Richard Levitte [Wed, 10 Jul 2019 18:19:36 +0000 (20:19 +0200)]
Refactor apps/progs.* to be generate with 'make update'
This makes for a cleaner apps/progs.h as well as as cleaner
apps/build.info.
We also break out the type declarations to apps/include/function.h
apps/progs.c and apps/progs.h are NOT regenerated when 'apps' is
disabled.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)
Krists Krilovs [Mon, 8 Jul 2019 20:43:09 +0000 (13:43 -0700)]
Fix wrong lock claimed in x509 dir lookup.
x509 store's objects cache can get corrupted when using dir lookup
method in multithreaded application. Claim x509 store's lock when
accessing objects cache.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9326)
agnosticdev [Fri, 12 Jul 2019 10:11:56 +0000 (05:11 -0500)]
issue-9316: Update return documentation for RAND_set_rand_engine
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9351)
Rich Salz [Thu, 11 Jul 2019 05:53:59 +0000 (15:53 +1000)]
Make allocation/free/clean available to providers
Also make OPENSSL_hexstr2buf available to providers.
EVP control functions need hexstring conversion, so move any
memory-allocating functions in o_str.c into new file mem_str.c
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8886)
Richard Levitte [Tue, 9 Jul 2019 10:03:00 +0000 (12:03 +0200)]
Adapt the provider AES for more use of OSSL_PARAM
The cipher context IV was a bit interesting. EVP_CIPHER_CTX_iv()
returns a pointer to the live IV, while EVP_CIPHER_CTX_ctrl() with the
type EVP_CTRL_GET_IV gets a copy of the live IV. To support both, we
support getting it with both the OSSL_PARAM_OCTET_STRING and
OSSL_PARAM_OCTET_PTR datatypes.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)
Richard Levitte [Tue, 9 Jul 2019 05:32:16 +0000 (07:32 +0200)]
Adapt diverse EVP_CIPHER functions to use get_params and set_params interfaces
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)
Richard Levitte [Tue, 9 Jul 2019 05:27:27 +0000 (07:27 +0200)]
Make more use of OSSL_PARAM for ciphers
A lot of the different numbers associated with ciphers are really
algorithm parameters. Key length, block size, IV length, that sort of
thing.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)
Richard Levitte [Mon, 8 Jul 2019 18:36:29 +0000 (20:36 +0200)]
test/evp_test.c: [ciphers] Test that we get back the same IV we gave
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9328)
Bernd Edlinger [Mon, 8 Jul 2019 07:49:33 +0000 (09:49 +0200)]
Replace long dash characters with normal ascii minus
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9321)
Shane Lontis [Mon, 8 Jul 2019 23:33:18 +0000 (09:33 +1000)]
Add X9.42 KDF.
Move the KDF code for CMS DH key agreement into an EVP_KDF object.
There are 2 specifications for X9.42 KDF. This implementation uses DER for
otherinfo which embeds the KDF loop counter inside the DER object.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8898)
Dmitry Belyavskiy [Mon, 8 Jul 2019 10:14:50 +0000 (20:14 +1000)]
Avoid NULL pointer dereference. Fixes #9043.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9059)
Dmitry Belyavskiy [Mon, 8 Jul 2019 10:09:13 +0000 (20:09 +1000)]
A very brief explanation of how to add custom functions to OpenSSL.
Inspired by Rich Salz's letter to openssl-users@
[edited to remove non-ASCII characters and end of line white space]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9267)
John Schember [Tue, 2 Jul 2019 19:05:27 +0000 (15:05 -0400)]
iOS build: Replace %20 with space in config script
CLA: trivial
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9297)
Lei Maohui [Thu, 13 Jun 2019 03:17:30 +0000 (12:17 +0900)]
Fix build error for aarch64 big endian.
Modified rev to rev64, because rev only takes integer registers.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90827
Otherwise, the following error will occur.
Error: operand 1 must be an integer register -- `rev v31.16b,v31.16b'
CLA: trivial
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9151)
Dr. Matthias St. Pierre [Fri, 31 May 2019 07:06:28 +0000 (09:06 +0200)]
man: fix typo in OPENSSL_fork_prepare.pod
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/9318)
Bernd Edlinger [Thu, 4 Jul 2019 15:56:23 +0000 (17:56 +0200)]
Fix an endless loop in BN_generate_prime_ex
Happens when trying to generate 4 or 5 bit safe primes.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9311)
Matt Caswell [Thu, 4 Jul 2019 09:21:53 +0000 (10:21 +0100)]
Prevent the use of RUN_ONCE inside the FIPS module
FIPS module code *always* runs within the scope of an associated
OPENSSL_CTX. When the module is loaded the OPENSSL_CTX gets created, and
when the module is unloaded the OPENSSL_CX gets freed. A module may be
loaded multiple times within the scope of different OPENSSL_CTX objects.
"Global" data should always be stored within the OPENSSL_CTX. In this
way it will always get cleaned up properly when the module is unloaded.
All current code within the FIPS module works this way. To avoid
"accidents" we disabled the RUN_ONCE code inside the FIPS module.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9308)
Tomas Mraz [Tue, 2 Jul 2019 11:32:29 +0000 (13:32 +0200)]
Clarify documentation of SSL_CTX_set_verify client side behavior
Fixes #9259
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9291)
Bernd Edlinger [Tue, 2 Jul 2019 19:33:42 +0000 (21:33 +0200)]
Fix a typo and a syntax error in opensslconf.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9298)
Richard Levitte [Wed, 3 Jul 2019 17:11:36 +0000 (19:11 +0200)]
test/recipes/02_test_errstr.t: Make it less fragile
Change it to split the error string returned by `openssl errstr` in a
more robust manner, and ensure it's the reason code we look at.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9304)
Martin Peylo [Wed, 22 Aug 2018 09:48:22 +0000 (12:48 +0300)]
Adding Test.pm with workaround for Perl abs2rel bug
If SRCTOP != BLDTOP, and SRCTOP is given in relative form, e.g.
"./config ../openssl", then a bug in Perl's abs2rel may trigger that directory-
rewriting in __cwd results in wrong entries in %directories under certain
circumstances, e.g. when a test executes run(app(["openssl"]) after indir.
There should not be any need to go to a higher directory from BLDDIR or SRCDIR,
so it should be OK to use them in their absolute form, also resolving all
possible symlinks, right from the start.
Following the File::Spec::Functions bug description (reported to perl.org):
When abs2rel gets a path argument with ..s that are crossing over the ..s
trailing the base argument, the result is wrong.
Example
PATH: /home/goal/test/..
BASE: /home/goal/test/../../base
Good result: ../goal
Bad result: ../..
Bug verified with File::Spec versions
- 3.6301
- 3.74 (latest)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7031)
Rich Salz [Tue, 2 Jul 2019 11:53:19 +0000 (07:53 -0400)]
Fix comment; unchecked->checked
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9292)
Matt Caswell [Wed, 19 Jun 2019 14:20:03 +0000 (15:20 +0100)]
Add a dummy call to BN_rand_ex() in the FIPS provider
The previous commit made BIGNUM RAND operations available from within
the FIPS provider. We test this out by making a dummy call to check it
completes successfully.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
Matt Caswell [Fri, 28 Jun 2019 10:24:51 +0000 (11:24 +0100)]
Make BIGNUM rand functions available within the FIPS module
The BIGNUM rand functions were previously disabled for the FIPS module.
We can now re-enable them.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
Matt Caswell [Fri, 28 Jun 2019 10:23:46 +0000 (11:23 +0100)]
Provide rand_bytes_ex and rand_priv_bytes_ex
We provider internal versions of RAND_bytes() and RAND_priv_bytes() which
have the addition of taking an OPENSSL_CTX as a parameter.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9193)
Patrick Steuer [Fri, 28 Jun 2019 20:08:16 +0000 (22:08 +0200)]
s390x assembly pack: fix various aes modes performance regression
which was introduced with
64adf9aac7.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9271)
Richard Levitte [Tue, 18 Jun 2019 09:39:13 +0000 (11:39 +0200)]
FIPS module: adapt for the changed error reporting methods
The FIPS module inner provider doesn't need to deal with error reason
strings or error library number, since it uses the outer provider's
error reporting upcalls. We therefore disable that code in
crypto/provider_core.c when building the FIPS module.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)
Richard Levitte [Tue, 18 Jun 2019 09:18:31 +0000 (11:18 +0200)]
Replumbing: re-implement error reporting for providers
The idea is that providers should only have to report a reason code.
The library code is considered to be libcrypto internal, and are
allocated dynamically and automatically for providers on creation.
We reserve the upper 8 bits of the reason code for internal OpenSSL
use. This allows our own providers to report errors in form of a
packed number that includes library number, function number and
reason number.
With this, a provider can potentially use any reason number it wants
from 1 to
16777216, although the current error semantics really only
allow 1 to 4095 (because only the lower 12 bits are currently
considered an actual reason code by the ERR subsystem).
A provider can provide a reason string table in form of an array of
ERR_STRING_DATA, with each item containing just the reason code and
the associated string, with the dispatch function numbered
OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type
OSSL_provider_get_reason_strings_fn.
If available, libcrypto will call that function on provider
activation.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9174)
Richard Levitte [Tue, 2 Jul 2019 12:57:36 +0000 (14:57 +0200)]
ossl_provider_upref to ossl_provider_up_ref
Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref. Adapt
ossl_provider_upref() accordingly.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9293)
Bernd Edlinger [Mon, 1 Jul 2019 07:41:47 +0000 (09:41 +0200)]
Check for V_ASN1_BOOLEAN/V_ASN1_NULL in X509_ATTRIBUTE_get0_data
The member value.ptr is undefined for those ASN1 types.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)
Bernd Edlinger [Mon, 1 Jul 2019 07:06:02 +0000 (09:06 +0200)]
Fix ASN1_TYPE_get/set with type=V_ASN1_BOOLEAN
BOOLEAN does not have valid data in the value.ptr member,
thus don't use it here.
Fixes #9276
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9278)
Antoine Cœur [Tue, 2 Jul 2019 08:04:04 +0000 (16:04 +0800)]
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9288)
Patrick Steuer [Mon, 1 Jul 2019 16:09:16 +0000 (18:09 +0200)]
test/p_test.c: silence -Wstringop-overflow
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9282)
Rich Salz [Mon, 1 Jul 2019 20:24:08 +0000 (16:24 -0400)]
Remove EXPORT_VAR_AS_FUNC
We only export functions, not global, so remove the config option
and some of the #ifdef stuff.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9285)
Rich Salz [Mon, 1 Jul 2019 18:54:53 +0000 (14:54 -0400)]
Remove global-var/function macros
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)
Rich Salz [Mon, 1 Jul 2019 18:41:19 +0000 (14:41 -0400)]
Remove DES_check_key global
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9284)
Rich Salz [Thu, 20 Jun 2019 21:07:25 +0000 (17:07 -0400)]
Remove NextStep support
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
Matt Caswell [Fri, 28 Jun 2019 14:06:55 +0000 (15:06 +0100)]
Fix a leak in evp_test
If evp_test fails to load the legacy provider then it leaks a reference
to the default provider.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9270)
Matt Caswell [Fri, 28 Jun 2019 15:29:42 +0000 (16:29 +0100)]
Change RC5_32_set_key to return an int type
If the key is too long we now return an error.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
Matt Caswell [Fri, 26 Apr 2019 11:11:13 +0000 (12:11 +0100)]
Ensure that rc5 doesn't try to use a key longer than 2040 bits
The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.
Issue found by OSS-Fuzz and Guido Vranken.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)
Matt Caswell [Fri, 28 Jun 2019 13:29:34 +0000 (14:29 +0100)]
Only cache a method if we actually created one
We were attempting to cache a method after we failed to create it
which leads to an assertion failure.
Fixes #9264
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9269)
Antoine Cœur [Sun, 30 Jun 2019 18:02:06 +0000 (02:02 +0800)]
Fix Typos
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9275)
Pauli [Thu, 27 Jun 2019 14:02:00 +0000 (00:02 +1000)]
Add OIDs for kmac128, kmac256 and blake2.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9277)
Pauli [Thu, 27 Jun 2019 08:45:26 +0000 (18:45 +1000)]
Add a note in the contributing file about trivial commits.
A better explanation of where the "CLA: trivial" line goes and how to add
it post hoc.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9265)
Patrick Steuer [Wed, 26 Jun 2019 21:41:35 +0000 (23:41 +0200)]
s390x assembly pack: update OPENSSL_s390xcap(3)
Add description of capability vector's pcc and kma parts.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
Patrick Steuer [Wed, 26 Jun 2019 23:07:54 +0000 (01:07 +0200)]
s390x assembly pack: add support for pcc and kma instructions
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9258)
Paul Yang [Wed, 5 Jun 2019 06:46:48 +0000 (14:46 +0800)]
Support SM2 certificate signing
SM2 certificate signing request can be created and signed by OpenSSL
now, both in library and apps.
Documentation and test cases are added.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9085)
Matt Caswell [Thu, 20 Jun 2019 12:17:22 +0000 (13:17 +0100)]
Change the DRBG HMAC implementation to lookup allowed digest names
As per the previous commit we make the same change for DRBG HMAC and
more closely align the FIPS_MODE and non FIPS_MODE implementations.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Thu, 20 Jun 2019 10:51:08 +0000 (11:51 +0100)]
Change the DRBG HASH implementation to lookup all allowed algorithm names
We use the new function ossl_prov_util_nid_to_name() to look up the
algorithm and unify the FIPS_MODE and non-FIPS_MODE handling.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Thu, 20 Jun 2019 10:48:50 +0000 (11:48 +0100)]
Add a nid 2 algorithm name mapping capability
Providers that link against libcrypto can just use OBJ_nid2sn() to look
up the name of an algorithm given a NID. However that doesn't work for the
FIPS provider because OBJ_nid2sn() is not available there (due to the
reliance of the code on ASN.1 types). Therefore we provider a new function
to do this mapping. For providers linking against libcrypto the new function
just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the
NIDs known there.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Tue, 28 May 2019 10:26:17 +0000 (11:26 +0100)]
Call RAND_DRBG_bytes from inside the FIPS provider
Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to
demonstrate that it is possible to use the RAND code from inside the
module. This is temporary and will be removed once real uses of the RAND
code are available inside the module.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Tue, 28 May 2019 10:28:16 +0000 (11:28 +0100)]
Fix NULL pointer dereference in the ex_data code
In some circumstances the global data held in the "global" variable can
be NULL, so we should error out in the circumstance instead of crashing.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Thu, 23 May 2019 13:35:42 +0000 (14:35 +0100)]
Make the RAND code available from inside the FIPS module
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Matt Caswell [Mon, 24 Jun 2019 16:47:04 +0000 (17:47 +0100)]
Document EVP_CIPHER_up_ref()
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
Matt Caswell [Mon, 24 Jun 2019 16:38:01 +0000 (17:38 +0100)]
Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref
All the other upref functions are spelled as "up_ref". These new functions
should be consistent.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
Matt Caswell [Mon, 24 Jun 2019 16:34:14 +0000 (17:34 +0100)]
Add documentation for EVP_CIPHER_fetch
We extend the EVP_MD_fetch documentation to be more generic and to also
cover EVP_CIPHER_fetch. We expect this to be further expanded with other
"fetch" functions in the future.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)
Dr. Matthias St. Pierre [Thu, 27 Jun 2019 08:12:08 +0000 (10:12 +0200)]
man: clarify the 'random number generator must be seeded' requirement
The manual pages require for some API functions that the 'random number
generator must be seeded' before calling the function. Initially, this
was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually
before calling these functions.
Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore. Still, he
needs to be aware that the seeding might fail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9257)
Dr. Matthias St. Pierre [Thu, 27 Jun 2019 10:50:26 +0000 (12:50 +0200)]
man: fix documentation for RSA_generate_key()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9260)
Matt Caswell [Mon, 24 Jun 2019 15:07:30 +0000 (16:07 +0100)]
Move the public SIV mode functions from public headers to internal ones
SIV mode is accessible via EVP. There should be no reason to make the low
level SIV functions from the modes directory part of the public API. Since
these functions do not exist in 1.1.1 we are still able to make this change.
This also reduces the list of newly added undocumented symbols from
issue #9095.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9232)
Benjamin Kaduk [Thu, 13 Jun 2019 19:26:12 +0000 (12:26 -0700)]
Move 'shared_sigalgs' from cert_st to ssl_st
It was only ever in cert_st because ssl_st was a public structure
and could not be modified without breaking the API. However, both
structures are now opaque, and thus we can freely change their layout
without breaking applications. In this case, keeping the shared
sigalgs in the SSL object prevents complications wherein they would
inadvertently get cleared during SSL_set_SSL_CTX() (e.g., as run
during a cert_cb).
Fixes #9099
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
Benjamin Kaduk [Thu, 13 Jun 2019 19:04:52 +0000 (12:04 -0700)]
Revert "Delay setting the sig algs until after the cert_cb has been called"
This reverts commit
524006dd1b80c1a86a20119ad988666a80d8d8f5.
While this change did prevent the sigalgs from getting inadvertently
clobbered by SSL_set_SSL_CTX(), it also caused the sigalgs to not be
set when the cert_cb runs. This, in turn, caused significant breakage,
such as SSL_check_chain() failing to find any valid chain. An alternate
approach to fixing the issue from #7244 will follow.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
Benjamin Kaduk [Thu, 13 Jun 2019 19:02:03 +0000 (12:02 -0700)]
Add regression test for #9099
Augment the cert_cb sslapitest to include a run that uses
SSL_check_chain() to inspect the certificate prior to installing
it on the SSL object. If the check shows the certificate as not
valid in that context, we do not install a certificate at all, so
the handshake will fail later on in processing (tls_choose_sigalg()),
exposing the indicated regression.
Currently it fails, since we have not yet set the shared sigalgs
by the time the cert_cb runs.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9157)
Bernd Edlinger [Mon, 24 Sep 2018 11:15:22 +0000 (13:15 +0200)]
Keep the externally visible macro BIO_FLAGS_UPLINK in bio.h
and rename the internally used macro to BIO_FLAGS_UPLINK_INTERNAL.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7307)
Paul Yang [Wed, 26 Jun 2019 09:36:56 +0000 (17:36 +0800)]
Fix incorrect usage of a test case
test/x509_check_cert_pkey_test.c has incorrect usage description.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9250)
Pauli [Mon, 24 Jun 2019 15:37:07 +0000 (01:37 +1000)]
The params_test uses wrong size for BN check.
Before the return size was included in the OSSL_PARAM structure, the size
global was updated via a pointer. The size global variable has been removed
and the in structure return size used instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9248)
Shane Lontis [Tue, 4 Jun 2019 22:24:16 +0000 (08:24 +1000)]
EC only uses approved curves in FIPS mode.
Once there are buildable fips tests, some tests that are data driven
from files will need to be modified to exclude non approved curves in
fips mode.
These changes were tested by temporarily adding #define FIPS_MODE 1 to
all the modified source files.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9081)
Patrick Steuer [Mon, 24 Jun 2019 22:10:20 +0000 (00:10 +0200)]
Fix s390x build errors and warnings
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9236)
Dr. Matthias St. Pierre [Sun, 23 Jun 2019 17:25:50 +0000 (19:25 +0200)]
OSSL_TRACE: enhance documentation and fix doc-nit errors
- Add the following macros to the NAME section:
- with synopsis
OSSL_TRACE_CANCEL, OSSL_TRACE, OSSL_TRACE_ENABLED
- without synopsis
OSSL_TRACEV (helper macro, not intended for public use)
OSSL_TRACE[3-8] (omitted on purpose)
- Revise the NOTES section
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9224)
Santhosh Rameshwarapu [Mon, 24 Jun 2019 08:20:55 +0000 (13:50 +0530)]
Cross-linked the man(1) pages of kdf & pkeyutl.
Fixes #8784
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9228)
Richard Levitte [Wed, 5 Jun 2019 06:59:13 +0000 (08:59 +0200)]
OSSL_NAMEMAP: make names case insensitive
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)
Richard Levitte [Thu, 23 May 2019 14:00:05 +0000 (16:00 +0200)]
Add a namemap test
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)
Richard Levitte [Thu, 23 May 2019 01:18:04 +0000 (03:18 +0200)]
Replumbing: add support for multiple names per algorithm
Algorithms may have multiple names, as seen in the legacy names
database. We need to support that as well.
This implementations modifies ossl_namemap to support multiple names
for the same identifier.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)
Pauli [Mon, 24 Jun 2019 07:54:47 +0000 (17:54 +1000)]
Allow AES XTS decryption using duplicate keys.
This feature is enabled by default outside of FIPS builds
which ban such actions completely.
Encryption is always disallowed and will generate an error.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9112)
Richard Levitte [Thu, 20 Jun 2019 15:55:36 +0000 (17:55 +0200)]
Enhance and update the docs of the internal ossl_provider API
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9200)
Pauli [Mon, 24 Jun 2019 04:43:55 +0000 (14:43 +1000)]
Change OSSL_PARAM return size to not be a pointer.
Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9135)
Pauli [Sun, 23 Jun 2019 23:18:48 +0000 (09:18 +1000)]
Add documentation for CRYPTO_memcmp.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9225)
Richard Levitte [Sat, 22 Jun 2019 08:08:05 +0000 (10:08 +0200)]
crypto/trace.c: Remove unexisting categories
Reverts an inadvertent change from commit
fe26f798526c14a3f8c9bb55d0eaf8eaa0d086e1
Fixes #9220
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9218)
Richard Levitte [Fri, 21 Jun 2019 09:20:15 +0000 (11:20 +0200)]
OSSL_TRACE: ensure it's initialised
When OSSL_TRACE functionality is called before anything else, it finds
itself uninitialised, i.e. its global lock hasn't been created yet.
Fortunately, we have an internal general setup function for the trace
functionality, that makes for a perfect spot to trigger initialisation.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9212)
Bernd Edlinger [Mon, 17 Jun 2019 14:57:25 +0000 (16:57 +0200)]
Handle CTRL-C as non-redoable abort signal
This is a bit annoying, if for instance "openssl genrsa -aes128"
tries to read a 4+ character size password, but CTRL-C does no longer
work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by
UI_set_result_ex, together with the error "You must type in 4 to 1023 characters".
Thus remove the REDOABLE flag to allow CTRL-C to work.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9170)
Pauli [Thu, 20 Jun 2019 23:27:48 +0000 (09:27 +1000)]
Remove OPENSSL_memcmp.
After avoiding OPENSSL_memcmp for EC curve comparison, there are no remaining
uses in the source code. The function is only defined in an internal header
and thus should be safe to remove for 3.0.0.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9207)
Pauli [Thu, 20 Jun 2019 01:24:17 +0000 (11:24 +1000)]
Print thread IDs nicely.
Remove the union that effectively cast thread IDs to long integers before
display and instead print a hex dump of the entire object.
Refer #9191
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9194)
Richard Levitte [Thu, 20 Jun 2019 08:38:46 +0000 (10:38 +0200)]
test/testutil/init.c, apps/openssl.c: add trace cleanup handle earlier
It turned out that the internal trace cleanup handler was added too
late, so it would be executed before OPENSSL_cleanup().
This results in address errors, as the trace code that's executed in
OPENSSL_cleanup() itself tries to reach for data that's been freed at
that point.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9196)
Frederik Wedel-Heinen [Thu, 13 Jun 2019 12:13:42 +0000 (14:13 +0200)]
Update test/README
Changed a bad reference: test/Makefile -> test/build.info
Add ../apps/include as include path to include opt.h used by test/testutil.h.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9154)
Miquel Ruiz [Mon, 22 Oct 2018 21:34:57 +0000 (22:34 +0100)]
Add SSL_shutdown to SSL_get_error's documentation
SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown to the list of functions
that should preceed the call to SSL_get_error.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/7465)
Rebecca Cran [Wed, 12 Jun 2019 20:03:36 +0000 (14:03 -0600)]
Fix UEFI build on FreeBSD by not including system headers
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9149)
Matt Caswell [Wed, 19 Jun 2019 12:13:55 +0000 (13:13 +0100)]
Fix a doc-nits failure
We need blank lines on each side of a section heading.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9192)
Tomas Mraz [Tue, 18 Jun 2019 14:41:48 +0000 (16:41 +0200)]
Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented
and it also caused the length to be incorrectly set after the reset
operation.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9179)
Matt Caswell [Wed, 19 Jun 2019 09:31:39 +0000 (10:31 +0100)]
Add some internal documentation for some thread related functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9186)
Matt Caswell [Tue, 18 Jun 2019 17:37:38 +0000 (18:37 +0100)]
Provide an ability to deregister thread stop handlers
If a provider gets unloaded then any thread stop handlers that it had
registered will be left hanging. We should clean them up before tearing
down the provider.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9186)
Richard Levitte [Wed, 19 Jun 2019 06:44:20 +0000 (08:44 +0200)]
Add tracing capability in test utilities
If a test program goes wrong, it's sometimes helpful to be able to
trace what goes on in libcrypto and libssl.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9191)
Richard Levitte [Wed, 19 Jun 2019 06:37:19 +0000 (08:37 +0200)]
Add extra error text in the property parser
With properties being specified in all kinds of places, including hard
coded in providers, it's not always easy to figure out exactly what
string was incorrect when the parser would just say something like
'parse failed' with no more details.
Adding extra data to the error, showing exactly what string is
incorrect, helps a bit. At the very least, this gives anyone
interested something to grep for.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9190)
Matt Caswell [Tue, 18 Jun 2019 17:36:36 +0000 (18:36 +0100)]
Don't create an OPENSSL_CTX twice
The fips provider was creating the OPENSSL_CTX twice due to a previous
merge error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9184)
Pauli [Wed, 19 Jun 2019 00:20:49 +0000 (10:20 +1000)]
ARIA documentation titled itself AES
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9188)
Rich Salz [Tue, 18 Jun 2019 16:06:17 +0000 (12:06 -0400)]
Change ERR_add_error_[v]data to append
The "add error data" functions now append to the current error.
Add a test for this.
Cleanup some of the ERR_put functions.
In the FIPS module, always append "(in the FIPS module)" to any errors.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9181)
Richard Levitte [Tue, 18 Jun 2019 14:23:06 +0000 (16:23 +0200)]
crypto/modes/build.conf: Fix MODES asm mistakes
The old rule in Configure was that if the asm source had a file name
with 'ghash-' as part of the name, GHASH_ASM should be defined. Since
none of the aarch64 asm files has such a name, that macro shouldn't
have been defined.
Fixes #9173
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9178)
Richard Levitte [Tue, 18 Jun 2019 14:04:12 +0000 (16:04 +0200)]
crypto/aes/build.info: Fix AES assembler specs
Two mistakes were made:
1. AES_ASM for x86 was misplaced
2. sse2 isn't applicable for x86_64 code
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9177)
Matt Caswell [Tue, 18 Jun 2019 10:45:26 +0000 (11:45 +0100)]
Following the previous 2 commits also move ecpointformats out of session
The previous 2 commits moved supported groups and ciphers out of the
session object to avoid race conditions. We now also move ecpointformats
for consistency. There does not seem to be a race condition with access
to this data since it is only ever set in a non-resumption handshake.
However, there is no reason for it to be in the session.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
Matt Caswell [Fri, 14 Jun 2019 13:06:55 +0000 (14:06 +0100)]
Fix a race condition in ciphers handling
Similarly to the previous commit we were storing the peer offered list
of ciphers in the session. In practice there is no need for this
information to be avilable from one resumption to the next since this
list is specific to a particular handshake. Since the session object is
supposed to be immutable we should not be updating it once we have decided
to resume. The solution is to remove the session list out of the session
object.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
Matt Caswell [Fri, 14 Jun 2019 11:46:13 +0000 (12:46 +0100)]
Fix a race condition in supported groups handling
In TLSv1.3 the supported groups can be negotiated each time a handshake
occurs, regardless of whether we are resuming or not. We should not store
the supported groups information in the session because session objects
can be shared between multiple threads and we can end up with race
conditions. For most users this won't be seen because, by default, we
use stateless tickets in TLSv1.3 which don't get shared. However if you
use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can
happen.
The answer is to move the supported the supported group information into
the SSL object instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
Bernd Edlinger [Fri, 14 Jun 2019 12:48:37 +0000 (14:48 +0200)]
Fix error handling at openssl_strerror_r
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined),
to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior.
Fix a few cases, where the return value of openssl_strerror_r was ignored.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9163)