
them, which might lead to surprising results.

Fixes #10401

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10601)

4 years agoCheck return value after loading config file
kinichiro [Wed, 11 Dec 2019 12:12:53 +0000 (21:12 +0900)]
Check return value after loading config file

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10607)

4 years agomac poly1305: add missing NULL check in new function.
Pauli [Wed, 11 Dec 2019 21:34:46 +0000 (07:34 +1000)]
mac poly1305: add missing NULL check in new function.

Bug reported by Kihong Heo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10613)

4 years agomac siphash: add missing NULL check on context creation
Pauli [Wed, 11 Dec 2019 21:34:22 +0000 (07:34 +1000)]
mac siphash: add missing NULL check on context creation

Bug reported by Kihong Heo.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10613)

4 years agoVarious missing-link fixes
Rich Salz [Sat, 5 Oct 2019 22:14:30 +0000 (18:14 -0400)]
Various missing-link fixes

Also, turn missing L<foo(3)> into foo(3)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10104)

4 years agoPROV: Move AES_GCM specialisation away from common cipher header
Richard Levitte [Wed, 11 Dec 2019 12:43:24 +0000 (13:43 +0100)]
PROV: Move AES_GCM specialisation away from common cipher header

The AES_GCM specialisation was defined in the common cipher header
providers/implementations/include/prov/ciphercommon_gcm.h, when it
should in fact be in a local providers/implementations/ciphers/
header.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10606)

4 years agoPROV: Move AES_CCM specialisation away from common cipher header
Richard Levitte [Wed, 11 Dec 2019 12:11:34 +0000 (13:11 +0100)]
PROV: Move AES_CCM specialisation away from common cipher header

The AES_CCM specialisation was defined in the common cipher header
providers/implementations/include/prov/ciphercommon_ccm.h, when it
should in fact be in a local providers/implementations/ciphers/
header.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10606)

4 years agochunk 6 of CMP contribution to OpenSSL
Dr. David von Oheimb [Tue, 5 Nov 2019 08:56:59 +0000 (09:56 +0100)]
chunk 6 of CMP contribution to OpenSSL

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10297)

4 years agorand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure
Dr. Matthias St. Pierre [Wed, 11 Dec 2019 21:41:00 +0000 (07:41 +1000)]
rand_lib.c: fix null pointer dereferences after RAND_get_rand_method() failure

RAND_get_rand_method() can return a NULL method pointer in the case of a
malloc failure, so don't dereference it without a check.

Reported-by: Zu-Ming Jiang (detected by FIFUZZ)
Fixes #10480

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10483)

4 years agoAdd support for otherName:NAIRealm in output
Jan-Frederik Rieckers [Mon, 9 Dec 2019 14:33:32 +0000 (15:33 +0100)]
Add support for otherName:NAIRealm in output

This commit adds support for displaying RFC 7585 otherName:NAIRealm in
the text output of openssl

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10594)

4 years agoEnrich arm64 tests in Travis matrix
Fangming.Fang [Fri, 15 Nov 2019 07:47:22 +0000 (07:47 +0000)]
Enrich arm64 tests in Travis matrix

1, Remove simple test just with --strict-warnings enabled.
2, Share the three common envs with amd64.
3, Add matrix item running test in bionic(default xenial) for arm64.
4, Enable MSan test on arm64 for extended test.
5, Enable UBSan test on arm64 for extended test.

Change-Id: Ic1f2c5e39ee6fbafed6ede74a925301121463520

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10519)

4 years agoFix docs for CRYPTO_secure_allocated
Rich Salz [Tue, 26 Nov 2019 14:16:41 +0000 (09:16 -0500)]
Fix docs for CRYPTO_secure_allocated

Fixes #9300

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10523)

4 years agoFix some typos
Veres Lajos [Sat, 30 Nov 2019 23:18:47 +0000 (23:18 +0000)]
Fix some typos

Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)

4 years agoOptimize AES-ECB mode in OpenSSL for both aarch64 and aarch32
XiaokangQian [Thu, 7 Nov 2019 02:36:45 +0000 (02:36 +0000)]
Optimize AES-ECB mode in OpenSSL for both aarch64 and aarch32

Aes-ecb mode can be optimized by inverleaving cipher operation on
several blocks and loop unrolling. Interleaving needs one ideal
unrolling factor, here we adopt the same factor with aes-cbc,
which is described as below:
    If blocks number > 5, select 5 blocks as one iteration,every
    loop, decrease the blocks number by 5.
    If 3 < left blocks < 5 select 3 blocks as one iteration, every
    loop, decrease the block number by 3.
    If left blocks < 3, treat them as tail blocks.
Detailed implementation will have a little adjustment for squeezing
code space.
With this way, for small size such as 16 bytes, the performance is
similar as before, but for big size such as 16k bytes, the performance
improves a lot, even reaches to 100%, for some arches such as A57,
the improvement  even exceeds 100%. The following table will list the
encryption performance data on aarch64, take a72 and a57 as examples.
Performance value takes the unit of cycles per byte, takes the format
as comparision of values. List them as below:

A72:
                            Before optimization     After optimization  Improve
evp-aes-128-ecb@16          17.26538237             16.82663866         2.61%
evp-aes-128-ecb@64          5.50528499              5.222637557         5.41%
evp-aes-128-ecb@256         2.632700213             1.908442892         37.95%
evp-aes-128-ecb@1024        1.876102047             1.078018868         74.03%
evp-aes-128-ecb@8192        1.6550392               0.853982929         93.80%
evp-aes-128-ecb@16384       1.636871283             0.847623957         93.11%
evp-aes-192-ecb@16          17.73104961             17.09692468         3.71%
evp-aes-192-ecb@64          5.78984398              5.418545192         6.85%
evp-aes-192-ecb@256         2.872005308             2.081815274         37.96%
evp-aes-192-ecb@1024        2.083226672             1.25095642          66.53%
evp-aes-192-ecb@8192        1.831992057             0.995916251         83.95%
evp-aes-192-ecb@16384       1.821590009             0.993820525         83.29%
evp-aes-256-ecb@16          18.0606306              17.96963317         0.51%
evp-aes-256-ecb@64          6.19651997              5.762465812         7.53%
evp-aes-256-ecb@256         3.176991394             2.24642538          41.42%
evp-aes-256-ecb@1024        2.385991919             1.396018192         70.91%
evp-aes-256-ecb@8192        2.147862636             1.142222597         88.04%
evp-aes-256-ecb@16384       2.131361787             1.135944617         87.63%

A57:
                            Before optimization     After optimization  Improve
evp-aes-128-ecb@16          18.61045121             18.36456218         1.34%
evp-aes-128-ecb@64          6.438628994             5.467959461         17.75%
evp-aes-128-ecb@256         2.957452881             1.97238604          49.94%
evp-aes-128-ecb@1024        2.117096219             1.099665054         92.52%
evp-aes-128-ecb@8192        1.868385973             0.837440804         123.11%
evp-aes-128-ecb@16384       1.853078526             0.822420027         125.32%
evp-aes-192-ecb@16          19.07021756             18.50018552         3.08%
evp-aes-192-ecb@64          6.672351486             5.696088921         17.14%
evp-aes-192-ecb@256         3.260427769             2.131449916         52.97%
evp-aes-192-ecb@1024        2.410522832             1.250529718         92.76%
evp-aes-192-ecb@8192        2.17921605              0.973225504         123.92%
evp-aes-192-ecb@16384       2.162250997             0.95919871          125.42%
evp-aes-256-ecb@16          19.3008384              19.12743654         0.91%
evp-aes-256-ecb@64          6.992950658             5.92149541          18.09%
evp-aes-256-ecb@256         3.576361743             2.287619504         56.34%
evp-aes-256-ecb@1024        2.726671027             1.381267599         97.40%
evp-aes-256-ecb@8192        2.493583657             1.110959913         124.45%
evp-aes-256-ecb@16384       2.473916816             1.099967073         124.91%

Change-Id: Iccd23d972e0d52d22dc093f4c208f69c9d5a0ca7

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10518)

4 years agoMore testing for sign/verify through `dgst` and `pkeyutl`
Nicola Tuveri [Mon, 11 Nov 2019 13:52:52 +0000 (15:52 +0200)]
More testing for sign/verify through `dgst` and `pkeyutl`

Add tests for signature generation and verification with `dgst` and
`pkeyutl` CLI for common key types:
- RSA
- DSA
- ECDSA
- EdDSA

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10410)

4 years agoMore testing for CLI usage of Ed25519 and Ed448 keys
Nicola Tuveri [Mon, 11 Nov 2019 10:13:10 +0000 (12:13 +0200)]
More testing for CLI usage of Ed25519 and Ed448 keys

Add testing for the `req` app and explicit conversion tests similar to
what is done for ECDSA keys.

The included test keys for Ed25519 are from the examples in RFC 8410
(Sec. 10)

The key for Ed448 is derived from the first of the test vectors in
RFC 8032 (Sec. 7.4) using OpenSSL to encode it into PEM format.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10410)

4 years agoConfigure: use ELFv2 ABI on some ppc64 big endian systems
Andy Polyakov [Sun, 5 May 2019 16:30:55 +0000 (18:30 +0200)]
Configure: use ELFv2 ABI on some ppc64 big endian systems

If _CALL_ELF is defined to be 2, it's an ELFv2 system.
Conditionally switch to the v2 perlasm scheme.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)

4 years agocrypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
Andy Polyakov [Sun, 5 May 2019 16:25:50 +0000 (18:25 +0200)]
crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour

This is a big endian ELFv2 configuration. ELFv2 was already being
used for little endian, and big endian was traditionally ELFv1
but there are practical configurations that use ELFv2 with big
endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)

4 years agoMove providers/common/{ciphers,digests}/* to providers/implementations
Richard Levitte [Tue, 3 Dec 2019 18:41:05 +0000 (19:41 +0100)]
Move providers/common/{ciphers,digests}/* to providers/implementations

The idea to have all these things in providers/common was viable as
long as the implementations was spread around their main providers.
This is, however, no longer the case, so we move the common blocks
closer to the source that use them.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10564)

4 years agoRemove handling of outdated macro's
Rich Salz [Mon, 18 Nov 2019 10:29:21 +0000 (05:29 -0500)]
Remove handling of outdated macro's

DECLARE_STACK_OF was renamed to DEFINE_STACK_OF in commit 8588571.
Expanded the only use of TYPEDEF_{D2I,I2D,D2I2D}_OF, so that they can
easily be removed in a future release

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10464)

4 years agoConfiguration: compute openssl_other_defines and related info later
Richard Levitte [Wed, 4 Dec 2019 09:55:05 +0000 (10:55 +0100)]
Configuration: compute openssl_other_defines and related info later

The computation of macros and configdata.pm related data from %disabled
was done much too early, leaving later disablings without real support.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10566)

4 years agoDisable devcryptoeng on newer OpenBSD versions
Richard Levitte [Tue, 3 Dec 2019 23:14:02 +0000 (00:14 +0100)]
Disable devcryptoeng on newer OpenBSD versions

It's reported that /dev/crypto support has been dropped in OpenBSD 5.7.

Fixes #10552

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10566)

4 years agotest/memleaktest.c: Modify for use with address/leak sanitizer
Richard Levitte [Mon, 25 Nov 2019 16:13:10 +0000 (17:13 +0100)]
test/memleaktest.c: Modify for use with address/leak sanitizer

Detects if leak sanitizing is on, and directs the exit code accordingly.

Note that this program is designed to fail when leaking, as that's
expected, so to make it easy for wrapper scripts, we also make it look
like it fails when sanitizing isn't on.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9294)

4 years agoUse leak sanitizer instead of internal mdebug to check for memory leaks
Richard Levitte [Tue, 2 Jul 2019 14:23:27 +0000 (16:23 +0200)]
Use leak sanitizer instead of internal mdebug to check for memory leaks

The leak sanitizer gives better reports (complete stack traces) and
works as a wrapper around the application instead of relying on
cooperative enabling and disabling calls (which are too easy to get
unbalanced).

Related to #8322

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9294)

4 years agoMove U64 macro from sha.h to sha512.c
avas [Thu, 5 Dec 2019 14:14:44 +0000 (06:14 -0800)]
Move U64 macro from sha.h to sha512.c

Summary:
U64 is too common name for macro, being in public header sha.h it
conflicts with other projects (WAVM in my case). Moving macro from
public header to the only .c file using it.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10579)

4 years agoapps/speed: replace list of #define by enums declarations.
FdaSilvaYY [Wed, 9 May 2018 20:27:27 +0000 (22:27 +0200)]
apps/speed: replace list of #define by enums declarations.
it simplifies some pieces of code.
Improve internal assertions
Tag a few #endif with OPENSSL_NO_EC to mark its ending.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: factorize ec test curves declarations
FdaSilvaYY [Tue, 15 Oct 2019 21:33:02 +0000 (23:33 +0200)]
apps/speed: factorize ec test curves declarations
remove 'test' prefix from variable names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: improve sm2 failure code.
FdaSilvaYY [Sat, 19 Oct 2019 15:55:36 +0000 (17:55 +0200)]
apps/speed: improve sm2 failure code.
attach the new objects sooner, so error handling is simplified.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: simplify 'doit' action flag management code.
FdaSilvaYY [Tue, 5 Jun 2018 17:56:06 +0000 (19:56 +0200)]
apps/speed: simplify 'doit' action flag management code.
Optimize algorithm selection code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: initialize key material only when its algo is selected.
FdaSilvaYY [Tue, 5 Jun 2018 17:44:42 +0000 (19:44 +0200)]
apps/speed: initialize key material only when its algo is selected.
Remove some duplicate key data declarations.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: remove a shared global variable
FdaSilvaYY [Sat, 19 Oct 2019 17:37:01 +0000 (19:37 +0200)]
apps/speed: remove a shared global variable
replace |save_count| by the right c[D_EVP(_xxx)] variable.
this may shared a value between various algorithm.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: discard useless protoypes as these methods are defines before being used.
FdaSilvaYY [Sat, 19 Oct 2019 15:58:07 +0000 (17:58 +0200)]
apps/speed: discard useless protoypes as these methods are defines before being used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoapps/speed: allow to continue tests after any init failure handling.
FdaSilvaYY [Sat, 19 Oct 2019 14:38:21 +0000 (16:38 +0200)]
apps/speed: allow to continue tests after any init failure handling.
previouly the exit(1) call was aborting the whole execution.
Improve error message.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10078)

4 years agoDifference between EVP_CipherInit and EVP_CipherInit_ex
Dmitry Belyavskiy [Sun, 1 Dec 2019 08:53:14 +0000 (11:53 +0300)]
Difference between EVP_CipherInit and EVP_CipherInit_ex

Fixes #10455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10550)

4 years agoAdd a CHANGES entry for CVE-2019-1551
Bernd Edlinger [Thu, 5 Dec 2019 00:20:14 +0000 (01:20 +0100)]
Add a CHANGES entry for CVE-2019-1551

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10574)

4 years agoAdd a test case for rsaz_512_sqr overflow handling
Bernd Edlinger [Wed, 4 Dec 2019 21:38:19 +0000 (22:38 +0100)]
Add a test case for rsaz_512_sqr overflow handling

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10574)

4 years agoImprove the overflow handling in rsaz_512_sqr
Bernd Edlinger [Wed, 4 Dec 2019 11:57:41 +0000 (12:57 +0100)]
Improve the overflow handling in rsaz_512_sqr

We have always a carry in %rcx or %rbx in range 0..2
from the previous stage, that is added to the result
of the 64-bit square, but the low nibble of any square
can only be 0, 1, 4, 9.

Therefore one "adcq $0, %rdx" can be removed.
Likewise in the ADX code we can remove one
"adcx %rbp, $out" since %rbp is always 0, and carry is
also zero, therefore that is a no-op.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10574)

4 years agoFix an overflow bug in rsaz_512_sqr
Andy Polyakov [Wed, 4 Dec 2019 11:48:21 +0000 (12:48 +0100)]
Fix an overflow bug in rsaz_512_sqr

There is an overflow bug in the x64_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
result of this defect would be very difficult to perform and are not believed
likely. Attacks against DH512 are considered just feasible. However, for an
attack the target would have to re-use the DH512 private key, which is not
recommended anyway. Also applications directly using the low level API
BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.

CVE-2019-1551

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10574)

4 years agoAdd documentation for the newly added RSA_PKCS1_WITH_TLS_PADDING
Matt Caswell [Mon, 11 Nov 2019 16:33:24 +0000 (16:33 +0000)]
Add documentation for the newly added RSA_PKCS1_WITH_TLS_PADDING

Documentation for RSA_PKCS1_WITH_TLS_PADDING padding mode as per the
previous commits, as well as the associated parameters for this mode.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10411)

4 years agoMove constant time RSA code out of libssl
Matt Caswell [Mon, 11 Nov 2019 15:54:33 +0000 (15:54 +0000)]
Move constant time RSA code out of libssl

Server side RSA key transport code in a Client Key Exchange message
currently uses constant time code to check that the RSA decrypt is
correctly formatted. The previous commit taught the underlying RSA
implementation how to do this instead, so we use that implementation and
remove this code from libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10411)