oweals/openssl.git
5 years agoCoverity CID 1444963: Null pointer dereferences
Pauli [Tue, 7 May 2019 00:18:29 +0000 (10:18 +1000)]
Coverity CID 1444963: Null pointer dereferences

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)

5 years agoReject obviously invalid DSA parameters during signing
Matt Caswell [Fri, 3 May 2019 14:56:08 +0000 (15:56 +0100)]
Reject obviously invalid DSA parameters during signing

Fixes #8875

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)

5 years agossl: Add SSL_sendfile
Boris Pismenny [Sat, 13 Apr 2019 14:20:35 +0000 (17:20 +0300)]
ssl: Add SSL_sendfile

This commit adds the SSL_sendfile call, which allows KTLS sockets to
transmit file using zero-copy semantics.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)

5 years agoLinux ktls sendfile
Boris Pismenny [Thu, 11 Apr 2019 13:24:42 +0000 (16:24 +0300)]
Linux ktls sendfile

This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and authenticate the data.
KTLS sendfile improves performance by avoiding the copy of file data into user
space, which is required today.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)

5 years agoman: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)
Dr. Matthias St. Pierre [Tue, 7 May 2019 09:59:11 +0000 (11:59 +0200)]
man: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8893)

5 years agoChange the digest string from "md" to "digest"
Simo Sorce [Thu, 18 Apr 2019 12:26:29 +0000 (08:26 -0400)]
Change the digest string from "md" to "digest"

Conform to other modules which were changed at the last minute and this
discrepancy was not noticed.
Retain "md" as an alias so not to break 3rd party backports/tests scripts.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8783)

5 years agoAdded generated files for EVP_KDF changes
Shane Lontis [Wed, 24 Apr 2019 00:06:54 +0000 (10:06 +1000)]
Added generated files for EVP_KDF changes

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)

5 years agoAdded EVP_KDF (similiar to the EVP_MAC)
Shane Lontis [Mon, 22 Apr 2019 07:18:56 +0000 (17:18 +1000)]
Added EVP_KDF (similiar to the EVP_MAC)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)

5 years agoAdd documentation for running unit tests under Valgrind
Todd Short [Thu, 2 May 2019 18:37:18 +0000 (14:37 -0400)]
Add documentation for running unit tests under Valgrind

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8867)

5 years agoUpdate internal documentation after global data move to OPENSSL_CTX
Matt Caswell [Thu, 2 May 2019 13:32:44 +0000 (14:32 +0100)]
Update internal documentation after global data move to OPENSSL_CTX

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)

5 years agoAdd some TODO notes into init.c
Matt Caswell [Thu, 2 May 2019 12:42:31 +0000 (13:42 +0100)]
Add some TODO notes into init.c

We should be seeking to move the OPENSSL_init_crypto and OPENSSL_cleanup
processing into OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)

5 years agoInstead of global data store it in an OPENSSL_CTX
Matt Caswell [Wed, 1 May 2019 10:02:43 +0000 (11:02 +0100)]
Instead of global data store it in an OPENSSL_CTX

Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)

5 years agoAdd support for openssl_ctx_run_once and openssl_ctx_onfree
Matt Caswell [Tue, 30 Apr 2019 14:15:48 +0000 (15:15 +0100)]
Add support for openssl_ctx_run_once and openssl_ctx_onfree

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)

5 years agoUse vxRandLib for VxWorks7
Klotz, Tobias [Tue, 19 Feb 2019 12:34:32 +0000 (13:34 +0100)]
Use vxRandLib for VxWorks7

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8023)

5 years agoopenssl cms: add error message if operation option is missing
Dr. Matthias St. Pierre [Thu, 2 May 2019 12:49:34 +0000 (14:49 +0200)]
openssl cms: add error message if operation option is missing

If the `openssl cms` command is called without specifying an
operation option, it replies with the following laconic error message:

    cms: Use -help for summary.

This commit adds a helpful error message:

    No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8861)

5 years agoTest: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Dr. Matthias St. Pierre [Thu, 2 May 2019 11:57:35 +0000 (13:57 +0200)]
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'

Since commit 137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)

5 years agoAllow setting RCFLAGS as Configure option or environment variable
Wojciech Kaluza [Sun, 21 Apr 2019 11:39:20 +0000 (12:39 +0100)]
Allow setting RCFLAGS as Configure option or environment variable

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)

5 years agoAdd RCFLAGS variable in Windows build file, and use it
Wojciech Kaluza [Sun, 21 Apr 2019 11:14:34 +0000 (12:14 +0100)]
Add RCFLAGS variable in Windows build file, and use it

- Allow user-defined RCFLAGS
- Pass RCFLAGS to RC

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)

5 years agoFix no-srp
Matt Caswell [Tue, 30 Apr 2019 12:49:25 +0000 (13:49 +0100)]
Fix no-srp

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8850)

5 years agop_get_params() [test/p_test.c]: clear the OSSL_PARAM buffers for every test
Richard Levitte [Tue, 30 Apr 2019 13:24:06 +0000 (15:24 +0200)]
p_get_params() [test/p_test.c]: clear the OSSL_PARAM buffers for every test

Fixes #8796

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8851)

5 years agogendsa: dsaparam: introduce -verbose option to enable output
Philip Prindeville [Thu, 9 Aug 2018 21:19:19 +0000 (15:19 -0600)]
gendsa: dsaparam: introduce -verbose option to enable output

Other commands like 'req' support -verbose, so why not gendsa and dsaparam?

Part of a larger and more ambitious effort to add -verbose to all apps
that might be used in scripts and need to otherwise run silently (well,
without belching out anything that isn't a warning or error... which ties
into a later scrub of using STDOUT were appropriate for informative
messages instead of STDERR)... so that scripts also have the option of
doing >/dev/null without losing anything critical.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6908)

5 years agogenrsa: introduce -verbose option to enable output
Philip Prindeville [Wed, 8 Aug 2018 17:51:23 +0000 (11:51 -0600)]
genrsa: introduce -verbose option to enable output

Other commands like 'req' support -verbose, so why not genrsa?

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6897)

5 years agoStructure alignment macro.
Pauli [Tue, 30 Apr 2019 10:36:16 +0000 (20:36 +1000)]
Structure alignment macro.

Introduce a macro that allows all structure alignment tricks to be rolled up
into a single place.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8845)

5 years agoReplumbing: give the possibility for the provider to create a context
Richard Levitte [Tue, 30 Apr 2019 11:41:51 +0000 (13:41 +0200)]
Replumbing: give the possibility for the provider to create a context

OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context.  It's entirely up to the provider to
define the context and what it's being used for.  This pointer is
passed back to other provider functions, typically the provider global
get_params and set_params functions, and also the diverse algorithm
context creators, and of course, the teardown function.

With this, a provider can be instantiated more than once, or be
re-loaded as the case may be, while maintaining instance state.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8848)

5 years agoReplumbing: make the oneshot proider cipher function like the others
Richard Levitte [Tue, 30 Apr 2019 12:01:52 +0000 (14:01 +0200)]
Replumbing: make the oneshot proider cipher function like the others

The OP_cipher_final function takes a return output size and an output
buffer size argument.  The oneshot OP_cipher_cipher function should do
the same.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8849)

5 years agoFIPS: Fix compiler errors in rsa_chk.c when building with `-DFIPS_MODE`
Dr. Matthias St. Pierre [Mon, 29 Apr 2019 17:12:38 +0000 (19:12 +0200)]
FIPS: Fix compiler errors in rsa_chk.c when building with `-DFIPS_MODE`

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8843)

5 years agoConfigure: process shared-info.pl later
Richard Levitte [Tue, 30 Apr 2019 08:33:55 +0000 (10:33 +0200)]
Configure: process shared-info.pl later

The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8846)

5 years agoSquashed commit of the following:
Pauli [Tue, 30 Apr 2019 03:43:19 +0000 (13:43 +1000)]
Squashed commit of the following:

Digest stored entropy for CRNG test.

Via the FIPS lab, NIST confirmed:

    The CMVP had a chance to discuss this inquiry and we agree that
    hashing the NDRNG block does meet the spirit and letter of AS09.42.

    However, the CMVP did have a few questions: what hash algorithm would
    be used in this application? Is it approved? Is it CAVs tested?

SHA256 is being used here and it will be both approved and CAVs tested.

This means that no raw entropy needs to be kept between RNG seedings, preventing
a potential attack vector aganst the randomness source and the DRBG chains.

It also means the block of secure memory allocated for this purpose is no longer
required.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8790)

5 years agoCollapse ssl3_state_st (s3) into ssl_st
Todd Short [Wed, 12 Dec 2018 18:09:50 +0000 (13:09 -0500)]
Collapse ssl3_state_st (s3) into ssl_st

With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.

This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)

5 years agoCopy RSA-PSS saltlen in EVP_PKEY_CTX_dup.
David Benjamin [Tue, 16 Apr 2019 03:36:40 +0000 (22:36 -0500)]
Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup.

pkey_rsa_copy was missing a field. Test this by repeating the operation
through an EVP_PKEY_CTX_dup copy in evp_test.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8759)

5 years agos390x assembly pack: remove poly1305 dependency on non-base memnonics
Patrick Steuer [Mon, 25 Mar 2019 17:23:59 +0000 (18:23 +0100)]
s390x assembly pack: remove poly1305 dependency on non-base memnonics

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)

5 years agos390x assembly pack: remove chacha20 dependency on non-base memnonics
Patrick Steuer [Mon, 25 Mar 2019 17:22:02 +0000 (18:22 +0100)]
s390x assembly pack: remove chacha20 dependency on non-base memnonics

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)

5 years agos390x assembly pack: update perlasm module
Patrick Steuer [Mon, 25 Mar 2019 17:20:27 +0000 (18:20 +0100)]
s390x assembly pack: update perlasm module

Add non-base instructions which are used by the chacha20 and
poly1305 modules.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)

5 years agos390x assembly pack: allow alignment hints for vector load/store
Patrick Steuer [Thu, 7 Feb 2019 15:44:05 +0000 (16:44 +0100)]
s390x assembly pack: allow alignment hints for vector load/store

z14 introduced alignment hints to help vector load/store
performance. For its predecessors, alignment hint defaults
to 0 (no alignment indicated).

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)

5 years agoStatistically test BN_rand_range().
Pauli [Wed, 24 Apr 2019 01:24:11 +0000 (11:24 +1000)]
Statistically test BN_rand_range().

Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)

5 years agoFix error in BIO_get_ktls_send() and BIO_get_ktls_recv()
Matt Caswell [Fri, 19 Apr 2019 12:55:08 +0000 (13:55 +0100)]
Fix error in BIO_get_ktls_send() and BIO_get_ktls_recv()

If we were using a different type of BIO than a socket BIO then
BIO_get_ktls_send() and BIO_get_ktls_recv() could return the wrong
result.

The above occurred even if KTLS was disabled at compile time - so we should
additionally ensure that those macros do nothing if KTLS is disabled.

Finally we make the logic in ssl3_get_record() a little more robust when
KTLS has been disabled.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8793)

5 years agoFix KTLS compilation error
Matt Caswell [Fri, 19 Apr 2019 12:53:56 +0000 (13:53 +0100)]
Fix KTLS compilation error

If the kernel headers are sufficiently recent to have KTLS transmit
support, but not recent enough to have KTLS receive support then a
compilation error would be the result.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8793)

5 years agoEnforce a strict output length check in CRYPTO_ccm128_tag
Guido Vranken [Mon, 22 Apr 2019 12:11:12 +0000 (14:11 +0200)]
Enforce a strict output length check in CRYPTO_ccm128_tag

Return error if the output tag buffer size doesn't match
the tag size exactly. This prevents the caller from
using that portion of the tag buffer that remains
uninitialized after an otherwise succesfull call to
CRYPTO_ccm128_tag.

Bug found by OSS-Fuzz.

Fix suggested by Kurt Roeckx.

Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8810)

5 years agodoc: Get rid of unrelated reference to DSA_new()
Jakub Jelen [Thu, 18 Apr 2019 14:09:45 +0000 (16:09 +0200)]
doc: Get rid of unrelated reference to DSA_new()

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8786)

5 years agoadded openssl app 'kdf' and 'mac' to the NEWS and CHANGES docs
Shane Lontis [Tue, 23 Apr 2019 09:17:40 +0000 (19:17 +1000)]
added openssl app 'kdf' and 'mac' to the NEWS and CHANGES docs

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8762)

5 years agoAdded app for EVP_KDF
Shane Lontis [Tue, 16 Apr 2019 10:10:04 +0000 (20:10 +1000)]
Added app for EVP_KDF

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8762)

5 years agoRecognise clang -fsanitize options and translate them
Richard Levitte [Wed, 17 Apr 2019 20:30:03 +0000 (22:30 +0200)]
Recognise clang -fsanitize options and translate them

Because we depend on knowing if clang's address, memory or undefinedbehavior
sanitizers are enabled, we make an extra effort to detect them among the
C flags, and adjust the %disabled values accordingly.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8778)

5 years agoAdd a way for the application to get OpenSSL configuration data
Richard Levitte [Tue, 9 Apr 2019 12:39:54 +0000 (14:39 +0200)]
Add a way for the application to get OpenSSL configuration data

OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for
display, but if all you really want is the directory itself, you were
forced to parsed the string.

This introduces a new function to get diverse configuration data from
the library, OPENSSL_info().  This works the same way as
OpenSSL_version(), but has its own series of types, currently
including:

OPENSSL_INFO_CONFIG_DIR         returns OPENSSLDIR
OPENSSL_INFO_ENGINES_DIR        returns ENGINESDIR
OPENSSL_INFO_MODULES_DIR        returns MODULESDIR
OPENSSL_INFO_DSO_EXTENSION      returns DSO_EXTENSION

OPENSSL_INFO_DIR_FILENAME_SEPARATOR     returns directory/filename separator
OPENSSL_INFO_LIST_SEPARATOR             returns list separator

For scripting purposes, this also adds the command 'openssl info'.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)

5 years agoAdd the possibility to display and use MODULESDIR
Richard Levitte [Tue, 9 Apr 2019 12:33:29 +0000 (14:33 +0200)]
Add the possibility to display and use MODULESDIR

This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the
flag '-m' for 'openssl version'.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)

5 years agoConfigure: make disabling stuff easier and safer
Richard Levitte [Tue, 23 Apr 2019 07:41:19 +0000 (09:41 +0200)]
Configure: make disabling stuff easier and safer

Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.

Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

5 years agoConfigure: recognise -static even if given through variables
Richard Levitte [Tue, 23 Apr 2019 07:29:45 +0000 (09:29 +0200)]
Configure: recognise -static even if given through variables

Fixes #8787

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

5 years agoConfigure: merge all of %user and %useradd into %config earlier
Richard Levitte [Tue, 23 Apr 2019 07:24:38 +0000 (09:24 +0200)]
Configure: merge all of %user and %useradd into %config earlier

This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

5 years agoIf key or iv is NULL set the respective length to 0
Matt Caswell [Fri, 19 Apr 2019 15:48:09 +0000 (16:48 +0100)]
If key or iv is NULL set the respective length to 0

[extended tests]

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8794)

5 years agoFix EVP_CIPHER_CTX_rand_key()
Matt Caswell [Fri, 19 Apr 2019 15:21:10 +0000 (16:21 +0100)]
Fix EVP_CIPHER_CTX_rand_key()

Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key().
Now that ciphers may come from providers we need to make sure we ask the
provider for the value if appropriate.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8794)

5 years agoFix no-ec2m
Matt Caswell [Fri, 19 Apr 2019 10:17:44 +0000 (11:17 +0100)]
Fix no-ec2m

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8792)

5 years agoFix bug in entropy gathering.
Pauli [Fri, 19 Apr 2019 06:23:23 +0000 (16:23 +1000)]
Fix bug in entropy gathering.

This only impacts FIPS mode or someone who has enabled the FIPS 140.2
4.9.2 Conditional Tests.  i.e. nobody currently.

Fix a significant issue in the entropy gathering for the continuous RNG
testing.  The impact is using an uninitialised buffer instead of the gathered
entropy.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8789)

5 years agoCheck if num is 0 before trying to malloc memory. Otherwise for client hellos without...
dyrock [Mon, 15 Apr 2019 16:01:58 +0000 (11:01 -0500)]
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)

5 years agoAdd some more test vectors for ChaCha20
Matt Caswell [Thu, 18 Apr 2019 09:55:11 +0000 (10:55 +0100)]
Add some more test vectors for ChaCha20

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)

5 years agoClarify the documentation on the use of ChaCha20
Matt Caswell [Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)]
Clarify the documentation on the use of ChaCha20

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)

5 years agoCreate provider errors and use them
Matt Caswell [Thu, 18 Apr 2019 16:43:05 +0000 (17:43 +0100)]
Create provider errors and use them

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoFix the S390X support for the basic AES ciphers
Matt Caswell [Tue, 16 Apr 2019 14:37:23 +0000 (15:37 +0100)]
Fix the S390X support for the basic AES ciphers

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoAdd forward declarations of the AES dispatch table functions
Matt Caswell [Mon, 15 Apr 2019 14:33:58 +0000 (15:33 +0100)]
Add forward declarations of the AES dispatch table functions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoMake implementation of blocksize, iv_length and key_length mandatory
Matt Caswell [Wed, 10 Apr 2019 12:54:38 +0000 (13:54 +0100)]
Make implementation of blocksize, iv_length and key_length mandatory

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoAdd a maximum output length to update and final calls
Matt Caswell [Wed, 10 Apr 2019 12:43:45 +0000 (13:43 +0100)]
Add a maximum output length to update and final calls

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoAdd iv length and key length params to the cipher init calls
Matt Caswell [Wed, 10 Apr 2019 12:23:58 +0000 (13:23 +0100)]
Add iv length and key length params to the cipher init calls

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoImplement AES CTR ciphers in the default provider
Matt Caswell [Mon, 8 Apr 2019 16:19:59 +0000 (17:19 +0100)]
Implement AES CTR ciphers in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoImplement AES CFB ciphers in the default provider
Matt Caswell [Mon, 8 Apr 2019 16:13:01 +0000 (17:13 +0100)]
Implement AES CFB ciphers in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoImplement AES OFB ciphers in the default provider
Matt Caswell [Mon, 8 Apr 2019 15:55:34 +0000 (16:55 +0100)]
Implement AES OFB ciphers in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoImplement AES CBC ciphers in the default provider
Matt Caswell [Wed, 3 Apr 2019 17:01:21 +0000 (18:01 +0100)]
Implement AES CBC ciphers in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoAdd support in the default provider for 192/128 bit AES ECB
Matt Caswell [Wed, 3 Apr 2019 15:53:22 +0000 (16:53 +0100)]
Add support in the default provider for 192/128 bit AES ECB

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoAdd the provider_algs.h internal header file
Matt Caswell [Wed, 3 Apr 2019 15:39:34 +0000 (16:39 +0100)]
Add the provider_algs.h internal header file

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoImplement support for AES-256-ECB in the default provider
Matt Caswell [Wed, 3 Apr 2019 14:34:08 +0000 (15:34 +0100)]
Implement support for AES-256-ECB in the default provider

We also lay the ground work for various of other the basic AES ciphers.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoMake EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware
Matt Caswell [Wed, 3 Apr 2019 14:38:07 +0000 (15:38 +0100)]
Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

5 years agoossl_method_store_cache_get(): ensure non-NULL property query
Richard Levitte [Thu, 18 Apr 2019 15:46:32 +0000 (17:46 +0200)]
ossl_method_store_cache_get(): ensure non-NULL property query

The comparator further down the call stack doesn't tolerate NULL, so
if we got that as input, use the empty string.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)

5 years agoOPENSSL_LH_flush(): assign NULL after freeing
Richard Levitte [Thu, 18 Apr 2019 14:33:21 +0000 (16:33 +0200)]
OPENSSL_LH_flush(): assign NULL after freeing

OPENSSL_LH_flush() frees the linked lists for each slot, but didn't
set the list head to NULL after doing so, with the result that an
operation that affects these lists is likely to cause a crash.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)

5 years agoFix the generic EVP algorithm fetch to actually cache them
Richard Levitte [Thu, 18 Apr 2019 10:23:21 +0000 (12:23 +0200)]
Fix the generic EVP algorithm fetch to actually cache them

ossl_method_store_cache_get() and ossl_method_store_cache_set() were
called with a NULL argument for store, which means no caching is
done.  Give them a real store instead.

Also, increment the refcount when we do get a method out of the cache.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)

5 years agoasn1parse: avoid double free
Richard Levitte [Mon, 15 Apr 2019 11:15:55 +0000 (13:15 +0200)]
asn1parse: avoid double free

|str| was used for multiple conflicting purposes.  When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload.  However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.

So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.

The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from.  Now, we only need to free |buf| properly and not
|str|.

Fixes #8752

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)

5 years agoAdd SSHKDF in evp_kdf_test
Simo Sorce [Wed, 17 Apr 2019 14:48:49 +0000 (10:48 -0400)]
Add SSHKDF in evp_kdf_test

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8774)

5 years agochacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1.
Andy Polyakov [Wed, 17 Apr 2019 19:31:01 +0000 (21:31 +0200)]
chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1.

The change is triggered by ThunderX2 where 3+1 was slower than scalar
code path, but it helps all processors [to handle <512 inputs].

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)

5 years agoaes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2.
Andy Polyakov [Wed, 17 Apr 2019 19:30:39 +0000 (21:30 +0200)]
aes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)

5 years agoARM64 assembly pack: add ThunderX2 results.
Andy Polyakov [Wed, 17 Apr 2019 19:08:13 +0000 (21:08 +0200)]
ARM64 assembly pack: add ThunderX2 results.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)

5 years agoSP 800-56B steps enumerated.
Pauli [Wed, 17 Apr 2019 04:24:26 +0000 (14:24 +1000)]
SP 800-56B steps enumerated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8770)

5 years agoAdd test for the BIO_s_mem rdwr->rdonly->rdwr use-case
Tomas Mraz [Thu, 4 Apr 2019 07:49:36 +0000 (09:49 +0200)]
Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

5 years agoAdd documentation for the BIO_s_mem pecularities
Tomas Mraz [Thu, 4 Apr 2019 07:48:47 +0000 (09:48 +0200)]
Add documentation for the BIO_s_mem pecularities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

5 years agoAdd testing of RDONLY memory BIOs
Tomas Mraz [Wed, 3 Apr 2019 17:07:00 +0000 (19:07 +0200)]
Add testing of RDONLY memory BIOs

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

5 years agoAdd test for the BIO_get_mem_ptr() regression
Bernd Edlinger [Fri, 1 Mar 2019 00:55:38 +0000 (01:55 +0100)]
Add test for the BIO_get_mem_ptr() regression

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

5 years agoFix for BIO_get_mem_ptr and related regressions
Tomas Mraz [Wed, 3 Apr 2019 10:31:32 +0000 (12:31 +0200)]
Fix for BIO_get_mem_ptr and related regressions

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)

5 years agoCall RSA generation callback at the correct time.
Kurt Roeckx [Sat, 13 Apr 2019 12:04:35 +0000 (14:04 +0200)]
Call RSA generation callback at the correct time.

The callback should be called with 1 when a Miller-Rabin round marked
the candidate as probably prime.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
GH: #8742

5 years agoDon't use '-z defs' with Clang's sanitizers
Richard Levitte [Mon, 15 Apr 2019 08:40:18 +0000 (10:40 +0200)]
Don't use '-z defs' with Clang's sanitizers

The clang documentation in all sanitizers we currently use says this:

    When linking shared libraries, the {flavor}Sanitizer run-time is
    not linked, so -Wl,-z,defs may cause link errors (don’t use it
    with {flavor}Sanitizer)

(in our case, {flavor} is one of Address, Memory, or UndefinedBehavior)

Therefore, we turn off that particular flag specifically when using
the sanitizers.

Fixes #8735

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8749)

5 years agoproviders/common/digests/sha2.c: forward declare all dispatched functions
Richard Levitte [Mon, 15 Apr 2019 07:40:22 +0000 (09:40 +0200)]
providers/common/digests/sha2.c: forward declare all dispatched functions

Forward declare the dispatched functions using typedefs from
core_numbers.h.  This will ensure that they have correct signatures.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8747)

5 years agoProviders: for the digest_final operation, pass a output buffer size
Richard Levitte [Mon, 15 Apr 2019 07:37:51 +0000 (09:37 +0200)]
Providers: for the digest_final operation, pass a output buffer size

This allows the provider digest_final operation to check that it
doesn't over-run the output buffer.

The EVP_DigestFinal_ex function doesn't take that same parameter, so
it will have to assume that the user provided a properly sized buffer,
but this leaves better room for future enhancements of the public API.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8747)

5 years agoFix calling convention bug in ecp_nistz256_ord_sqr_mont
David Benjamin [Tue, 29 Jan 2019 04:39:17 +0000 (04:39 +0000)]
Fix calling convention bug in ecp_nistz256_ord_sqr_mont

The rep parameter takes an int in C, but the assembly implementation
looks at the upper bits. While it's unlikely to happen here, where all
calls pass a constant, in other scenarios x86_64 compilers will leave
arbitrary values in the upper half.

Fix this by making the C prototype match the assembly. (This aspect of
the calling convention implies smaller-than-word arguments in assembly
functions should be avoided. There are far fewer things to test if
everything consistently takes word-sized arguments.)

This was found as part of ABI testing work in BoringSSL.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8108)

5 years agoDon't use coordinate blinding when scalar is group order
Bernd Edlinger [Fri, 12 Apr 2019 12:28:00 +0000 (14:28 +0200)]
Don't use coordinate blinding when scalar is group order

This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.

Fixes: #8731

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)

5 years agoFurther harmonisation of manual page HISTORY sections
Joshua Lock [Thu, 11 Apr 2019 14:38:56 +0000 (15:38 +0100)]
Further harmonisation of manual page HISTORY sections

A couple of minor tweaks to match the style introduced in #7854:
- BIO_connect: remove line break to make more grep friendly
- SSL_CTX_new: harmoise the format of the HISTORY section

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)

5 years agoUpdate various man pages to place HISTORY section after SEE ALSO
Joshua Lock [Tue, 9 Apr 2019 14:13:55 +0000 (15:13 +0100)]
Update various man pages to place HISTORY section after SEE ALSO

SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.

Fixes #8631

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)

5 years agoAdd a check for history section location to find-doc-nits
Joshua Lock [Tue, 9 Apr 2019 14:10:08 +0000 (15:10 +0100)]
Add a check for history section location to find-doc-nits

Check that the HISTORY section is located after the SEE ALSO section,
this is a much more frequent order in OpenSSL manual pages (and UNIX
manual pages in general).

Also check that SEE ALSO comes after EXAMPLES, so that the tool can
ensure the correct manual section sequence.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)

5 years agoMake check_example_location() in find-doc-nits generic
Joshua Lock [Tue, 9 Apr 2019 13:53:58 +0000 (14:53 +0100)]
Make check_example_location() in find-doc-nits generic

Change to check_section_location(), a generic function to ensure that
section SECTION appears before section BEFORE in the man pages.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)

5 years agoDeprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
Matt Caswell [Tue, 9 Apr 2019 14:32:33 +0000 (15:32 +0100)]
Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()

These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)

5 years agoAdd CMAC speed measurements
Bernd Edlinger [Wed, 10 Apr 2019 20:44:41 +0000 (22:44 +0200)]
Add CMAC speed measurements

usage: openssl speed -cmac aes128

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8721)

5 years agoAdd prediction resistance capability to the DRBG reseeding process.
Pauli [Fri, 12 Apr 2019 08:16:20 +0000 (18:16 +1000)]
Add prediction resistance capability to the DRBG reseeding process.

Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l"

This requires the seed sources to be approved as entropy sources, after
which they should be considered live sources as per section 5.3.2 "Live
Entropy Source Availability."

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8647)

5 years agoec key validation checks updated
Shane Lontis [Sat, 23 Mar 2019 03:12:08 +0000 (13:12 +1000)]
ec key validation checks updated

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8564)

5 years agodoc fixups
Shane Lontis [Tue, 2 Apr 2019 00:55:00 +0000 (10:55 +1000)]
doc fixups

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoSeparate the lookup test
Nicola Tuveri [Sun, 31 Mar 2019 15:46:53 +0000 (18:46 +0300)]
Separate the lookup test

This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.

I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.

In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoEC_GROUP_set_curve() might fail for arbitrary params
Nicola Tuveri [Sun, 31 Mar 2019 13:26:33 +0000 (16:26 +0300)]
EC_GROUP_set_curve() might fail for arbitrary params

Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail
for some `EC_GROUP`s, depending on the internal `EC_METHOD`
implementation, hence the block of tests verifying that
`EC_GROUP_check_named_curve()` fails when any of the curve parameters is
changed is modified to run only if the previous `EC_GROUP_set_curve()`
call succeeds.

`ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the
thread error stack with unrelated errors happened during
`EC_GROUP_set_curve()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoadded code to validate EC named curve parameters
Shane Lontis [Thu, 21 Mar 2019 10:09:02 +0000 (20:09 +1000)]
added code to validate EC named curve parameters

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)