oweals/openssl.git
4 years agoImplement a Filtering Provider
Matt Caswell [Mon, 4 May 2020 15:26:07 +0000 (16:26 +0100)]
Implement a Filtering Provider

The filtering provider can be used to place a filter in front of the
default provider. Initially to filter out certain algorithms from being
available for test purposes.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoImplement OSSL_PROVIDER_get0_provider_ctx()
Matt Caswell [Fri, 8 May 2020 15:44:02 +0000 (16:44 +0100)]
Implement OSSL_PROVIDER_get0_provider_ctx()

Implement a function which enables us to get hold of the provider ctx
for a loaded provider.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoEnable applications to directly call a provider's query operation
Matt Caswell [Mon, 4 May 2020 14:28:15 +0000 (15:28 +0100)]
Enable applications to directly call a provider's query operation

This is useful to get hold of the low-level dispatch tables. This could
be used to create a new provider based on an existing one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoCheck that Signature Algorithms are available before using them
Matt Caswell [Fri, 1 May 2020 16:41:25 +0000 (17:41 +0100)]
Check that Signature Algorithms are available before using them

We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select them.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

4 years agoAPPS: Drop interactive mode in the 'openssl' program
Richard Levitte [Wed, 3 Jun 2020 08:49:50 +0000 (10:49 +0200)]
APPS: Drop interactive mode in the 'openssl' program

This mode is severely untested and unmaintained, is seems not to be
used very much.

Closes #4679
Closes #6292

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12023)

4 years agoAnnounce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md
Dr. David von Oheimb [Wed, 3 Jun 2020 12:13:01 +0000 (14:13 +0200)]
Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md

This is a follow-up of PR #12013.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12026)

4 years agofips: add additional algorithms to the FIPS provider.
Pauli [Wed, 3 Jun 2020 00:55:49 +0000 (10:55 +1000)]
fips: add additional algorithms to the FIPS provider.

Discussions are ongoing but the OMC has approved the in-principle addition
of these algorithms to the upcoming FIPS validation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12020)

4 years agoMinor doc fix for EVP_PKEY_CTX_new_from_pkey
Jaimee Brown [Wed, 3 Jun 2020 04:28:06 +0000 (14:28 +1000)]
Minor doc fix for EVP_PKEY_CTX_new_from_pkey

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12021)

4 years agoAdd github sponsor button
Kurt Roeckx [Wed, 3 Jun 2020 20:01:31 +0000 (22:01 +0200)]
Add github sponsor button

Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #12035

4 years ago[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation
Nicola Tuveri [Tue, 2 Jun 2020 18:06:48 +0000 (21:06 +0300)]
[crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation

`crypto/ec/ecp_nistz256.c` contained code sections guarded by a
`ECP_NISTZ256_AVX2` define.

The relevant comment read:

> /*
>  * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
>  * code processing 4 points in parallel, corresponding serial operation
>  * is several times slower, because it uses 29x29=58-bit multiplication
>  * as opposite to 64x64=128-bit in integer-only scalar case. As result
>  * it doesn't provide *significant* performance improvement. Note that
>  * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
>  * you'd need to compile even asm/ecp_nistz256-avx.pl module.
>  */

Without diminishing the quality of the original submission, it's evident
that this code has been basically unreachable without modifications to
the library source code and is under-tested.

This commit removes these sections from the codebase.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12019)

4 years agoAdd cipher list ciphersuites which using encryption algorithm in mode CBC.
Otto Hollmann [Thu, 28 May 2020 11:39:33 +0000 (13:39 +0200)]
Add cipher list ciphersuites which using encryption algorithm in mode CBC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11984)

4 years agoCORE: make sure activated fallback providers stay activated
Richard Levitte [Sat, 23 May 2020 14:39:18 +0000 (16:39 +0200)]
CORE: make sure activated fallback providers stay activated

Calling 'OSSL_PROVIDER_available(NULL, "default")' would search for
the "default" provider, and in doing so, activate it if necessary,
thereby detecting that it's available...  and then immediately free
it, which could deactivate that provider, even though it should stay
available.

We solve this by incrementing the refcount for activated fallbacks one
extra time, thereby simulating an explicit OSSL_PROVIDER_load(), and
compensate for it with an extra ossl_provider_free() when emptying the
provider store.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)

4 years agoTEST: Add provider_fallback_test, to test aspects of fallback providers
Richard Levitte [Sat, 23 May 2020 14:34:07 +0000 (16:34 +0200)]
TEST: Add provider_fallback_test, to test aspects of fallback providers

There are cases where the fallback providers aren't treated right.
For example, the following calls, in that order, will end up with
a failed EVP_KEYMGMT_fetch(), even thought the default provider
does supply an implementation of the "RSA" keytype.

    EVP_KEYMGMT *rsameth = NULL;

    OSSL_PROVIDER_available(NULL, "default");
    rsameth = EVP_KEYMGMT_fetch(NULL, "RSA", NULL);

For good measure, this also tests that explicit loading of the default
provider won't fail.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11926)

4 years agoFix missed fields in EVP_PKEY_meth_copy.
Aaron Thompson [Sat, 11 Apr 2020 00:56:15 +0000 (00:56 +0000)]
Fix missed fields in EVP_PKEY_meth_copy.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11514)

4 years agoPrepare for 3.0 alpha 4
Matt Caswell [Thu, 4 Jun 2020 13:58:20 +0000 (14:58 +0100)]
Prepare for 3.0 alpha 4

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
4 years agoPrepare for release of 3.0 alpha 3 openssl-3.0.0-alpha3
Matt Caswell [Thu, 4 Jun 2020 13:56:40 +0000 (14:56 +0100)]
Prepare for release of 3.0 alpha 3

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
4 years agoUpdate copyright year
Matt Caswell [Thu, 4 Jun 2020 13:33:57 +0000 (14:33 +0100)]
Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)

4 years agoossl_shim: const cast the param arguments to avoid errors
Pauli [Wed, 3 Jun 2020 08:42:36 +0000 (18:42 +1000)]
ossl_shim: const cast the param arguments to avoid errors

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12022)

4 years agoFix a buffer overflow in drbg_ctr_generate
Bernd Edlinger [Tue, 2 Jun 2020 09:52:24 +0000 (11:52 +0200)]
Fix a buffer overflow in drbg_ctr_generate

This can happen if the 32-bit counter overflows
and the last block is not a multiple of 16 bytes.

Fixes #12012

[extended tests]

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/12016)

4 years agoUpdate manpage to fix examples, other minor tweaks
Rich Salz [Mon, 27 Apr 2020 16:57:01 +0000 (12:57 -0400)]
Update manpage to fix examples, other minor tweaks

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)

4 years agoCleanup cert config files for tests
Rich Salz [Wed, 4 Mar 2020 19:08:31 +0000 (14:08 -0500)]
Cleanup cert config files for tests

Merge test/P[12]ss.cnf into one config file
Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf
Remove Netscape cert extensions, add keyUsage comment from some cnf files

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11347)

4 years agoossl_shim: include core_names.h to resolve undeclared symbols
Pauli [Tue, 2 Jun 2020 13:10:06 +0000 (23:10 +1000)]
ossl_shim: include core_names.h to resolve undeclared symbols

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/12018)

4 years agoTEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()
Richard Levitte [Mon, 18 May 2020 06:35:29 +0000 (08:35 +0200)]
TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)

4 years agoPEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs
Richard Levitte [Mon, 18 May 2020 06:32:28 +0000 (08:32 +0200)]
PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs

PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(),
PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected
by this.

Fixes #11845

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11855)

4 years agofix a docs typo
Jack O'Connor [Thu, 28 May 2020 16:42:15 +0000 (12:42 -0400)]
fix a docs typo

Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist.

CLA: trivial

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11988)

4 years agoPrevent extended tests run unexpectedly in appveyor
Bernd Edlinger [Thu, 28 May 2020 09:20:50 +0000 (11:20 +0200)]
Prevent extended tests run unexpectedly in appveyor

Reason turns out that "git log -2" is picking up a merge
commit and a random commit message from the master branch.

Restore the expected behavior by using
git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11981)

4 years agoMove EC_METHOD to internal-only
Billy Brumley [Wed, 27 May 2020 10:30:04 +0000 (13:30 +0300)]
Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)

4 years agoAPPS: Remove make_config_name, use CONF_get1_default_config_file instead
Richard Levitte [Thu, 28 May 2020 11:53:48 +0000 (13:53 +0200)]
APPS: Remove make_config_name, use CONF_get1_default_config_file instead

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11983)

4 years agoRemove getenv(OPENSSL_FIPS) in openssl command
Bernd Edlinger [Sat, 30 May 2020 07:57:29 +0000 (09:57 +0200)]
Remove getenv(OPENSSL_FIPS) in openssl command

This is left over from the past.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11995)

4 years agoRevert the check for NaN in %f format
Bernd Edlinger [Sun, 31 May 2020 05:51:23 +0000 (07:51 +0200)]
Revert the check for NaN in %f format

Unfortunately -Ofast seems to break that check.

Fixes #11994

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12003)

4 years agoundeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations
Tim Hudson [Mon, 1 Jun 2020 09:52:23 +0000 (19:52 +1000)]
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)

4 years agoMake BIO_do_connect() and friends handle multiple IP addresses
Dr. David von Oheimb [Wed, 27 May 2020 10:16:53 +0000 (12:16 +0200)]
Make BIO_do_connect() and friends handle multiple IP addresses

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11971)

4 years agoadd FFDH to speed command
Hubert Kario [Sat, 18 Jan 2020 18:13:02 +0000 (19:13 +0100)]
add FFDH to speed command

the openssl speed command could not benchmark FFDH speed, but it could
benchmark ECDH, making comparisons between the two hard

this commit adds this feature

fixes #9475

Signed-off-by: Hubert Kario <hubert@kario.pl>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10887)

4 years agobio printf: Avoid using rounding errors in range check
Bernd Edlinger [Mon, 25 May 2020 18:13:47 +0000 (20:13 +0200)]
bio printf: Avoid using rounding errors in range check

There is a problem casting ULONG_MAX to double which clang-10 is warning about.
ULONG_MAX typically cannot be exactly represented as a double.  ULONG_MAX + 1
can be and this fix uses the latter, however since ULONG_MAX cannot be
represented exactly as a double number we subtract 65535 from this number,
and the result has at most 48 leading one bits, and can therefore be
represented as a double integer without rounding error.  By adding
65536.0 to this number we achive the correct result, which should avoid the
warning.

The addresses a symptom of the underlying problem: we print doubles via an
unsigned long integer.  Doubles have a far greater range and should be printed
better.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11955)

4 years agoDOCS: add openssl-core_names.h(7)
Richard Levitte [Tue, 26 May 2020 12:26:30 +0000 (14:26 +0200)]
DOCS: add openssl-core_names.h(7)

A CAVEATS section is present in this manual.  That section name is
borrowed from OpenBSD, where mdoc(7) explains it like this:

    CAVEATS
    Common misuses and misunderstandings should be explained in this
    section.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)

4 years agoDOCS: add openssl-core_numbers.h(7)
Richard Levitte [Tue, 26 May 2020 12:25:44 +0000 (14:25 +0200)]
DOCS: add openssl-core_numbers.h(7)

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11963)

4 years agoEVP_EncryptInit.pod: fix example
Patrick Steuer [Wed, 27 May 2020 14:32:43 +0000 (16:32 +0200)]
EVP_EncryptInit.pod: fix example

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11976)

4 years agoRSA: Do not set NULL OAEP labels
Benjamin Kaduk [Fri, 22 May 2020 18:13:24 +0000 (11:13 -0700)]
RSA: Do not set NULL OAEP labels

As of the previous commit, when a zero-length (string) parameter
is present in the parameters passed to a provider for a given operation,
we will produce an object corresponding to that zero-length parameter,
indicating to the underlying cryptographic operation that the parameter
was passed.  However, rsa_cms_decrypt() was relying on the previous
behavior, and unconditionally tried to call
EVP_PKEY_CTX_set0_rsa_oaep_label() even when the implicit default label
was used (and thus the relevant local variable was still NULL).
In the new setup that distinguishes present-but-empty and absent
more clearly, it is an error to attempt to set a NULL parameter,
even if it is zero-length.

Exercise more caution when setting parameters, and do not call
EVP_PKEY_CTX_set0_rsa_oaep_label() when there is not actually a
label provided.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agoparams: do not ignore zero-length strings
Benjamin Kaduk [Thu, 21 May 2020 21:10:50 +0000 (14:10 -0700)]
params: do not ignore zero-length strings

Prior to this commit, if a string (or octet string) parameter
was present but indicated it was zero-length, we would return success
but with a NULL output value.  This can be problematic in cases where
there is a protocol-level distinction between parameter-absent and
parameter-present-but-zero-length, which is uncommon but can happen.

Since OPENSSL_malloc() returns NULL for zero-length allocation requests,
make a dummy allocation for this case, to give a signal that the string
parameter does exist but has zero length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agotest HKDF with empty IKM
Benjamin Kaduk [Thu, 21 May 2020 19:53:59 +0000 (12:53 -0700)]
test HKDF with empty IKM

Add an extra EVP test that provides empty input key material.  It
currently fails, since we lose the information about "key present but
zero length" as we deserialize parameters in the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11920)

4 years agoAdd a test for fetching EVP_PKEY style algs without a provider
Matt Caswell [Thu, 14 May 2020 10:33:01 +0000 (11:33 +0100)]
Add a test for fetching EVP_PKEY style algs without a provider

Following on from the previous commit, add a test to check that we fail
to create an EVP_PKEY_CTX if an algorithm is not available in any provider,
*unless* it is an algorithm that has no provider support.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)

4 years agoFail if we fail to fetch the EVP_KEYMGMT
Matt Caswell [Wed, 13 May 2020 16:17:35 +0000 (17:17 +0100)]
Fail if we fail to fetch the EVP_KEYMGMT

If we failed to fetch an EVP_KEYMGMT then we were falling back to legacy.
This is because some algorithms (such as MACs and KDFs used via an old
style EVP_PKEY) have not been transferred to providers.

Unfortunately this means that you cannot stop some algorithms from being
used by not loading the provider.

For example if you wanted to prevent RSA from being used, you might expect
to just not load any providers that make it available. Unfortunately that
doesn't work because we simply fall back to legacy if we fail to fetch
the EVP_KEYMGMT.

Instead we should fail *unless* the key type is one of those legacy key
types that we have not transferred.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11826)

4 years agoUpdate gost-engine commit to match the API changes
Dmitry Belyavskiy [Wed, 27 May 2020 10:03:04 +0000 (13:03 +0300)]
Update gost-engine commit to match the API changes

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11970)

4 years agoutil/mkpod2html.pl: Fix unbalanced quotes
Richard Levitte [Wed, 27 May 2020 08:09:04 +0000 (10:09 +0200)]
util/mkpod2html.pl: Fix unbalanced quotes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11969)

4 years agoFix errtest for older compilers
Shane Lontis [Wed, 27 May 2020 02:10:52 +0000 (12:10 +1000)]
Fix errtest for older compilers

Some older compilers use "unknown function" if they dont support __func, so the
test using ERR_PUT_error needed to compensate for this when comparing against the
expected value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11967)

4 years agoossl_shim: use the correct ticket key call back.
Pauli [Tue, 26 May 2020 21:26:46 +0000 (07:26 +1000)]
ossl_shim: use the correct ticket key call back.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11966)

4 years agofips: add AES OFB mode ciphers to FIPS provider.
Pauli [Sat, 23 May 2020 00:20:46 +0000 (10:20 +1000)]
fips: add AES OFB mode ciphers to FIPS provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11908)

4 years agofips: add AES CFB mode ciphers to FIPS provider.
Pauli [Fri, 22 May 2020 09:30:52 +0000 (19:30 +1000)]
fips: add AES CFB mode ciphers to FIPS provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11908)

4 years agoAvoid undefined behavior with unaligned accesses
Bernd Edlinger [Tue, 24 Apr 2018 19:10:13 +0000 (21:10 +0200)]
Avoid undefined behavior with unaligned accesses

Fixes: #4983

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/6074)

4 years agoRename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_para...
Dr. David von Oheimb [Mon, 25 May 2020 11:17:51 +0000 (13:17 +0200)]
Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11953)

4 years agocrypto/cms: add CAdES-BES signed attributes validation
FdaSilvaYY [Wed, 12 Jun 2019 17:52:39 +0000 (19:52 +0200)]
crypto/cms: add CAdES-BES signed attributes validation

for signing certificate V2 and signing certificate extensions.

CAdES: lowercase name for now internal methods.

crypto/cms: generated file changes.

Add some CHANGES entries.

[extended tests]

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8098)

4 years agoPROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP
Richard Levitte [Tue, 26 May 2020 08:05:01 +0000 (10:05 +0200)]
PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP

Fixes #11904

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11959)

4 years agodoc: fix trace category names
Dr. Matthias St. Pierre [Sun, 10 May 2020 00:42:58 +0000 (02:42 +0200)]
doc: fix trace category names

The `ENGINE_CONF` and `PROVIDER_CONF` trace categories were merged
into a single `CONF` category (see bc362b9b7202 and 71849dff56d6).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11806)

4 years agoClean up some doc nits
Rich Salz [Thu, 21 May 2020 21:21:27 +0000 (17:21 -0400)]
Clean up some doc nits

Mostly "No items in =over/=back list"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11902)

4 years agoFix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it
Dr. David von Oheimb [Thu, 21 May 2020 08:37:22 +0000 (10:37 +0200)]
Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it

Fixes #11870

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)

4 years agoConstify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()
Dr. David von Oheimb [Sun, 24 May 2020 16:28:06 +0000 (18:28 +0200)]
Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11894)

4 years agoPROV: Fix RSA-OAEP memory leak
Richard Levitte [Sat, 23 May 2020 15:34:07 +0000 (17:34 +0200)]
PROV: Fix RSA-OAEP memory leak

The OAEP label wasn't freed when the operation context was freed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11927)

4 years agoUpdate core_names.h fields and document most fields.
Shane Lontis [Tue, 26 May 2020 03:53:07 +0000 (13:53 +1000)]
Update core_names.h fields and document most fields.

Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC.
Added some strings values related to RSA keys.
Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file.
Updated Keyexchange and signature code and docs.
Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod.
Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it.

Added some usage examples. As a result of the usage examples the following change was also made:
ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11610)

4 years agoFix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_s...
Shane Lontis [Tue, 26 May 2020 02:44:36 +0000 (12:44 +1000)]
Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod

Fixes #11743

The ouput format had 2 issues that caused it not to match the expected documented format:
(1) At some point the thread id printing was changed to use the OPENSSL_hex2str method which puts ':' between hex bytes.
    An internal function that skips the seperator has been added.
(2) The error code no longer exists. So this was completely removed from the string. It is now replaced by ::

As an example:
  00:77:6E:52:14:7F:00:00:error:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:
Is now:
  00776E52147F0000:error::asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1135:

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11789)

4 years agoossl_shim: add deprecation guards around the -use-ticket-callback option.
Pauli [Sun, 24 May 2020 22:40:20 +0000 (08:40 +1000)]
ossl_shim: add deprecation guards around the -use-ticket-callback option.

The ticket callback is deprecated in 3.0 and can't be used in a no-deprecated
build.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11944)

4 years agoCoverity 1463830: Resource leaks (RESOURCE_LEAK)
Pauli [Sun, 24 May 2020 21:43:45 +0000 (07:43 +1000)]
Coverity 1463830: Resource leaks (RESOURCE_LEAK)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11941)

4 years agoUpdate the gost-engine submodule
Dmitry Belyavskiy [Mon, 25 May 2020 09:45:37 +0000 (12:45 +0300)]
Update the gost-engine submodule

Fixes #11949
[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11951)

4 years agoFix omissions in providers/common/der/build.info
Richard Levitte [Fri, 22 May 2020 08:17:55 +0000 (10:17 +0200)]
Fix omissions in providers/common/der/build.info

Dependencies on generated files must be declared explicitly.  When
refactoring the DER code in providers/common/der, a few of those
dependency declaration were omitted, which may lead to build errors in
a parallel build.

Some cleanup and extensive used of build.info variables is done while
at it, to avoid unnecessary repetition.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11906)

4 years agoDrop special case of time interval calculation for VMS
Tomas Mraz [Fri, 22 May 2020 08:14:04 +0000 (10:14 +0200)]
Drop special case of time interval calculation for VMS

The existing special case code is broken and it is not needed
anymore as times() and _SC_CLK_TCK should be supported
on the supported VMS versions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)

4 years agoRevert "Guard use of struct tms with #ifdef __TMS"
Tomas Mraz [Fri, 22 May 2020 08:07:43 +0000 (10:07 +0200)]
Revert "Guard use of struct tms with #ifdef __TMS"

The __TMS might be necessary on VMS however there is no such
define on glibc even though the times() function is fully
supported.

Fixes #11903

This reverts commit db71d315479762eefbf2bcda8be3b44b1867133f.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11905)

4 years agoFix auto-gen names in .gitignore
Rich Salz [Fri, 22 May 2020 15:21:11 +0000 (11:21 -0400)]
Fix auto-gen names in .gitignore

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11916)

4 years agos_client: Fix -proxy flag regression
Marc [Wed, 20 May 2020 00:25:10 +0000 (01:25 +0100)]
s_client: Fix -proxy flag regression

s_client: connection via an HTTP proxy broke somewhere prior to openssl-3.0.0-alpha2.

openssl s_client -connect <target> -proxy <proxy_host:proxy_port>
Results in s_client making a TCP connection to proxy_host:proxy_port and then issuing an HTTP CONNECT to the proxy, instead of the target.

Fixes https://github.com/openssl/openssl/issues/11879

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11880)

4 years agoFix coverity issues in EC after #11807
Nicola Tuveri [Fri, 22 May 2020 16:50:17 +0000 (19:50 +0300)]
Fix coverity issues in EC after #11807

This should fix 2 issues detected by Coverity and introduced with
https://github.com/openssl/openssl/pull/11807

- CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
- CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)

In practice the tests seem to show that they both aren't real issues,
yet I believe this small change should appease the scanner and at the
same time improve clarity for the reader.

Here is the original report:

```
** CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)

________________________________________________________________________________________________________
*** CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118         if (group->meth->mul != NULL)
1119             ret = group->meth->mul(group, r, g_scalar, point != NULL
1120                                    && p_scalar != NULL, &point, &p_scalar, ctx);
1121         else
1122             /* use default */
   CID 1463577:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123             ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124                               && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126     #ifndef FIPS_MODULE
1127         BN_CTX_free(new_ctx);
1128     #endif

** CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)

________________________________________________________________________________________________________
*** CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118         if (group->meth->mul != NULL)
1119             ret = group->meth->mul(group, r, g_scalar, point != NULL
1120                                    && p_scalar != NULL, &point, &p_scalar, ctx);
1121         else
1122             /* use default */
   CID 1463573:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123             ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124                               && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126     #ifndef FIPS_MODULE
1127         BN_CTX_free(new_ctx);
1128     #endif
```

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11919)

4 years agoMove decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h
Dr. David von Oheimb [Fri, 22 May 2020 12:42:21 +0000 (14:42 +0200)]
Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h

fixes #11818

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11911)

4 years agoRe-introduce legacy EVP_PKEY types for provided keys
Richard Levitte [Fri, 22 May 2020 13:41:28 +0000 (15:41 +0200)]
Re-introduce legacy EVP_PKEY types for provided keys

EVP_PKEYs with provider side internal keys got the key type
EVP_PKEY_NONE.  This turned out to be too disruptive, so we try
instead to find a matching EVP_PKEY_ASN1_METHOD and use whatever
EVP_PKEY type it uses.

To make internal coding easier, we introduce a few internal macros to
distinguish what can be expected from a EVP_PKEY:

- evp_pkey_is_blank(), to detect an unassigned EVP_PKEY.
- evp_pkey_is_typed(), to detect that an EVP_PKEY has been assigned a
  type, which may be an old style type number or a EVP_KEYMGMT method.
- evp_pkey_is_assigned(), to detect that an EVP_PKEY has been assigned
  an key value.
- evp_pkey_is_legacy(), to detect that the internal EVP_PKEY key is a
  legacy one, i.e. will be handled via an EVP_PKEY_ASN1_METHOD and an
  EVP_PKEY_METHOD.
- evp_pkey_is_provided(), to detect that the internal EVP_PKEY key is
  a provider side one, i.e. will be handdled via an EVP_KEYMGMT and
  other provider methods.

This also introduces EVP_PKEY_KEYMGMT, to indicate that this EVP_PKEY
contains a provider side key for which there are no known
EVP_PKEY_ASN1_METHODs or EVP_PKEY_METHODs, i.e. these can only be
handled via EVP_KEYMGMT and other provider methods.

Fixes #11823

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11913)

4 years agoGOST external tests
Dmitry Belyavskiy [Mon, 11 May 2020 14:08:48 +0000 (17:08 +0300)]
GOST external tests

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11792)

4 years agoFix the parameter types of the CRYPTO_EX_dup function type.
Bernd Edlinger [Mon, 20 Mar 2017 16:29:28 +0000 (17:29 +0100)]
Fix the parameter types of the CRYPTO_EX_dup function type.

This fixes a strict aliasing issue in ui_dup_method_data.

The parameter type of CRYPTO_EX_dup's from_d parameter
is in fact void **, since it points to a pointer.

This function is rarely used, therefore fix the param type
although that may be considered an API breaking change.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2986)

4 years agoAdjust length of some strncpy() calls
Nicola Tuveri [Tue, 19 May 2020 17:36:44 +0000 (19:36 +0200)]
Adjust length of some strncpy() calls

This fixes warnings detected by -Wstringop-truncation.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11878)

4 years agoPrevent use after free of global_engine_lock
Tomas Mraz [Thu, 21 May 2020 11:16:57 +0000 (13:16 +0200)]
Prevent use after free of global_engine_lock

If buggy application calls engine functions after cleanup of engines
already happened the global_engine_lock will be used although
already freed.

See for example:
https://bugzilla.redhat.com/show_bug.cgi?id=1831086

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11896)

4 years agoCoverity 1463571: Null pointer dereferences (FORWARD_NULL)
Pauli [Thu, 21 May 2020 03:44:01 +0000 (13:44 +1000)]
Coverity 1463571: Null pointer dereferences (FORWARD_NULL)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463574: Null pointer dereferences (REVERSE_INULL)
Pauli [Thu, 21 May 2020 03:40:01 +0000 (13:40 +1000)]
Coverity 1463574: Null pointer dereferences (REVERSE_INULL)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463576: Error handling issues (CHECKED_RETURN)
Pauli [Thu, 21 May 2020 03:38:35 +0000 (13:38 +1000)]
Coverity 1463576: Error handling issues (CHECKED_RETURN)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoCoverity 1463258: Incorrect expression (EVALUATION_ORDER)
Pauli [Thu, 21 May 2020 03:18:42 +0000 (13:18 +1000)]
Coverity 1463258: Incorrect expression (EVALUATION_ORDER)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/11892)

4 years agoThere is no -signreq option in CA.pl
mettacrawler [Tue, 19 May 2020 15:53:24 +0000 (11:53 -0400)]
There is no -signreq option in CA.pl

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11876)

4 years agoSTORE: Make try_decode_PrivateKey() ENGINE aware
Richard Levitte [Tue, 19 May 2020 13:42:07 +0000 (15:42 +0200)]
STORE: Make try_decode_PrivateKey() ENGINE aware

This function only considered the built-in and application
EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
through all loaded engines, using whatever table of methods they each
have.

Fixes #11861

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11872)

4 years agorsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|
Richard Levitte [Tue, 19 May 2020 10:52:07 +0000 (12:52 +0200)]
rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md|

In the FIPS module, the code as written generate an unconditional
error.

Fixes #11865

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11869)

4 years agoRefactor the provider side DER constants and writers
Richard Levitte [Tue, 19 May 2020 08:43:49 +0000 (10:43 +0200)]
Refactor the provider side DER constants and writers

This splits up all the providers/common/der/*.c.in so the generated
portion is on its own and all related DER writing routines are in
their own files.  This also ensures that the DIGEST consstants aren't
reproduced in several files (resulting in symbol clashes).

Finally, the production of OID macros is moved to the generated header
files, allowing other similar macros, or DER constant arrays, to be
built on top of them.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11868)

4 years agodeprecate EC_POINT_make_affine and EC_POINTs_make_affine
Billy Brumley [Tue, 19 May 2020 14:48:36 +0000 (17:48 +0300)]
deprecate EC_POINT_make_affine and EC_POINTs_make_affine

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11874)

4 years agot1_trce: Fix remaining places where the 24 bit shift overflow happens
Tomas Mraz [Tue, 19 May 2020 08:52:53 +0000 (10:52 +0200)]
t1_trce: Fix remaining places where the 24 bit shift overflow happens

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoAvoid potential overflow to the sign bit when shifting left 24 places
Tomas Mraz [Tue, 19 May 2020 08:51:53 +0000 (10:51 +0200)]
Avoid potential overflow to the sign bit when shifting left 24 places

Although there are platforms where int is 64 bit, 2GiB large BIGNUMs
instead of 4GiB should be "big enough for everybody".

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoCast the unsigned char to unsigned int before shifting left
Tomas Mraz [Tue, 19 May 2020 08:51:19 +0000 (10:51 +0200)]
Cast the unsigned char to unsigned int before shifting left

This is needed to avoid automatic promotion to signed int.

Fixes #11853

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

4 years agoFix egd and devrandom source configs
Bernd Edlinger [Sun, 17 May 2020 00:08:56 +0000 (02:08 +0200)]
Fix egd and devrandom source configs

./config --with-rand-seed=egd

need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD
so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD)

./config --with-rand-seed=devrandom

does not work since wait_random_seeded works under the assumption
that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well,
that is usually the case, but not when only devrandom is enabled.
Skip the wait code in this special case.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11848)

4 years agoAdd OSSL_PROVIDER_do_all()
Richard Levitte [Mon, 18 May 2020 10:43:12 +0000 (12:43 +0200)]
Add OSSL_PROVIDER_do_all()

This allows applications to iterate over all loaded providers.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11858)

4 years agoUpdate early data exchange scenarios in doc
raja-ashok [Wed, 13 May 2020 18:07:14 +0000 (23:37 +0530)]
Update early data exchange scenarios in doc

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

4 years agoUpdate limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
raja-ashok [Wed, 13 May 2020 18:02:44 +0000 (23:32 +0530)]
Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

4 years agoTest for the SSL_OP_IGNORE_UNEXPECTED_EOF option
Dmitry Belyavskiy [Fri, 15 May 2020 20:03:41 +0000 (23:03 +0300)]
Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)

4 years agoIntroducing option SSL_OP_IGNORE_UNEXPECTED_EOF
Dmitry Belyavskiy [Tue, 5 May 2020 13:20:42 +0000 (16:20 +0300)]
Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF

Partially fixes #11209.

Before OpenSSL 3.0 in case when peer does not send close_notify,
the behaviour was to set SSL_ERROR_SYSCALL error with errno 0.
This behaviour has changed. The SSL_OP_IGNORE_UNEXPECTED_EOF restores
the old behaviour for compatibility's sake.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11735)

4 years agoUse {module,install}-mac, not -checksum
Rich Salz [Fri, 24 Apr 2020 14:48:51 +0000 (10:48 -0400)]
Use {module,install}-mac, not -checksum

As the documentation points out, these fipsmodule.cnf fields are a MAC,
not a digest or checksum.  Rename them to be correct.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise fips_install.pod
Rich Salz [Fri, 20 Mar 2020 15:10:15 +0000 (11:10 -0400)]
Revise fips_install.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise x509v3_config.pod
Rich Salz [Fri, 20 Mar 2020 01:53:11 +0000 (21:53 -0400)]
Revise x509v3_config.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoRevise fips_config.pod
Rich Salz [Thu, 19 Mar 2020 14:19:41 +0000 (10:19 -0400)]
Revise fips_config.pod

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

4 years agoAdd missing pragma weak declaration to lhash.h
Norm Green [Tue, 12 May 2020 00:22:47 +0000 (17:22 -0700)]
Add missing pragma weak declaration to lhash.h

The missing symbol caused a linker failure on solaris x86_64.

Fixes #11796

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11798)

4 years agodeprecate EC precomputation functionality
Billy Brumley [Sun, 17 May 2020 13:09:00 +0000 (16:09 +0300)]
deprecate EC precomputation functionality

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11851)

4 years agoNew Russian TLS 1.2 implementation
Dmitry Belyavskiy [Mon, 30 Mar 2020 15:09:24 +0000 (18:09 +0300)]
New Russian TLS 1.2 implementation

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)

4 years agoGOST-related objects changes
Dmitry Belyavskiy [Fri, 8 May 2020 11:17:11 +0000 (14:17 +0300)]
GOST-related objects changes

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11442)