Richard Levitte [Mon, 19 Aug 2019 04:35:54 +0000 (06:35 +0200)]
Add a tester of OpenSSL config files and test the current .pragma
test/confdump.c reads an OpenSSL config file and prints out the
processed result. This can be used to check that a config file is
processed correctly.
We add a test recipe and the necessary data to test the dollarid
pragma.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8882)
Richard Levitte [Mon, 6 May 2019 08:50:35 +0000 (10:50 +0200)]
Add a .pragma directive for configuration files
Currently added pragma:
.pragma dollarid:on
This allows dollar signs to be a keyword character unless it's
followed by a opening brace or parenthesis.
Fixes #8207
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8882)
Richard Levitte [Sun, 10 Nov 2019 12:07:46 +0000 (13:07 +0100)]
Make sure KDF reason codes are conserved in their current state
Because KDF errors are deprecated and only conserved for backward
compatibilty, we must make sure that they remain untouched. A simple
way to signal that is by modifying crypto/err/openssl.ec and replace
the main header file (include/openssl/kdf.h in this case) with 'NONE',
while retaining the error table file (crypto/kdf/kdf_err.c).
util/mkerr.pl is modified to silently ignore anything surrounding a
conserved lib when such a .ec line is found.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
Richard Levitte [Sun, 10 Nov 2019 12:06:48 +0000 (13:06 +0100)]
Deprecate ERR_load_KDF_strings()
Not only deprecate, but also remove the reason strings and make
ERR_load_KDF_strings() do nothing.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
Richard Levitte [Sun, 10 Nov 2019 12:03:15 +0000 (13:03 +0100)]
util/perl/OpenSSL/ParseC.pm: Fix 'extern "C" DEPRECATEDIN_x_y(...)'
The parser expected an 'extern "C"' followed by a single declaration
to always end with a semicolon. Then came along something like this:
extern "C" DEPRECATEDIN_3_0(int ERR_load_KDF_strings(void))
This change adjusts the detector of 'extern "C"' to also take in
accound a declaration that ends with a parenthesis.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
Richard Levitte [Sun, 10 Nov 2019 04:16:36 +0000 (05:16 +0100)]
Reinstate the KDF error macros
For minimum breakage with existing applications that might use them.
This reverts commit
fe6ec26b204a056aee2a24b79df09a45b2308603 and
37ed62107112d95f7b7c9bf75602a6ac40883a89.
Fixes #10340
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10368)
Dmitry Belyavskiy [Sat, 9 Nov 2019 20:25:32 +0000 (23:25 +0300)]
Fix cut'n'paste typos in the provider-digest pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10398)
Ido Ben-Natan [Sat, 9 Nov 2019 13:04:39 +0000 (15:04 +0200)]
Fix misspelled resumption_label for CHARSET_EBCDIC
The resumption_label variable when CHARSET_EBCDIC was enabled, was misspelled.
Instead of evaluating to 'res binder' as expected, it evaluated to 'red binder'.
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10396)
Matt Caswell [Thu, 7 Nov 2019 09:24:18 +0000 (09:24 +0000)]
Fix no-dsa
Make sure we don't try and load a DSA key in the tests if DSA has been
disabled.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10375)
Shane Lontis [Thu, 10 Oct 2019 06:42:20 +0000 (16:42 +1000)]
Add rc4_hmac_md5 cipher to default provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10179)
Rich Salz [Fri, 1 Nov 2019 20:26:05 +0000 (16:26 -0400)]
Fix L<xxx(1)> links to be L<openssl-xxx(1)>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)
Dmitry Belyavskiy [Thu, 7 Nov 2019 14:58:15 +0000 (17:58 +0300)]
Workaround for Windows-based GOST implementations
Many Windows-based GOST TLS implementations are unable to extend the
list of supported SignatureAlgorithms because of lack of the necessary
callback in Windows. So for TLS 1.2 it makes sense to imply the support
of GOST algorithms in case when the GOST ciphersuites are present.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10377)
Richard Levitte [Fri, 8 Nov 2019 09:29:24 +0000 (10:29 +0100)]
Rename providers/common/provlib.c to nid_to_name.c
It contains only one function, which should only get added to non-FIPS
providers.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10389)
Richard Levitte [Thu, 31 Oct 2019 11:10:01 +0000 (12:10 +0100)]
Final cleanup after move to leaner EVP_PKEY methods
Now that KEYMGMT method pointers have moved away from the diverse
methods that are used with EVP_PKEY_CTX, we no longer need to pass
special argument to evp_generic_fetch() and evp_generic_do_all().
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10309)
Richard Levitte [Thu, 21 Mar 2019 06:51:43 +0000 (07:51 +0100)]
Configuration: make Solaris builds with gcc recognise GNU ld
The solaris config targets assumed that GNU cc used Sun ld at all
times. However, there are setups where GNU ld is used instead, so we
adapt the Solaris gcc config targets to use the mechanism introduced
with Configurations/shared_info.pl to try to detect what ld flavor is
being used and set the diverse ld flags accordingly.
Fixes #8547
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8548)
Patrick Steuer [Sat, 2 Nov 2019 15:31:28 +0000 (16:31 +0100)]
bss_dgram.c: fix unaligned access
char (alignment 1) casted to union sctp_notification (alignment > 1).
Fixes: #9538
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10336)
Kurt Roeckx [Wed, 23 Oct 2019 20:10:54 +0000 (22:10 +0200)]
RSA generation: Use more bits of 1/sqrt(2)
The old version always sets the top 2 bits, so the most significate byte
of the primes was always >= 0xC0. We now use 256 bits to represent
1/sqrt(2) = 0x0.
B504F333F9DE64845...
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #10246
Bernd Edlinger [Sun, 3 Nov 2019 16:34:23 +0000 (17:34 +0100)]
Fix a -Warray-bounds gcc warning in OPENSSL_DIR_read
'__builtin_strncpy' offset [275, 4095] from the object at
'direntry' is out of the bounds of referenced subobject 'd_name'
with type 'char[256]' at offset 19
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10343)
raniervf [Tue, 5 Nov 2019 01:32:43 +0000 (22:32 -0300)]
conf_def.c: Avoid calling strlen() in a loop
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10361)
Richard Levitte [Thu, 17 Oct 2019 16:40:47 +0000 (18:40 +0200)]
Cleanup include/openssl/opensslv.h.in
Now that we generate include/openssl/opensslv.h, there's no point
keeping some macross around, we can just set a simpler set to their
respective value and be done with it.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10218)
Rich Salz [Sat, 2 Nov 2019 17:02:37 +0000 (13:02 -0400)]
Add ssl_ctx_test to test suite.
Also fix the test as min version > max version is allowed because
the API calls to set min and max versions are separate and there
can be legitimately a temporary situation when the condition is
true even with correctly working application.
The failure in this condition will be detected only during
a handshake attempt.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10337)
Shane Lontis [Fri, 8 Nov 2019 02:14:44 +0000 (12:14 +1000)]
Add AES SIV ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10120)
Richard Levitte [Sat, 25 Feb 2017 22:38:46 +0000 (23:38 +0100)]
Refactor PEM_read_bio_{PrivateKey,Parameters,DHparams}
They now go through internal STORE routines to do their job.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2746)
Rich Salz [Thu, 7 Nov 2019 20:08:30 +0000 (06:08 +1000)]
Add "sections" to -help output
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help
Add output section
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
Richard Levitte [Thu, 17 Oct 2019 21:53:44 +0000 (23:53 +0200)]
Add a test for EVP_PKEY_keymake() and EVP_PKEY_make()
This test is a bit lame, but will either be completed as functionality
is added in the default provider, or the new functions may start
getting used in evp_test.c and this program will disappear.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)
Richard Levitte [Tue, 15 Oct 2019 12:50:35 +0000 (14:50 +0200)]
Add EVP functionality to create domain params and keys by user data
This is the EVP operation that corresponds to creating direct RSA, DH
and DSA keys and set their numbers, to then assign them to an EVP_PKEY,
but done entirely using an algorithm agnostic EVP interface.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)
Richard Levitte [Tue, 5 Nov 2019 16:48:33 +0000 (17:48 +0100)]
Update INSTALL to document the changed '--api' and 'no-deprecated'
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:38:24 +0000 (17:38 +0100)]
include/openssl/asn1.h: Remove version dependent inclusion of <openssl/bn.h>
It's unclear if this dependency was because ASN1 functions that use
BIGNUM didn't exist before 1.1.0, or if it was a mistaken attempt at
deprecation. Since there exist ASN1 functions using BIGNUM now, it
seems pointless to keep that check, and unnecessarily including
<openssl/bn.h> should be harmless either way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:37:17 +0000 (17:37 +0100)]
Update the check surround the BN_zero() implementation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:36:44 +0000 (17:36 +0100)]
Update some inclusions of <openssl/macros.h>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:35:12 +0000 (17:35 +0100)]
include/openssl/opensslconf.h.in: remove spurious HEADER_FILE_H definition
This macro was never defined in existing releases, there's no reason
for us to create a macro that we immediately deprecate.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:34:09 +0000 (17:34 +0100)]
Update source files for pre-3.0 deprecation
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:28:50 +0000 (17:28 +0100)]
Update source files for deprecation at 3.0
Previous macros suggested that from 3.0, we're only allowed to
deprecate things at a major version. However, there's no policy
stating this, but there is for removal, saying that to remove
something, it must have been deprecated for 5 years, and that removal
can only happen at a major version.
Meanwhile, the semantic versioning rule is that deprecation should
trigger a MINOR version update, which is reflected in the macro names
as of this change.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Richard Levitte [Tue, 5 Nov 2019 16:00:33 +0000 (17:00 +0100)]
Change the logic and behaviour surrounding '--api' and 'no-deprecated'
At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.
At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis. In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.
At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level. BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.
This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.
If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.
Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired. For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().
Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value. If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
Rich Salz [Fri, 1 Nov 2019 16:29:34 +0000 (12:29 -0400)]
Strip much out of ssl.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Rich Salz [Fri, 1 Nov 2019 16:27:29 +0000 (12:27 -0400)]
Add L<ssl(7)> to all SSL pages
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Rich Salz [Thu, 17 Oct 2019 20:06:15 +0000 (16:06 -0400)]
Remove outdated info from man7/ssl
There were two paragraphs of useful information about SSL_dup, so
copy that to the right manpage.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
Matt Caswell [Fri, 1 Nov 2019 16:09:21 +0000 (16:09 +0000)]
Test EVP_get_[digest|cipher]byname() use the namemap
Following on from the previous commit, we test that if an algorithm has
a provider supplied alias in the namemap then EVP_get_digestbyname() and
EVP_get_cipherbyname() can still find it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)
Matt Caswell [Fri, 1 Nov 2019 14:13:49 +0000 (14:13 +0000)]
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases
Now that we have an EVP namemap containing all aliases that providers
know about for any given algorithm, it is possible that an application
attempts to look up a digest or a cipher via EVP_get_digestbyname() or
EVP_get_cipherbyname() with an algorithm name that is unknown to the
legacy method database. Therefore we extend those functions to
additionally check the aliases in the namemap when searching for a
method in the event that our initial lookup attempt fails.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)
Richard Levitte [Mon, 4 Nov 2019 10:41:01 +0000 (11:41 +0100)]
test/recipes/02-test_ordinals.t: Take '?' and '?+' into account
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:36:54 +0000 (10:36 +0100)]
util/mknum.pl: output stats on unassigned symbols
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:34:10 +0000 (10:34 +0100)]
util/mknum.pl: Call OpenSSL::Ordinals::renumber() for real releases
When the source isn't in development any more (the version number
doesn't the tags 'dev' or 'alpha'), we renumber the unassigned symbols
to ensure that we have fixed numbers on all.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:33:10 +0000 (10:33 +0100)]
util/mkdef.pl: writer_VMS(): handle symbols with no assigned number
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:31:04 +0000 (10:31 +0100)]
OpenSSL::Ordinals: when validating, collect statistics on unassigned syms
If a script wants to display how many symbols have assigned numbers
and how many don't, this gives them those numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:29:53 +0000 (10:29 +0100)]
OpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols
This should be used when it's time to assign constant numbers to the
unassigned symbols.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:28:00 +0000 (10:28 +0100)]
OpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers
We preserve the number or '?' or '?+', but assign numbers internally
on the latter, to ensure we keep the order of the input.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 08:02:28 +0000 (09:02 +0100)]
util/*.num: deassign ordinal numbers from new symbols
Symbols that have appeared since 1.1.1 was released are considered
unassigned in the development branch. This is marked by having a
question mark as its ordinal number.
This introduces two new markers to be used instead of ordinal numbers:
? signifying it gets the previous symbol's number plus one
?+ signifying it gets the same number as the previous symbol
'?+' should remain rare, but is useful to create aliases when needed
(for example when two different symbols clash because they only differ
in character case, see include/openssl/symhacks.h)
The intention is that a development branch won't have set numbers for
new symbols, and that the final numbers will only get allocated when
making beta or final releases.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Wed, 30 Oct 2019 16:06:48 +0000 (17:06 +0100)]
Minimal adaptation of tests back to how it was before
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 15:59:34 +0000 (16:59 +0100)]
EVP: Make the SIGNATURE implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new
signature algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 17:03:07 +0000 (18:03 +0100)]
EVP: Make the KEYEXCH implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new key
exchange algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)
Patrick Steuer [Sat, 2 Nov 2019 23:32:04 +0000 (00:32 +0100)]
s390x assembly pack: process x25519 and x448 non-canonical values
...in constant time.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 23:01:20 +0000 (00:01 +0100)]
Add self-generated test vector for x448 non-canonical values
x25519 has such a test vector obtained from wycheproof but wycheproof
does not have a corresponding x448 test vector.
So add a self-generated test vector for that case.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 22:50:26 +0000 (23:50 +0100)]
s390x assembly pack: fix x448 handling of non-canonical values
The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sun, 3 Nov 2019 21:44:28 +0000 (22:44 +0100)]
s390x assembly pack: perlasm module update
- add instructions: clfi, stck, stckf, kdsa
- clfi and clgfi belong to extended-immediate (not long-displacement)
- some cleanup
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10346)
Matt Caswell [Wed, 30 Oct 2019 13:23:18 +0000 (13:23 +0000)]
Don't assume the type we read was the type we expected
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.
This issue was recently added by commit
4baee2d.
Credit to OSSFuzz for finding this issue.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Matt Caswell [Wed, 30 Oct 2019 13:20:33 +0000 (13:20 +0000)]
Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
stack and then returns a pointer to the stack, or NULL on failure. If
the passed in stack is itself NULL then it allocates one.
i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
returned from i2v_GENERAL_NAME. If a stack had already been allocated then
it just leaked it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Paul Yang [Mon, 4 Nov 2019 03:49:35 +0000 (11:49 +0800)]
Fix no-sm2 issue
Some code is not covered by the macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10319)
Richard Levitte [Mon, 2 Sep 2019 05:59:17 +0000 (07:59 +0200)]
Document added SSL functions related to X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:43:19 +0000 (23:43 +0100)]
X509_LOOKUP_store: Add CHANGES note
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:41:27 +0000 (23:41 +0100)]
Document X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 00:09:44 +0000 (01:09 +0100)]
Adapt two test programs that were using now deprecated functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:28:05 +0000 (15:28 +0100)]
Add a basic test of -CAstore
This code is mainly copied from test_ssl_old
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:27:15 +0000 (15:27 +0100)]
OSSL_STORE: add tracing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:26:34 +0000 (15:26 +0100)]
Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:34:19 +0000 (23:34 +0100)]
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI
This is a wrapper around OSSL_STORE.
This also adds necessary support functions:
- X509_STORE_load_file
- X509_STORE_load_path
- X509_STORE_load_store
- SSL_add_store_cert_subjects_to_stack
- SSL_CTX_set_default_verify_store
- SSL_CTX_load_verify_file
- SSL_CTX_load_verify_dir
- SSL_CTX_load_verify_store
and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations,
as they aren't extensible.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:32:07 +0000 (23:32 +0100)]
OSSL_STORE: constify the criterion parameter a bit more
For some reason, OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_find()
accepted a non-const OSSL_STORE_SEARCH criterion, which isn't at all
necessary.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 1 Nov 2019 15:56:31 +0000 (16:56 +0100)]
Change EVP_PKEY_CTX_new_provided() to take a library context too.
With provided algorithms, the library context is ever present, so of
course it should be specified alongside the algorithm name and
property query string.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Richard Levitte [Thu, 31 Oct 2019 10:43:31 +0000 (11:43 +0100)]
Make EVP_PKEY_CTX initialization more precise
There is a vagueness around how the provider data (algorithm name and
property query string) is initialized in the presence of an engine.
This change modifies this slightly so that the algorithm name for use
with providers is never set if the initilization was given an engine.
This makes it easier for other functions to simply check ctx->algorithm
to see if the context is meant to be used for strictly legacy stuff or
not.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Patrick Steuer [Sat, 2 Nov 2019 13:50:28 +0000 (14:50 +0100)]
Fix --strict-warnings build
The %zd format corresponds to ssize_t which is used for
function to either return a valid size or a negative value
to indicate an error. Since size_t is in [-1,SSIZE_MAX] it
is not a portable way to represent a pointer diff. For
the %td format which corresponds to ptrdiff_t is C11,
we chose to cast to long instead as it is already done
in other places.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10335)
Patrick Steuer [Fri, 1 Nov 2019 22:29:04 +0000 (23:29 +0100)]
s390x assembly pack: enable clang build
clang imposes some restrictions on the assembler code that
gcc does not.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10330)
Richard Levitte [Fri, 1 Nov 2019 21:58:27 +0000 (22:58 +0100)]
doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 21:18:38 +0000 (22:18 +0100)]
test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN()
Now, the returned size check matches the check made for all other
integer types.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 19:44:14 +0000 (20:44 +0100)]
Fix OSSL_PARAM_set_BN() to fill the given buffer correctly.
OSSL_PARAM_set_BN() filled the buffer from the left with as many bytes
as that the BIGNUM takes, regardless of buffer size or native
endianness. This was due to BN_bn2nativepad() being given the size of
the BIGNUM rather than the size of the buffer (which meant it never
had to pad anything).
The fix is to given BN_bn2nativepad() the size of the buffer instead.
This aligns well with the corresponding _set_ functions for native
integer types work.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Sat, 2 Nov 2019 10:18:31 +0000 (11:18 +0100)]
test/build.info: add missing inclusion for ssl_ctx_test
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10334)
Richard Levitte [Tue, 14 May 2019 00:15:14 +0000 (17:15 -0700)]
VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
This system services is based on FreeBSD 12's getentropy(), and is
therefore treated the same way as getentropy() with regards to amount
of entropy bits per data bit.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8926)
Christian Heimes [Sun, 21 Jan 2018 12:19:05 +0000 (13:19 +0100)]
Add test cases for min/max protocol API
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6553)
Richard Levitte [Tue, 29 Oct 2019 12:37:54 +0000 (13:37 +0100)]
Configure: Make --strict-warnings meaningful with MSVC cl
We also add this to our x86_64 builds on appveyor
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10287)
Richard Levitte [Tue, 13 Nov 2018 14:17:21 +0000 (15:17 +0100)]
BIO_s_connect: add an error state and use it
If no connection could be made, addr_iter will eventually end up being
NULL, and if the user didn't check the returned error value, the
BIO_CONN_S_CONNECT code will be performed again and will crash.
So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
when we run out of addresses to try. That state will just simply say
"error" back, until the user does something better with the BIO, such
as free it or reset it.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7630)
Pauli [Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)]
DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Pauli [Fri, 1 Nov 2019 02:47:06 +0000 (12:47 +1000)]
DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).
In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Patrick Steuer [Thu, 31 Oct 2019 20:41:30 +0000 (21:41 +0100)]
s390x: fix build errors
ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10317)
jayaram [Wed, 30 Oct 2019 07:26:18 +0000 (12:56 +0530)]
fix for Missing null check after OPENSSL_zalloc
Fixes #10283
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10296)
Patrick Steuer [Thu, 31 Oct 2019 13:17:31 +0000 (14:17 +0100)]
md4/md5: macros should not include the line following them
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10311)
Scott Wilson [Thu, 31 Oct 2019 11:37:51 +0000 (22:37 +1100)]
Fix potential memory leak in dh_ameth.c
Free dukm in error handling of dh_cms_encrypt()
Fixes #10294
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10310)
Rich Salz [Fri, 4 Oct 2019 21:09:19 +0000 (17:09 -0400)]
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit
a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
Richard Levitte [Tue, 29 Oct 2019 21:17:19 +0000 (22:17 +0100)]
evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)
Jakub Zelenka [Sun, 8 Sep 2019 16:38:35 +0000 (17:38 +0100)]
Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
Billy Brumley [Thu, 17 Oct 2019 20:30:18 +0000 (23:30 +0300)]
[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
Kelvin Lee [Sun, 27 Oct 2019 12:04:39 +0000 (23:04 +1100)]
Fix typo in cipher_chacha20_poly1305_hw.c.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10275)
Tanzinul Islam [Fri, 25 Oct 2019 16:47:25 +0000 (17:47 +0100)]
Fix find/rm command in Unix clean recipe
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).
>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)
Exclude directories from being matched by the `find` commands.
CLA: trivial
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
John Baldwin [Wed, 9 Oct 2019 18:33:00 +0000 (11:33 -0700)]
Don't generate a MAC when using KTLS.
The kernel will generate the MAC when transmitting the frame. Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts. Note that this path is not taken when
using stitched cipher suites.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 23:42:48 +0000 (16:42 -0700)]
Fix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.
This partially reverts
3119ab3c9e6d211c461a245f3744893e17b6c193. In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET. This caused all of the checks
to fail breaking KTLS.
The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.
This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 20:56:09 +0000 (13:56 -0700)]
Simplify NO_KTLS path in SSL_sendfile.
Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Wed, 31 Oct 2018 19:01:47 +0000 (15:01 -0400)]
Bypass multiblock and send individual records when using KTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Mon, 22 Oct 2018 15:02:19 +0000 (11:02 -0400)]
Add support for in-kernel TLS (KTLS) on FreeBSD.
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Richard Levitte [Thu, 24 Oct 2019 15:04:01 +0000 (17:04 +0200)]
crypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10257)
Pauli [Wed, 30 Oct 2019 01:00:19 +0000 (11:00 +1000)]
KDF: use string names not macros to align with other algorithms.
Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly. This brings the KDFs and PRFs into
line with the rest.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)
Dr. Matthias St. Pierre [Sun, 27 Oct 2019 23:55:29 +0000 (00:55 +0100)]
Add a GitHub issue template for documentation issues
This template automatically adds the [issue: documentation] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Dr. Matthias St. Pierre [Sat, 3 Aug 2019 11:30:47 +0000 (13:30 +0200)]
Add a GitHub issue template for questions
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.
This template automatically adds the [issue: question] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)