oweals/openssl.git
5 years agoImprove the Windows OneCore target support. (Add targets for building libraries for...
MouriNaruto [Sat, 11 May 2019 21:10:58 +0000 (05:10 +0800)]
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8917)

5 years agodoc/internal/man3/ossl_method_construct.pod: follow common conventions
Richard Levitte [Fri, 7 Jun 2019 10:30:01 +0000 (12:30 +0200)]
doc/internal/man3/ossl_method_construct.pod: follow common conventions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)

5 years agoEVP fetching: make operation_id part of the method identity
Richard Levitte [Fri, 7 Jun 2019 09:44:08 +0000 (11:44 +0200)]
EVP fetching: make operation_id part of the method identity

Because the operation identity wasn't integrated with the created
methods, the following code would give unexpected results:

    EVP_MD *md = EVP_MD_fetch(NULL, "MD5", NULL);
    EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "MD5", NULL);

    if (md != NULL)
        printf("MD5 is a digest\n");
    if (cipher != NULL)
        printf("MD5 is a cipher\n");

The message is that MD5 is both a digest and a cipher.

Partially fixes #9106

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)

5 years agoRevert the DEVRANDOM_WAIT feature
Dr. Matthias St. Pierre [Wed, 5 Jun 2019 09:09:46 +0000 (11:09 +0200)]
Revert the DEVRANDOM_WAIT feature

The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f037
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f037.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9084)

5 years agoAdd documentation for new functions taking an OPENSSL_CTX parameter
Matt Caswell [Wed, 29 May 2019 15:03:57 +0000 (16:03 +0100)]
Add documentation for new functions taking an OPENSSL_CTX parameter

Various functions have been added that take an OPENSSL_CTX parameter as
a result of moving the RAND code into the FIPS module. We document all of
those functions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoMove the rand_nonce_lock code into drbg_lib.c
Matt Caswell [Fri, 24 May 2019 15:36:44 +0000 (16:36 +0100)]
Move the rand_nonce_lock code into drbg_lib.c

It was previously rand_lib but it makes more sense in drbg_lib.c since
all the functions that use this lock are only ever called from drbg_lib.c

We add some FIPS_MODE defines in preparation for later moving this code
into the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoMake the rand_crng code OPENSSL_CTX aware
Matt Caswell [Thu, 23 May 2019 15:51:55 +0000 (16:51 +0100)]
Make the rand_crng code OPENSSL_CTX aware

This is in preparation for moving this code inside the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoConvert drbg_lib to use OPENSSL_CTX for its global data
Matt Caswell [Thu, 23 May 2019 13:35:31 +0000 (14:35 +0100)]
Convert drbg_lib to use OPENSSL_CTX for its global data

In preparation for moving the RAND code into the FIPS module we make
drbg_lib.c OPENSSL_CTX aware.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)

5 years agoReplace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print
Acheev Bhagat [Fri, 7 Jun 2019 00:05:49 +0000 (20:05 -0400)]
Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9101)

5 years agoFixed typo in code comment.
David Makepeace [Fri, 7 Jun 2019 00:45:51 +0000 (10:45 +1000)]
Fixed typo in code comment.
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9102)

5 years agoChange EVP_MAC method from copy to dup
Kurt Roeckx [Tue, 18 Dec 2018 23:36:40 +0000 (00:36 +0100)]
Change EVP_MAC method from copy to dup

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651

5 years agoReplace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Kurt Roeckx [Sun, 4 Nov 2018 18:16:20 +0000 (19:16 +0100)]
Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651

5 years agoFix typo in macro argument of SSL_set1_client_sigalgs_list()
Dr. Matthias St. Pierre [Thu, 6 Jun 2019 11:28:29 +0000 (13:28 +0200)]
Fix typo in macro argument of SSL_set1_client_sigalgs_list()

Fixes #9092

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9093)

5 years agoAddress property documentation concerns.
Pauli [Thu, 6 Jun 2019 06:38:26 +0000 (16:38 +1000)]
Address property documentation concerns.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9090)

5 years agorename the digest provider files to avoid any name clashes with other folders
Shane Lontis [Wed, 5 Jun 2019 06:01:18 +0000 (16:01 +1000)]
rename the digest provider files to avoid any name clashes with other folders

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9083)

5 years agoCoverity fixes
Shane Lontis [Tue, 4 Jun 2019 01:32:58 +0000 (11:32 +1000)]
Coverity fixes

covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)

5 years agoman: fix doc-nit in property.pod
Dr. Matthias St. Pierre [Wed, 5 Jun 2019 19:03:34 +0000 (21:03 +0200)]
man: fix doc-nit in property.pod

This causes travis build failures on master

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9087)

5 years agoDocument property hierarchy.
Pauli [Thu, 30 May 2019 01:37:12 +0000 (11:37 +1000)]
Document property hierarchy.

Add documentation to indicate the interaction between global (context level)
property queries and local (passed to fetch) ones.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9042)

5 years agoEVP_DigestInit_ex(): drop previous context engine earlier
Richard Levitte [Tue, 4 Jun 2019 14:15:46 +0000 (16:15 +0200)]
EVP_DigestInit_ex(): drop previous context engine earlier

If a EVP_MD_CTX holds a reference to a previously given engine, and
the type of its digest isn't the same as the one given in the new
call, drop that engine reference, allowing providers or other engines
to provide the new algorithm on an equal basis.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9077)

5 years agoDocument deprecation of version-specific SSL/TLS methods
Dr. Matthias St. Pierre [Fri, 24 May 2019 12:04:26 +0000 (14:04 +0200)]
Document deprecation of version-specific SSL/TLS methods

In commit 2b8fa1d56cd3 the version-specific SSL/TLS methods were
deprecated. This patch improves the documentation of that change
by stating the deprecation more prominently in the manual page
and explaining the reason for the deprecation.

Fixes #8989

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9001)

5 years agobuild_SYS_str_reasons: Fix a crash caused by overlong locales
Vitezslav Cizek [Tue, 4 Jun 2019 11:24:59 +0000 (13:24 +0200)]
build_SYS_str_reasons: Fix a crash caused by overlong locales

The 4 kB SPACE_SYS_STR_REASONS in crypto/err/err.c isn't enough for some locales.
The Russian locales consume 6856 bytes, Ukrainian even 7000.

build_SYS_str_reasons() contains an overflow check:

if (cnt > sizeof(strerror_pool))
    cnt = sizeof(strerror_pool);

But since commit 9f15e5b911ba6053e09578f190354568e01c07d7 it no longer
works as cnt is incremented once more after the condition.

cnt greater than sizeof(strerror_pool) results in an unbounded
OPENSSL_strlcpy() in openssl_strerror_r(), eventually causing a crash.

When the first received error string was empty or contained only
spaces, cur would move in front of the start of the strerror_pool.

Also don't call openssl_strerror_r when the pool is full.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8966)

5 years agoRemove last references to DEBUG_SAFESTACK
Dr. Matthias St. Pierre [Mon, 3 Jun 2019 14:03:42 +0000 (16:03 +0200)]
Remove last references to DEBUG_SAFESTACK

The DEBUG_SAFESTACK preprocessor define is obsolete since 2008
when the non-safestack code was removed by commit 985de8634000.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9070)

5 years agoMove digests to providers
Shane Lontis [Thu, 11 Apr 2019 10:27:59 +0000 (20:27 +1000)]
Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)

5 years agoAdd missing parentheses in macro
Mathias Berchtold [Thu, 30 May 2019 05:25:31 +0000 (07:25 +0200)]
Add missing parentheses in macro

Add missing parentheses in macro

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9044)

5 years agoReally fail if we have a test failure
Matt Caswell [Fri, 31 May 2019 13:34:13 +0000 (14:34 +0100)]
Really fail if we have a test failure

Commit c5f7a99645a broke the test framework such that some tests might
fail, but the test framework still gives a PASS result overall.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9056)

5 years agoEnsure we get all the right defines for AES assembler in FIPS module
Matt Caswell [Thu, 30 May 2019 13:40:57 +0000 (14:40 +0100)]
Ensure we get all the right defines for AES assembler in FIPS module

There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need to make sure that these
defines are also passed during compilation of the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

5 years agoMake basic AES ciphers available from within the FIPS providers
Matt Caswell [Tue, 28 May 2019 10:25:08 +0000 (11:25 +0100)]
Make basic AES ciphers available from within the FIPS providers

These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

5 years agoWrite a test for receiving a KeyUpdate (update requested) while writing
Matt Caswell [Wed, 17 Apr 2019 09:30:53 +0000 (10:30 +0100)]
Write a test for receiving a KeyUpdate (update requested) while writing

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

5 years agoDefer sending a KeyUpdate until after pending writes are complete
Matt Caswell [Wed, 17 Apr 2019 10:09:05 +0000 (11:09 +0100)]
Defer sending a KeyUpdate until after pending writes are complete

If we receive a KeyUpdate message (update requested) from the peer while
we are in the middle of a write, we should defer sending the responding
KeyUpdate message until after the current write is complete. We do this
by waiting to send the KeyUpdate until the next time we write and there is
no pending write data.

This does imply a subtle change in behaviour. Firstly the responding
KeyUpdate message won't be sent straight away as it is now. Secondly if
the peer sends multiple KeyUpdates without us doing any writing then we
will only send one response, as opposed to previously where we sent a
response for each KeyUpdate received.

Fixes #8677

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/8773)

5 years agoRemove file reference from property documentation.
Pauli [Sun, 2 Jun 2019 22:38:01 +0000 (08:38 +1000)]
Remove file reference from property documentation.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9066)

5 years agoAdd the content type attribute to additional CMS signerinfo.
Shane Lontis [Mon, 3 Jun 2019 05:19:48 +0000 (15:19 +1000)]
Add the content type attribute to additional CMS signerinfo.

Fixes #8923

Found using the openssl cms -resign option.
This uses an alternate path to do the signing which was not adding the required signed attribute
content type. The content type attribute should always exist since it is required is there are
any signed attributes.
As the signing time attribute is always added in code, the content type attribute is also required.
The CMS_si_check_attributes() method adds validity checks for signed and unsigned attributes
e.g. The message digest attribute is a signed attribute that must exist if any signed attributes
exist, it cannot be an unsigned attribute and there must only be one instance containing a single
value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8944)

5 years agoFix a typo in the property grammar that creates an ambiguous parse.
Pauli [Sun, 2 Jun 2019 22:06:15 +0000 (08:06 +1000)]
Fix a typo in the property grammar that creates an ambiguous parse.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9065)

5 years agoWindows: Add missing quotes in build file
Richard Levitte [Sat, 1 Jun 2019 05:07:48 +0000 (07:07 +0200)]
Windows: Add missing quotes in build file

All invokations of $(PERL) need to be quoted, in case it contains
spaces.  That was forgotten in one spot.

Fixes #9060

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9062)

5 years agoAdd sparse array of const pointer type
Pauli [Sat, 1 Jun 2019 07:55:33 +0000 (17:55 +1000)]
Add sparse array of const pointer type

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8840)

5 years agoFix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.
David Benjamin [Thu, 30 May 2019 21:01:10 +0000 (17:01 -0400)]
Fix various mistakes in ec_GFp_nistp_recode_scalar_bits comment.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9050)

5 years agoFix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux
Retropotenza [Fri, 31 May 2019 10:43:24 +0000 (12:43 +0200)]
Fix CHECK_BSD_STYLE_MACROS for OpenBSD and cryptodev-linux

CLA: trivial

Fixes #8911

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8866)

5 years agoUpdate X509_STORE_new.pod
Sambit Kumar Dash [Thu, 2 May 2019 18:23:04 +0000 (23:53 +0530)]
Update X509_STORE_new.pod

Minor typo.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8866)

5 years agoConstify OSSL_PROVIDER getter input parameters
Richard Levitte [Fri, 31 May 2019 08:53:12 +0000 (10:53 +0200)]
Constify OSSL_PROVIDER getter input parameters

Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter.
There's no reason to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9054)

5 years agoUpdate EVP_VerifyInit.pod
Sambit Kumar Dash [Thu, 30 May 2019 21:23:02 +0000 (02:53 +0530)]
Update EVP_VerifyInit.pod

Method name correction.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9052)

5 years agoissue-8998: Ensure that the alert is generated and reaches the remote
agnosticdev [Wed, 29 May 2019 15:27:26 +0000 (10:27 -0500)]
issue-8998: Ensure that the alert is generated and reaches the remote

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9041)

5 years agoCertificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Andreas Kretschmer [Tue, 2 Apr 2019 09:16:53 +0000 (11:16 +0200)]
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
    Adds extensive man pages and tests.  Integration into build scripts.

Incremental pull request based on OpenSSL commit 1362190b1b78 of 2018-09-26

3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8669)

5 years agoAdd man 7 page about properties.
Pauli [Thu, 30 May 2019 00:57:53 +0000 (10:57 +1000)]
Add man 7 page about properties.

Add a page about properties in the man7 section of the public documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9011)

5 years agoJoin the x509 and x509v3 directories
Richard Levitte [Mon, 13 May 2019 16:07:45 +0000 (09:07 -0700)]
Join the x509 and x509v3 directories

This has been long overdue.

Note that this does not join the X509 and X509V3 error modules, that
will be too many macro changes at this stage.

Fixes #8919

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8925)

5 years agoFuzz: add a few more types into Fuzzing for ESS
FdaSilvaYY [Wed, 30 Jan 2019 20:16:38 +0000 (21:16 +0100)]
Fuzz: add a few more types into Fuzzing for ESS

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)

5 years agoCAdES: Fix SignerInfo attribute construction order.
FdaSilvaYY [Tue, 29 Jan 2019 22:54:30 +0000 (23:54 +0100)]
CAdES: Fix SignerInfo attribute construction order.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8117)

5 years agocrypto/conf: openssl_config_int() returns unitialized value
Dr. Matthias St. Pierre [Tue, 28 May 2019 12:29:59 +0000 (14:29 +0200)]
crypto/conf: openssl_config_int() returns unitialized value

openssl_config_int() returns the uninitialized variable `ret`
when compiled with OPENSSL_SYS_UEFI.

Fixes #9026

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9029)

5 years agoTypo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR
Iuri Rezende Souza [Tue, 28 May 2019 04:02:34 +0000 (00:02 -0400)]
Typo BIO_SOCK_REUSADDR => BIO_SOCK_REUSEADDR

CLA: trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9021)

5 years agoTest of uniformity of BN_rand_range output.
Pauli [Tue, 28 May 2019 23:54:29 +0000 (09:54 +1000)]
Test of uniformity of BN_rand_range output.

Rework the test so that it fails far less often.

A number of independent tests are executed and 5% are expected to fail.
The number of such failures follows a binomial distribution which permits
a statistical test a 0.01% expected failure rate.

There is a command line option to enable the stochastic range checking.
It is off by default.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8830)

5 years agofix timeout in 30-test_evp_pkey_dparam
Shane Lontis [Tue, 28 May 2019 23:50:19 +0000 (09:50 +1000)]
fix timeout in 30-test_evp_pkey_dparam

enabling the 'enable-crypto-mdebug' option and running parameter generation
causes timeouts.
Loading pregenerated params is more suited for these tests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9022)

5 years agoConfigurations/unix-Makefile.tmpl: not -v for rm
Richard Levitte [Mon, 27 May 2019 12:20:20 +0000 (14:20 +0200)]
Configurations/unix-Makefile.tmpl: not -v for rm

Not all Unixen know the -v option

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

5 years agoConfigure: link AIX modules correctly
Richard Levitte [Mon, 27 May 2019 12:16:47 +0000 (14:16 +0200)]
Configure: link AIX modules correctly

Use -bnoentry, not -bexpall

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

5 years agoThe SHA256 is not a mandatory digest for DSA.
Tomas Mraz [Mon, 27 May 2019 14:52:03 +0000 (16:52 +0200)]
The SHA256 is not a mandatory digest for DSA.

The #7408 implemented mandatory digest checking in TLS.
However this broke compatibility of DSS support with GnuTLS
which supports only SHA1 with DSS.

There is no reason why SHA256 would be a mandatory digest
for DSA as other digests in SHA family can be used as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9015)

5 years agoConfigure: Remove extra warning and sanitizer options from CXXFLAGS
Richard Levitte [Mon, 27 May 2019 12:40:25 +0000 (14:40 +0200)]
Configure: Remove extra warning and sanitizer options from CXXFLAGS

We add the extra warning and sanitizer options to check our code,
which is entirely in C.  We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)

5 years agoAdd d2i_KeyParams/i2d_KeyParams API's.
Shane Lontis [Mon, 27 May 2019 11:52:37 +0000 (21:52 +1000)]
Add d2i_KeyParams/i2d_KeyParams API's.

Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)

5 years agoChanged ssl layer to use EVP_KDF API for TLS1_PRF and HKDF.
David Makepeace [Sun, 26 May 2019 23:29:43 +0000 (09:29 +1000)]
Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9010)

5 years agodoc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
Richard Levitte [Mon, 15 Apr 2019 15:30:11 +0000 (17:30 +0200)]
doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements

The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing.  Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.

Fixes #8707

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)

5 years agoAdded Conforming To section to EVP_KDF_TLS1_PRF documentation.
David Makepeace [Sun, 26 May 2019 22:21:50 +0000 (08:21 +1000)]
Added Conforming To section to EVP_KDF_TLS1_PRF documentation.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9008)

5 years agoOCSP: fix memory leak in OCSP_url_svcloc_new method.
FdaSilvaYY [Sun, 19 May 2019 22:33:58 +0000 (00:33 +0200)]
OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.

Fixes #8949

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)

5 years agoFix input checks wrt legacy code
Simo Sorce [Fri, 24 May 2019 21:35:04 +0000 (17:35 -0400)]
Fix input checks wrt legacy code

In all legacy code ctx->cipher is dereferenced without checks, so it
makes no sense to jump there is ctx->cipher is NULL as it will just lead
to a crash. Catch it separately and return an error.

This is simlar to the fix in d2c2e49eab69c7446c1c2c7227f63f8618ca99a5

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9002)

5 years agocrypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it
Laszlo Ersek [Thu, 9 May 2019 19:29:48 +0000 (21:29 +0200)]
crypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it

CLA: trivial

Fixes #8904

Commit 48feaceb53fa ("Remove the possibility to disable the UI module
entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c"
unconditional, by deleting the preprocessing directive "#ifndef
OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2
(OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ.

Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from
commit 984d6c605216, "Fix no-stdio build", 2015-09-29).

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8922)

5 years agoUse fixed length for formatting standard cipher names
Daniël van Eeden [Fri, 24 May 2019 12:06:38 +0000 (14:06 +0200)]
Use fixed length for formatting standard cipher names

Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384                        - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256                  - TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256                        - TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

Example without patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```

CLA: Trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)

5 years agoUpdate format string for ciphers to account for newer ciphers
Daniël van Eeden [Fri, 24 May 2019 10:52:33 +0000 (12:52 +0200)]
Update format string for ciphers to account for newer ciphers

* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256)
* Fixed length for TLS version (examples: TLSv1, TLSv1.3)
* Au length from 4 to 5 (example: ECDSA)

Example (without patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
```

Example (with patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA         TLSv1   Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
```

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)

5 years agoissue-8973: Added const to parameters for values that were not altered
agnosticdev [Fri, 24 May 2019 01:33:19 +0000 (20:33 -0500)]
issue-8973: Added const to parameters for values that were not altered

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8995)

5 years agoDoc update: minor typo in CMS_verify.pod
Sambit Kumar Dash [Fri, 24 May 2019 02:26:22 +0000 (12:26 +1000)]
Doc update: minor typo in CMS_verify.pod
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8952)

5 years agoCleaned up tls1_prf and added comments.
David Makepeace [Thu, 23 May 2019 04:36:24 +0000 (14:36 +1000)]
Cleaned up tls1_prf and added comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8987)

5 years agoAdded algorithm description comments to HKDF.
David Makepeace [Thu, 23 May 2019 07:29:36 +0000 (17:29 +1000)]
Added algorithm description comments to HKDF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8994)

5 years agoFix a crash in the speed command with wrap ciphers
Bernd Edlinger [Sat, 13 Apr 2019 08:01:09 +0000 (10:01 +0200)]
Fix a crash in the speed command with wrap ciphers

e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)

5 years agoAdd more commentary about recursive Provider intialisation in the FIPS module
Matt Caswell [Tue, 21 May 2019 15:25:24 +0000 (16:25 +0100)]
Add more commentary about recursive Provider intialisation in the FIPS module

In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMove where include path for providers/common/include gets specified
Matt Caswell [Fri, 19 Apr 2019 09:31:18 +0000 (10:31 +0100)]
Move where include path for providers/common/include gets specified

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMake some EVP code available from within the FIPS module
Matt Caswell [Mon, 13 May 2019 05:41:06 +0000 (06:41 +0100)]
Make some EVP code available from within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoMake core code available within the FIPS module
Matt Caswell [Wed, 10 Apr 2019 14:01:40 +0000 (15:01 +0100)]
Make core code available within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

5 years agoAdd the NIST CAVS test vectors for CCM
Matt Caswell [Wed, 22 May 2019 18:36:25 +0000 (19:36 +0100)]
Add the NIST CAVS test vectors for CCM

This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)

5 years agoAvoid trailing space in "openssl version -o".
Pauli [Tue, 21 May 2019 01:30:16 +0000 (11:30 +1000)]
Avoid trailing space in "openssl version -o".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)

5 years agoAlways show application and library versions in "openssl version".
Pauli [Tue, 21 May 2019 01:28:19 +0000 (11:28 +1000)]
Always show application and library versions in "openssl version".

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)

5 years agoFix GOST OID
voev [Wed, 22 May 2019 12:46:18 +0000 (15:46 +0300)]
Fix GOST OID

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8979)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for DSA
Patrick Steuer [Tue, 21 May 2019 16:50:39 +0000 (18:50 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for DSA

Fixes #7323

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

5 years agoEVP_Digest*: enable SHA3 pre-hashing for ECDSA
Patrick Steuer [Tue, 21 May 2019 15:43:54 +0000 (17:43 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for ECDSA

Fixes #8957

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)

5 years agos390x assembly pack: allow specifying the tag after aad in aes-ccm
Patrick Steuer [Tue, 21 May 2019 17:10:28 +0000 (19:10 +0200)]
s390x assembly pack: allow specifying the tag after aad in aes-ccm

67c81ec311 forgot about s390x

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)

5 years agoOptional property query support.
Pauli [Thu, 16 May 2019 04:50:18 +0000 (14:50 +1000)]
Optional property query support.

Add the possibility of a property query clause to be optional by preceding
it with a question mark.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)

5 years agoChange default RSA, DSA and DH size to 2048 bit
Kurt Roeckx [Sat, 13 Apr 2019 10:32:48 +0000 (12:32 +0200)]
Change default RSA, DSA and DH size to 2048 bit

Fixes: #8737

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8741

5 years agoRevert "EVP_*Update: ensure that input NULL with length 0 isn't passed"
Matt Caswell [Tue, 21 May 2019 08:31:32 +0000 (09:31 +0100)]
Revert "EVP_*Update: ensure that input NULL with length 0 isn't passed"

This reverts commit dcb982d792d6064ed3493e79749208d8c257ff04.

This change is causing extended tests to fail.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8964)

5 years agoConfigure: for '-z defs', also check $config{cflags}
Richard Levitte [Tue, 21 May 2019 11:43:41 +0000 (13:43 +0200)]
Configure: for '-z defs', also check $config{cflags}

When sanitize options are added as 'enable-msan' or similar, the
-fsanitize C flags is set in $config{cflags} rather than
$config{CFLAGS}, so we need to check both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8965)

5 years agoChange SSL parameter SSL_session_reused const
Arne Schwabe [Fri, 17 May 2019 10:35:33 +0000 (12:35 +0200)]
Change SSL parameter SSL_session_reused const

This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.

Fixes #8934

CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)

5 years agoParams conversion tests.
Pauli [Mon, 20 May 2019 21:42:26 +0000 (07:42 +1000)]
Params conversion tests.

Add ranged checked OSSL_PARAM conversions between the native types.  A
conversion is legal only if the given value can be exactly represented
by the target type.

Includes a test case that reads a stanza test case file and verified that param
conversions are processed properly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8733)

5 years agoClear CRMF vs CMP confusion
Richard Levitte [Wed, 8 May 2019 03:28:47 +0000 (05:28 +0200)]
Clear CRMF vs CMP confusion

In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP
rather than OPENSSL_NO_CRMF...

In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we
need 'no-crmf' to depend on 'no-cmp'.  We do this by making 'crmf' a
silent "option" that get affected by 'cmp' by way of %disable_cascades.
This allows options to be "aliases" for a set of other ones, silent or
not.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8897)

5 years agoRevert "ppc assembly pack: always increment CTR IV as quadword"
Pauli [Sun, 19 May 2019 21:58:26 +0000 (07:58 +1000)]
Revert "ppc assembly pack: always increment CTR IV as quadword"

The 32 bit counter behaviour is necessary and was intentional.

This reverts commit e9f148c9356b18995298f37bafbf1836a3fce078.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8958)

5 years agoConfigure: let platform->dsoext() default with platform->shlibextsimple()
Richard Levitte [Sat, 18 May 2019 23:24:21 +0000 (16:24 -0700)]
Configure: let platform->dsoext() default with platform->shlibextsimple()

We still use '.so' as a last resort...

Fixes #8950

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8951)

5 years agoppc assembly pack: always increment CTR IV as quadword
Daniel Axtens [Fri, 17 May 2019 00:59:40 +0000 (10:59 +1000)]
ppc assembly pack: always increment CTR IV as quadword

The kernel self-tests picked up an issue with CTR mode. The issue was
detected with a test vector with an IV of
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD: after 3 increments it should wrap
around to 0.

There are two paths that increment IVs: the bulk (8 at a time) path,
and the individual path which is used when there are fewer than 8 AES
blocks to process.

In the bulk path, the IV is incremented with vadduqm: "Vector Add
Unsigned Quadword Modulo", which does 128-bit addition.

In the individual path, however, the IV is incremented with vadduwm:
"Vector Add Unsigned Word Modulo", which instead does 4 32-bit
additions. Thus the IV would instead become
FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result.

Use vadduqm.

This was probably a typo originally, what with q and w being
adjacent.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8942)

5 years agoFix typo in NOTES.PERL
Valentin Robert [Thu, 9 May 2019 19:12:31 +0000 (12:12 -0700)]
Fix typo in NOTES.PERL

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8905)

5 years agoAdded X963KDF API
Shane Lontis [Thu, 16 May 2019 01:43:41 +0000 (11:43 +1000)]
Added X963KDF API

X963 KDF is used for CMS ec keyagree Recipient Info.
The X963 KDF that is used by CMS EC Key Agreement has been moved
into a EVP_KDF object. This KDF is almost identical to the the SSKDF
hash variant, so it has been implemented inside the SSKDF code with
its own method table.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8902)

5 years agoEVP_FETCH: remove the need to transport the legacy NID through construction
Richard Levitte [Wed, 8 May 2019 12:00:31 +0000 (14:00 +0200)]
EVP_FETCH: remove the need to transport the legacy NID through construction

Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported around unnecessarily.
This is removed, and the legacy NID is simply set by EVP_{API}_fetch()
after the construction process is done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

5 years agoutil/find-doc-nits: Fine tune detection of POD markup in NAME section
Richard Levitte [Sun, 5 May 2019 09:30:38 +0000 (11:30 +0200)]
util/find-doc-nits: Fine tune detection of POD markup in NAME section

POD markup is only forbidden in the actual names, while permitted in
the description.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

5 years agoEVP_FETCH: deal with names without pre-defined NIDs
Richard Levitte [Sun, 5 May 2019 06:42:21 +0000 (08:42 +0200)]
EVP_FETCH: deal with names without pre-defined NIDs

We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted in an
inaccessible method.  By consequence, we need to refactor the method
construction callbacks to rely more on algorithm names.

We must, however, still store the legacy NID with the method, for the
sake of other code that depend on it (for example, CMS).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

5 years agoMake the generic EVP fetching mechanism use the namenum map
Richard Levitte [Sat, 4 May 2019 10:56:32 +0000 (12:56 +0200)]
Make the generic EVP fetching mechanism use the namenum map

This avoids using the ASN1_OBJECT database, which is bloated for the
purpose of a simple number <-> name database.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

5 years agoCreate internal number<->name mapping API
Richard Levitte [Sat, 4 May 2019 10:55:32 +0000 (12:55 +0200)]
Create internal number<->name mapping API

This can be used as a general name to identity map.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

5 years agoIgnore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]
Dr. Matthias St. Pierre [Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)]
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]

Small correction to RAND_DRBG(7) (amends 3a50a8a91ad1)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8909)

5 years agoIgnore entropy from RAND_add()/RAND_seed() in FIPS mode
Dr. Matthias St. Pierre [Wed, 10 Apr 2019 22:06:37 +0000 (00:06 +0200)]
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode

The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.

But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.

The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)

5 years agoTest skip option.
Pauli [Sun, 14 Apr 2019 23:53:53 +0000 (09:53 +1000)]
Test skip option.

Provide C test cases with the option to skip tests and subtests.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)

5 years agoSkip the no derivation functions when in FIPS mode because they are not
Pauli [Wed, 10 Apr 2019 22:55:50 +0000 (08:55 +1000)]
Skip the no derivation functions when in FIPS mode because they are not
applicable.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)

5 years agoFixed 32bit issue for kdf_opts
Shane Lontis [Thu, 9 May 2019 02:33:46 +0000 (12:33 +1000)]
Fixed 32bit issue for kdf_opts

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8901)