oweals/openssl.git
5 years agoFix find/rm command in Unix clean recipe
Tanzinul Islam [Fri, 25 Oct 2019 16:47:25 +0000 (17:47 +0100)]
Fix find/rm command in Unix clean recipe

The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).

>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)

Exclude directories from being matched by the `find` commands.

CLA: trivial

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)

5 years agoDon't generate a MAC when using KTLS.
John Baldwin [Wed, 9 Oct 2019 18:33:00 +0000 (11:33 -0700)]
Don't generate a MAC when using KTLS.

The kernel will generate the MAC when transmitting the frame.  Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts.  Note that this path is not taken when
using stitched cipher suites.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

5 years agoFix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.
John Baldwin [Fri, 23 Aug 2019 23:42:48 +0000 (16:42 -0700)]
Fix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.

This partially reverts 3119ab3c9e6d211c461a245f3744893e17b6c193.  In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET.  This caused all of the checks
to fail breaking KTLS.

The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.

This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

5 years agoSimplify NO_KTLS path in SSL_sendfile.
John Baldwin [Fri, 23 Aug 2019 20:56:09 +0000 (13:56 -0700)]
Simplify NO_KTLS path in SSL_sendfile.

Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error.  BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

5 years agoBypass multiblock and send individual records when using KTLS.
Andrew Gallatin [Wed, 31 Oct 2018 19:01:47 +0000 (15:01 -0400)]
Bypass multiblock and send individual records when using KTLS.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

5 years agoAdd support for in-kernel TLS (KTLS) on FreeBSD.
Andrew Gallatin [Mon, 22 Oct 2018 15:02:19 +0000 (11:02 -0400)]
Add support for in-kernel TLS (KTLS) on FreeBSD.

- Check for the <sys/ktls.h> header to determine if KTLS support
  is available.
- Populate a tls_enable structure with session key material for
  supported algorithms.  At present, AES-GCM128/256 and AES-CBC128/256
  with SHA1 and SHA2-256 HMACs are supported.  For AES-CBC, only MtE
  is supported.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)

5 years agocrypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP
Richard Levitte [Thu, 24 Oct 2019 15:04:01 +0000 (17:04 +0200)]
crypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10257)

5 years agoKDF: use string names not macros to align with other algorithms.
Pauli [Wed, 30 Oct 2019 01:00:19 +0000 (11:00 +1000)]
KDF: use string names not macros to align with other algorithms.

Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly.  This brings the KDFs and PRFs into
line with the rest.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)

5 years agoAdd a GitHub issue template for documentation issues
Dr. Matthias St. Pierre [Sun, 27 Oct 2019 23:55:29 +0000 (00:55 +0100)]
Add a GitHub issue template for documentation issues

This template automatically adds the [issue: documentation] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)

5 years agoAdd a GitHub issue template for questions
Dr. Matthias St. Pierre [Sat, 3 Aug 2019 11:30:47 +0000 (13:30 +0200)]
Add a GitHub issue template for questions

Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.

This template automatically adds the [issue: question] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)

5 years agoFix undefined array OPENSSL_ia32cap_P.
Kelvin Lee [Sun, 27 Oct 2019 07:22:34 +0000 (18:22 +1100)]
Fix undefined array OPENSSL_ia32cap_P.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10274)

5 years agoapps/dgst.c: allocate a new signature buffer
Pavel Karagodin [Mon, 28 Oct 2019 02:12:06 +0000 (09:12 +0700)]
apps/dgst.c: allocate a new signature buffer

... if the fixed-size buffer is too small.

Fixes #9732

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)

5 years agochunk 5 of CMP contribution to OpenSSL
Dr. David von Oheimb [Fri, 27 Sep 2019 08:22:23 +0000 (10:22 +0200)]
chunk 5 of CMP contribution to OpenSSL

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)

5 years agoFix an s_server arbitrary file read issue on Windows
Matt Caswell [Fri, 18 Oct 2019 15:40:44 +0000 (16:40 +0100)]
Fix an s_server arbitrary file read issue on Windows

Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.

GET /..\myfile.txt HTTP/1.0

There exists a check for this for Unix paths but it is not sufficient
for Windows.

Since s_server is a test tool no CVE is assigned.

Thanks to Jobert Abma for reporting this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)

5 years agoFix a copy&paste error in the TLSv1.3 server side PSK documentation
Matt Caswell [Wed, 23 Oct 2019 18:32:05 +0000 (19:32 +0100)]
Fix a copy&paste error in the TLSv1.3 server side PSK documentation

The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)

5 years agoClarify the description of the NULL argument in SSL_set1_host().
Pauli [Mon, 28 Oct 2019 12:16:50 +0000 (22:16 +1000)]
Clarify the description of the NULL argument in SSL_set1_host().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)

5 years agoAllow EVP_PKEY_get0_RSA for RSA-PSS keys
Tobias Nießen [Fri, 18 Oct 2019 18:44:49 +0000 (20:44 +0200)]
Allow EVP_PKEY_get0_RSA for RSA-PSS keys

RSA-PSS keys use the same internal structure as RSA keys but do not
allow accessing it through EVP_PKEY_get0_RSA. This commit changes that
behavior.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10217)

5 years agoCleanup hardcoded cipher suite codepoints in s_server
Johannes Bauer [Wed, 23 Oct 2019 12:03:32 +0000 (14:03 +0200)]
Cleanup hardcoded cipher suite codepoints in s_server

The hardcoded code points for TLSv1.3 cipher suites are used in the TLS
PSK server callback. However, they seem to have been refactored a while
ago to use tls13_aes128gcmsha256_id, so these defines are not necessary
within the s_server code anymore.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10243)

5 years agogithub: switch issue templates to new labels
Dr. Matthias St. Pierre [Fri, 25 Oct 2019 22:12:23 +0000 (00:12 +0200)]
github: switch issue templates to new labels

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10266)

5 years agoStrip BOM on loading PEM files
Dmitry Belyavskiy [Sun, 6 Oct 2019 19:25:10 +0000 (22:25 +0300)]
Strip BOM on loading PEM files

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
5 years agoFix broken links, mainly typo's
Rich Salz [Sat, 5 Oct 2019 18:03:57 +0000 (14:03 -0400)]
Fix broken links, mainly typo's

Also tweak find-doc-nits while fixing a bug (don't need .in files)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)

5 years ago20-test_enc_more.t: Replace deprecated -ciphers option with -list
Tomas Mraz [Wed, 23 Oct 2019 10:48:18 +0000 (12:48 +0200)]
20-test_enc_more.t: Replace deprecated -ciphers option with -list

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)

5 years agoDocument "get/set-app-data" macros.
Rich Salz [Fri, 18 Oct 2019 16:24:39 +0000 (12:24 -0400)]
Document "get/set-app-data" macros.

Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)

5 years agoEnable runtime testing of no-deprecated builds in Travis
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:53:51 +0000 (14:53 +0300)]
Enable runtime testing of no-deprecated builds in Travis

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)

5 years agoUpdate control logic for BN_gcd
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:41:01 +0000 (14:41 +0300)]
Update control logic for BN_gcd

PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.

When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.

This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.

Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)

5 years agoDocument the -inform, etc., in openssl.pod
Rich Salz [Thu, 10 Oct 2019 01:48:33 +0000 (21:48 -0400)]
Document the -inform, etc., in openssl.pod

Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)

5 years agoFix some wording and markup
Rich Salz [Fri, 18 Oct 2019 13:52:17 +0000 (09:52 -0400)]
Fix some wording and markup

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)

5 years agoAdd KRB5KDF from RFC 3961
Simo Sorce [Tue, 17 Sep 2019 20:35:23 +0000 (16:35 -0400)]
Add KRB5KDF from RFC 3961

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)

5 years agoFix doc for EC_GROUP_set_curve()
Nicola Tuveri [Mon, 21 Oct 2019 13:07:22 +0000 (16:07 +0300)]
Fix doc for EC_GROUP_set_curve()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)

5 years agoImprove formatting for man3/EC_GROUP_new.pod
Nicola Tuveri [Fri, 18 Oct 2019 13:24:08 +0000 (16:24 +0300)]
Improve formatting for man3/EC_GROUP_new.pod

- Use `()` to qualify function names, consistently
- Limit line width to 80 chars

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)

5 years agoDeprecate EC_GROUP_clear_free()
Nicola Tuveri [Fri, 18 Oct 2019 12:54:20 +0000 (15:54 +0300)]
Deprecate EC_GROUP_clear_free()

There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.

See https://github.com/openssl/openssl/issues/9822

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)

5 years agoAvoid using EC_GROUP_clear_free() internally
Nicola Tuveri [Wed, 11 Sep 2019 23:25:45 +0000 (02:25 +0300)]
Avoid using EC_GROUP_clear_free() internally

There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.

See https://github.com/openssl/openssl/issues/9822

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)

5 years agofixed the RETURN VALUES section in the EC_GROUP documentation
jayaram [Thu, 22 Aug 2019 05:21:25 +0000 (10:51 +0530)]
fixed the RETURN VALUES section in the EC_GROUP documentation
for the following functions.

EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)

5 years agoAdd/remove things from .gitignore
Rich Salz [Sat, 19 Oct 2019 17:35:16 +0000 (13:35 -0400)]
Add/remove things from .gitignore

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10220)

5 years agocrypto/s390xcap.c: Add guards around the GETAUXVAL checks
Richard Levitte [Fri, 13 Sep 2019 09:43:18 +0000 (11:43 +0200)]
crypto/s390xcap.c: Add guards around the GETAUXVAL checks

HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we
add a guard that checks the present of that macro.  While we're at it,
we do the same with HWCAP_S390_STFLE, for consistency.

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9892)

5 years agocrypto/evp/pmeth_lib.c: Fix copy'n'paste error
Richard Levitte [Sun, 20 Oct 2019 18:49:32 +0000 (20:49 +0200)]
crypto/evp/pmeth_lib.c: Fix copy'n'paste error

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10227)

5 years agoFix leak with no-ec config
raja-ashok [Wed, 16 Oct 2019 11:45:03 +0000 (17:15 +0530)]
Fix leak with no-ec config

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10194)

5 years agociphers/chacha20,poly1303: Fix two coverity errors
Dr. Matthias St. Pierre [Sun, 20 Oct 2019 11:10:38 +0000 (13:10 +0200)]
ciphers/chacha20,poly1303: Fix two coverity errors

CID 14548721454873:  Incorrect expression  (SIZEOF_MISMATCH)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10223)

5 years agowindows-makefile.tmpl: Convert all /I and /D to -I and -D
Richard Levitte [Sun, 20 Oct 2019 07:09:56 +0000 (09:09 +0200)]
windows-makefile.tmpl: Convert all /I and /D to -I and -D

We were not consistently using one or the other, and the perlasm
code assumes dashes, which MSVC tolerates.

Fixes #10075

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10222)

5 years agoMove random-related defines from e_os.h to rand_unix.c
Dr. Matthias St. Pierre [Sun, 29 Sep 2019 23:00:59 +0000 (01:00 +0200)]
Move random-related defines from e_os.h to rand_unix.c

Fixes #10049

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10050)

5 years agorand_unix.c: correct include guard comments
Dr. Matthias St. Pierre [Mon, 30 Sep 2019 07:05:44 +0000 (09:05 +0200)]
rand_unix.c: correct include guard comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10050)

5 years agoUpdate dgst.c to show a list of message digests
agnosticdev [Mon, 16 Sep 2019 12:09:01 +0000 (07:09 -0500)]
Update dgst.c to show a list of message digests

Fixes #9893

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9912)

5 years agoDoc for the added internal RSA functions
Richard Levitte [Thu, 17 Oct 2019 16:40:47 +0000 (18:40 +0200)]
Doc for the added internal RSA functions

It was forgotten in the previous commit.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10206)

5 years agoMove the version function declarations to include/openssl/crypto.h
Richard Levitte [Thu, 17 Oct 2019 16:15:13 +0000 (18:15 +0200)]
Move the version function declarations to include/openssl/crypto.h

include/openssl/crypto.h is where older similar functions already
live, and since opensslv.h became a template, it's no longer useful
for parsing by util/mknum.pl.

Affected declarations:

 unsigned int OPENSSL_version_major(void);
 unsigned int OPENSSL_version_minor(void);
 unsigned int OPENSSL_version_patch(void);
 const char *OPENSSL_version_pre_release(void);
 const char *OPENSSL_version_build_metadata(void);

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)

5 years agoRemove the version number in README
Richard Levitte [Thu, 17 Oct 2019 14:12:37 +0000 (16:12 +0200)]
Remove the version number in README

It's cumbersome to have to edit it at release time, it can't be made a
README.in for display reasons (Github won't show it), and having the
version number here gives no special benefit.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)

5 years agoGenerate include/openssl/opensslv.h
Richard Levitte [Thu, 17 Oct 2019 14:05:38 +0000 (16:05 +0200)]
Generate include/openssl/opensslv.h

The added benefit is that the result becomes much simple, and easier to
digest for those that still rely on the pre-3.0 opensslv.h contents.

Fixes #10203

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)

5 years agoConfigure: get version from the file 'VERSION' instead of 'opensslv.h'
Richard Levitte [Thu, 17 Oct 2019 14:03:06 +0000 (16:03 +0200)]
Configure: get version from the file 'VERSION' instead of 'opensslv.h'

'VERSION' is a very easy file to parse, as opposed to a header file.
We also have the benefit of holding the version information in one
very well known place and can then generate all other version texts
as we see fit, for example opensslv.h.

Fixes #10203

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)

5 years agoReplace BUF_ string function calls with OPENSSL_ ones
Rich Salz [Thu, 17 Oct 2019 19:45:34 +0000 (15:45 -0400)]
Replace BUF_ string function calls with OPENSSL_ ones

Deprecate the BUF_ string macros

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10207)

5 years agoMove BLAKE2 digests completely to the default provider
Richard Levitte [Tue, 4 Jun 2019 11:43:31 +0000 (13:43 +0200)]
Move BLAKE2 digests completely to the default provider

This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256,
that are now only there to provide a name for implicit fetches.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9075)

5 years agoevp_keymgmt_export_to_provider(): adjust OSSL_PARAM array for transfer
Richard Levitte [Wed, 16 Oct 2019 22:32:20 +0000 (00:32 +0200)]
evp_keymgmt_export_to_provider(): adjust OSSL_PARAM array for transfer

It may be that the OSSL_PARAM array we used for getting parameter
values for a key had a few too many entries.  These are detected by
their return_size == 0.  Before making second export call, we prune
away these items so we only ask for parameters that exist.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)

5 years agotest/keymgmt_internal_test.c: New test of keymgmt internals
Richard Levitte [Wed, 16 Oct 2019 22:26:44 +0000 (00:26 +0200)]
test/keymgmt_internal_test.c: New test of keymgmt internals

This tests diverse internal KEYMGMT features.  The current existing
test checks that evp_keymgmt_export_to_provider() passes the key data
correctly through two instances of the default provider, and that the
resulting numbers at the end match the initial numbers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)

5 years agoNew RSA keymgmt implementation to handle import / export of RSA keys
Richard Levitte [Tue, 15 Oct 2019 19:31:45 +0000 (21:31 +0200)]
New RSA keymgmt implementation to handle import / export of RSA keys

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)

5 years agoAdded internal functions for easy getting and setting all RSA parameters.
Richard Levitte [Tue, 15 Oct 2019 18:28:02 +0000 (20:28 +0200)]
Added internal functions for easy getting and setting all RSA parameters.

rsa_set0_all_params() is used to set all the primes, exponents and
coefficients.  rsa_get0_all_params() is used to get all the primes,
exponents and coefficients.

"All" includes p, q, dP, dQ and qInv without making them separate.

All arrays of numbers are implemented as stacks to make dynamic use
easier.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)

5 years agoAdd GCD testing infrastructure.
Cesar Pereida Garcia [Fri, 20 Sep 2019 11:11:19 +0000 (14:11 +0300)]
Add GCD testing infrastructure.

This commit adds testing and Known Answer Tests (KATs) to OpenSSL for
the `BN_gcd` function.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10122)

5 years agoConstant-time GCD function.
Cesar Pereida Garcia [Fri, 13 Sep 2019 14:54:54 +0000 (17:54 +0300)]
Constant-time GCD function.

This commit replaces the current `BN_gcd` function with a constant-time
GCD implementation.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10122)

5 years agoUnify BN_rshift design
Cesar Pereida Garcia [Wed, 16 Oct 2019 09:10:18 +0000 (12:10 +0300)]
Unify BN_rshift design

This commit aims at refactoring the `BN_rshift` by making it a wrapper
around `bn_rshift_fixed_top`, in order to match the current design of
`BN_lshift`, as suggested in the discussion at
https://github.com/openssl/openssl/pull/10122#discussion_r332474277 .

As described in the code, by refactoring this function, `BN_rshift`
provides a constant-time behavior for sufficiently[!] zero-padded inputs
under the following assumptions: `|n < BN_BITS2|` or `|n / BN_BITS2|`
being non-secret.

Notice that `BN_rshift` returns a canonical representation of the
BIGNUM, if a `fixed_top` representation is required, the caller should
call `bn_rshift_fixed_top` instead.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10196)

5 years agoDon't abuse the API when that's not what is tested
Richard Levitte [Tue, 15 Oct 2019 09:35:09 +0000 (11:35 +0200)]
Don't abuse the API when that's not what is tested

test_EVP_PKEY_CTX_get_set_params() in test/evp_extra_test.c abused
previously sloppy checking in EVP_PKEY_sign_init_ex(), by passing a
"key to sign with" that was really just domain parameters.

Now that underlying provider import of key payload has become a bit
more strict, that leads to errors, so we need to provide at least a
public part (even though fake), and because this is a signing
operation, a private part as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoDSA: Add export of keys and domain parameters from provider
Richard Levitte [Mon, 14 Oct 2019 08:37:08 +0000 (10:37 +0200)]
DSA: Add export of keys and domain parameters from provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoDH: Add export of keys and domain parameters from provider
Richard Levitte [Mon, 14 Oct 2019 08:36:14 +0000 (10:36 +0200)]
DH: Add export of keys and domain parameters from provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoDSA: Add export of domain parameters to provider
Richard Levitte [Mon, 14 Oct 2019 08:11:40 +0000 (10:11 +0200)]
DSA: Add export of domain parameters to provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoDH: Add export of domain parameters to provider
Richard Levitte [Mon, 14 Oct 2019 08:10:58 +0000 (10:10 +0200)]
DH: Add export of domain parameters to provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoPKEY: adapt the export_to_provider funtions to handle domain params too
Richard Levitte [Mon, 14 Oct 2019 06:41:17 +0000 (08:41 +0200)]
PKEY: adapt the export_to_provider funtions to handle domain params too

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10169)

5 years agoConfigure: break long lines in build files
Richard Levitte [Thu, 23 May 2019 14:45:47 +0000 (16:45 +0200)]
Configure: break long lines in build files

Fixes #8961

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8990)

5 years agoRename internal function name_cmp() to v3_name_cmp()
Richard Levitte [Mon, 14 Oct 2019 14:28:29 +0000 (16:28 +0200)]
Rename internal function name_cmp() to v3_name_cmp()

"name_cmp" caused a clash when linking with the static libcrypto.
The slight rename is better than nothing, as v3_ is an already existing
prefix.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoevp_generic_do_all(): fix passing of method data
Richard Levitte [Tue, 24 Sep 2019 01:42:18 +0000 (03:42 +0200)]
evp_generic_do_all(): fix passing of method data

Method data was passed down as provider to ossl_algorithm_do_all(),
which causes trouble as soon a it's non-NULL.  Pass it via the data
structure instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years ago'openssl list' and 'openssl provider': adapt display of multiple names
Richard Levitte [Mon, 23 Sep 2019 09:30:05 +0000 (11:30 +0200)]
'openssl list' and 'openssl provider': adapt display of multiple names

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoEVP: add functions that return the name number
Richard Levitte [Mon, 23 Sep 2019 09:16:21 +0000 (11:16 +0200)]
EVP: add functions that return the name number

The returned number can be used for comparison purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoEVP: add name traversal functions to all fetchable types
Richard Levitte [Mon, 23 Sep 2019 08:56:13 +0000 (10:56 +0200)]
EVP: add name traversal functions to all fetchable types

The following new functions all do the same thing; they traverse
the set of names assigned to implementations of each algorithm type:

EVP_MD_names_do_all(), EVP_CIPHER_names_do_all(),
EVP_MAC_names_do_all(), EVP_KEYMGMT_names_do_all(),
EVP_KEYEXCH_names_do_all(), EVP_KDF_names_do_all(),
EVP_SIGNATURE_names_do_all()

We add a warning to the documentation of EVP_CIPHER_name() and
EVP_MD_name(), as they aren't suitable to use with multiple-name
implementation.

We also remove EVP_MAC_name() and evp_KDF_name(), as they serve no
useful purpose.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoEVP: add missing common functionality
Richard Levitte [Mon, 23 Sep 2019 08:33:26 +0000 (10:33 +0200)]
EVP: add missing common functionality

This adds the missing functions that should be common for all
fetchable EVP sub-APIs:

EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().

This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoSome docs cleanup
Richard Levitte [Mon, 23 Sep 2019 08:17:19 +0000 (10:17 +0200)]
Some docs cleanup

Clean up a few manual pages that we're about to touch, according to
conventions found in Linux' man-pages(7); function arguments in
descriptions should be in italics, and types, macros and similar
should be in bold, with the exception for NULL.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)

5 years agoFor provided ciphers, EVP_CIPHER_CTX_ctrl() with EVP_CTRL_INIT always returns 1
Richard Levitte [Tue, 15 Oct 2019 14:45:12 +0000 (16:45 +0200)]
For provided ciphers, EVP_CIPHER_CTX_ctrl() with EVP_CTRL_INIT always returns 1

This control command should never be used with provided methods, but
since this is publically available, someone might still make the
mistake.  We make sure it returns 1 so as not to be overly
disruptive.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10163)

5 years agoEVP_{CIPHER,MD}_CTX_ctrl(): make extra sure to return 0 or 1
Richard Levitte [Sun, 13 Oct 2019 11:00:46 +0000 (13:00 +0200)]
EVP_{CIPHER,MD}_CTX_ctrl(): make extra sure to return 0 or 1

The previous fix was incomplete.

Fixes #10106

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10163)

5 years ago[KDF] Add feedback-mode and CMAC support to KBKDF
Robbie Harwood [Thu, 17 Oct 2019 02:45:03 +0000 (12:45 +1000)]
[KDF] Add feedback-mode and CMAC support to KBKDF

Implement SP800-108 section 5.2 with CMAC support.  As a side effect,
enable 5.1 with CMAC and 5.2 with HMAC.  Add test vectors from RFC 6803.

Add OSSL_KDF_PARAM_CIPHER and PROV_R_INVALID_SEED_LENGTH.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10143)

5 years agodoc/man3/EVP_PKEY_CTX_new.pod: change markup according to conventions
Richard Levitte [Tue, 15 Oct 2019 14:55:00 +0000 (16:55 +0200)]
doc/man3/EVP_PKEY_CTX_new.pod: change markup according to conventions

Convention source is man-pages(7)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10184)

5 years agoAdd EVP_PKEY_CTX_new_provided()
Richard Levitte [Tue, 15 Oct 2019 11:08:17 +0000 (13:08 +0200)]
Add EVP_PKEY_CTX_new_provided()

This works as much as possible EVP_PKEY_CTX_new_id(), except it takes
data that's relevant for providers, algorithm name and property query
string instead of NID and engine.

Additionally, if EVP_PKEY_CTX_new() or EVP_PKEY_CTX_new_id() was
called, the algorithm name in the EVP_PKEY context will be set to the
short name of the given NID (explicit or the one of the given
EVP_PKEY), thereby giving an easier transition from legacy methods to
provided methods.

The intent is that operations will use this information to fetch
provider methods implicitly as needed.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10184)

5 years agoFix typo and create compatibility macro
Andreas Schnebinger [Sat, 12 Oct 2019 16:48:40 +0000 (18:48 +0200)]
Fix typo and create compatibility macro

CLA:trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9472)

5 years agoCorrectly handle SSL3 Master Secret when calling providers
Matt Caswell [Tue, 15 Oct 2019 12:27:21 +0000 (13:27 +0100)]
Correctly handle SSL3 Master Secret when calling providers

We need to pass the SSL3 Master Secret down to the provider code in order
for SSLv3 to work correctly.

Fixes #10182

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10186)

5 years agoAdd ChaCha related ciphers to default provider
Shane Lontis [Wed, 16 Oct 2019 06:18:42 +0000 (16:18 +1000)]
Add ChaCha related ciphers to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10081)

5 years agoFix missing Assembler defines
Shane Lontis [Tue, 15 Oct 2019 02:35:41 +0000 (12:35 +1000)]
Fix missing Assembler defines

Implementations are now spread across several libraries, so the assembler
related defines need to be applied to all affected libraries and modules.

AES_ASM define was missing from libimplementations.a which disabled AESNI
aarch64 changes were made by xkqian.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10180)

5 years ago[ec_asn1.c] Avoid injecting seed when built-in matches
Nicola Tuveri [Thu, 10 Oct 2019 17:30:58 +0000 (20:30 +0300)]
[ec_asn1.c] Avoid injecting seed when built-in matches

An unintended consequence of https://github.com/openssl/openssl/pull/9808
is that when an explicit parameters curve is matched against one of the
well-known builtin curves we automatically inherit also the associated
seed parameter, even if the input parameters excluded such
parameter.

This later affects the serialization of such parsed keys, causing their
input DER encoding and output DER encoding to differ due to the
additional optional field.

This does not cause problems internally but could affect external
applications, as reported in
https://github.com/openssl/openssl/pull/9811#issuecomment-536153288

This commit fixes the issue by conditionally clearing the seed field if
the original input parameters did not include it.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10140)

5 years agoRefactor many common flags into openssl.pod
Rich Salz [Fri, 4 Oct 2019 02:28:40 +0000 (22:28 -0400)]
Refactor many common flags into openssl.pod

Options moved: -rand, -writerand, -CApath, -CAfile, -no-CApath, -no-CAfile
Added rand to dgst and srp manpages (they were missing them).
New sections in openssl.pod: Random State Options, Trusted Certificate
Options.
Cleanup and add comments to find-doc-nits
Remove ".in" file support; unless giving specific arguments, this
only runs after configuration

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10118)

5 years agoRemove duplicated line in 'openssl list' output
Rich Salz [Fri, 11 Oct 2019 13:46:59 +0000 (09:46 -0400)]
Remove duplicated line in 'openssl list' output

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10150)

5 years agoAdd BN_check_prime()
Kurt Roeckx [Sun, 6 Oct 2019 15:21:16 +0000 (17:21 +0200)]
Add BN_check_prime()

Add a new API to test for primes that can't be misused, deprecated the
old APIs.

Suggested by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272

5 years agoUse fewer primes for the trial division
Kurt Roeckx [Sun, 6 Oct 2019 11:48:10 +0000 (13:48 +0200)]
Use fewer primes for the trial division

When using Miller-Rabin to test for primes, it's can be faster to first
do trial divisions, but when doing too many trial divisions it gets
slower again. We reduce the number of trial divisions to a point that
gives better performance.

Based on research by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272

5 years agoMove MD2, MD4 and MD5 digests completely to the providers
Richard Levitte [Sun, 13 Oct 2019 12:44:54 +0000 (14:44 +0200)]
Move MD2, MD4 and MD5 digests completely to the providers

This leaves minimal implementations of EVP_md2, EVP_md4, EVP_md5 and
EVP_mdc2, that are now only there to provide a name for implicit fetches.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10164)

5 years agoReplace '=for comment ifdef' with '=for openssl'
Rich Salz [Fri, 11 Oct 2019 15:52:12 +0000 (11:52 -0400)]
Replace '=for comment ifdef' with '=for openssl'

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10151)

5 years agoBuilding: Add modules with DEPENDs to GENERATEd files
Richard Levitte [Sun, 13 Oct 2019 10:33:15 +0000 (12:33 +0200)]
Building: Add modules with DEPENDs to GENERATEd files

For files GENERATEd from templates (.in files), any perl module (.pm
file) that the file depends on will automatically be used.

This means that these two lines:

    GENERATE[foo]=foo.in
    DEPEND[foo]=whatever.pm

will emit this command in a Makefile (or corresponding):

    foo: foo.in whatever.pm configdata.pm
    $(PERL) -I. -Ipathto -Mwhatever -Mconfigdata $(SRCDIR)/util/dofile.pl \\
        foo.in > foo

Note that configdata.pm is automatically added, since util/dofile.pl
itself depends on it.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10162)

5 years agoRestore MD5-SHA1 in legacy method database
Richard Levitte [Mon, 14 Oct 2019 14:07:41 +0000 (16:07 +0200)]
Restore MD5-SHA1 in legacy method database

If we remove these, the functions EVP_get_digestbyname() and
EVP_get_cipherbyname() will stop working entirely, and it's too early
to criple them yet.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10176)

5 years agoKDF: clean away old EVP_KDF declarations
Richard Levitte [Mon, 14 Oct 2019 10:12:54 +0000 (12:12 +0200)]
KDF: clean away old EVP_KDF declarations

They were left-overs from when we still had the legacy KDF implementation

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10170)

5 years agoRemove providers/default which seems to have been missed.
Pauli [Thu, 10 Oct 2019 12:05:28 +0000 (22:05 +1000)]
Remove providers/default which seems to have been missed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10147)

5 years agoConfigure: accept Windows style compiler options
Dr. Matthias St. Pierre [Fri, 20 Sep 2019 22:14:16 +0000 (00:14 +0200)]
Configure: accept Windows style compiler options

Currently the Configure command only supports passing UNIX style
options (`-opt`) to the compiler. Passing Windows style options
(`/opt`) yields an error. Fortunately, the compiler accepts both
types of options, nevertheless this commit fixes that discrimination
of Windows users.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9961)

5 years agoIgnore empty ALPN elements in CLI args
Viktor Dukhovni [Fri, 11 Oct 2019 21:52:19 +0000 (17:52 -0400)]
Ignore empty ALPN elements in CLI args

Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoRemove EVP_CIPH_FLAG_CUSTOM_CIPHER in all our providers
Richard Levitte [Thu, 10 Oct 2019 16:16:19 +0000 (18:16 +0200)]
Remove EVP_CIPH_FLAG_CUSTOM_CIPHER in all our providers

Not needed any more, since the presence of the OSSL_FUNC_CIPHER_CIPHER
function is enough to tell that there's a custom cipher function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)

5 years agoProviders: fix OSSL_FUNC_CIPHER_CIPHER functions
Richard Levitte [Thu, 10 Oct 2019 16:14:33 +0000 (18:14 +0200)]
Providers: fix OSSL_FUNC_CIPHER_CIPHER functions

This involves gcm_cipher() (providers/common/ciphers/cipher_gcm.c),
ccm_cipher() (providers/common/ciphers/cipher_ccm.c), and
tdes_wrap_cipher() (providers/common/ciphers/cipher_tdes_wrap.c)

These are generic implementations of the OSSL_FUNC_CIPHER_CIPHER
function, which returned -1 on error when they should return 0.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)

5 years agoFix EVP_Cipher() for provided cipher implementations
Richard Levitte [Thu, 10 Oct 2019 16:04:06 +0000 (18:04 +0200)]
Fix EVP_Cipher() for provided cipher implementations

EVP_Cipher() would return whatever ctx->cipher->ccipher() returned
with no regard for historical semantics.

We change this to first look if there is a ctx->cipher->ccipher(), and
in that case we treat the implementation as one with a custom cipher,
and "translate" it's return value like this: 0 => -1, 1 => outl, where
|outl| is the output length.

If there is no ctx->cipher->ccipher, we treat the implementation as
one without a custom cipher, call ctx->cipher->cupdate or
ctx->cipher->cfinal depending on input, and return whatever they
return (0 or 1).

Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the
cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the
flags to be returned if there is a cipher->ccipher.  That way,
provided implementations never have to set that flag themselves, all
they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)

5 years agoPOD: stop abusing comment
Richard Levitte [Sun, 29 Sep 2019 15:10:59 +0000 (17:10 +0200)]
POD: stop abusing comment

OpenSSL uses some POD directives masquerading as 'comment'
('=for comment' etc).  This is abusive and confusing.  Instead, we use
our own keyword.

    =for openssl whatever

    =begin openssl

    whatever

    =end openssl

(we have never used the multiline form, but might start one day)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10048)

5 years agoAdd a test for EVP_Digest[Sign|Verify]* with a BIO MD
Matt Caswell [Mon, 7 Oct 2019 17:21:39 +0000 (18:21 +0100)]
Add a test for EVP_Digest[Sign|Verify]* with a BIO MD

If an EVP_MD_CTX is initialised with EVP_DigestSignInit_ex() or
EVP_DigestVerifyInit_ex() it should work with an MD BIO to provide
the "Updates". Test that this is the case.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)

5 years agoSupport calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update
Matt Caswell [Mon, 7 Oct 2019 16:47:04 +0000 (17:47 +0100)]
Support calling EVP_DigestUpdate instead of EVP_Digest[Sign|Verify]Update

Prior to OpenSSL 3.0 EVP_Digest[Sign|Verify|Update were just macros for
EVP_DigestUpdate. They are now separate functions. Unfortunately some
code assumes that EVP_Digest[Sign|Verify]Update is interchangeable with
EVP_DigestUpdate. For example the dgst app uses an MD bio which always
calls EVP_DigestUpdate(). However the dgst app supports signing instead
of digesting and may initialise with EVP_DigestSignInit_ex() instead of
just EVP_DigestInit().

We now detect these differences and redirect to the correct function
where appropriate.

Fixes #10114

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)

5 years agoDon't use internal knowledge about EVP_MD_CTX in and MD BIO
Matt Caswell [Mon, 7 Oct 2019 16:45:25 +0000 (17:45 +0100)]
Don't use internal knowledge about EVP_MD_CTX in and MD BIO

There is no need for us to be diving inside the EVP_MD_CTX in the
implementation of an MD BIO. We can just use public APIs. By doing this
certain calls (such as getting the MD out of the BIO were not working
correctly) where providers are in use.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10116)

5 years agoDoc: update internal build.info manual
Richard Levitte [Fri, 11 Oct 2019 06:22:01 +0000 (08:22 +0200)]
Doc: update internal build.info manual

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10148)