Shane Lontis [Mon, 27 May 2019 11:52:37 +0000 (21:52 +1000)]
Add d2i_KeyParams/i2d_KeyParams API's.
Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)
David Makepeace [Sun, 26 May 2019 23:29:43 +0000 (09:29 +1000)]
Changed ssl layer to use EVP_KDF API for TLS1_PRF and HKDF.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9010)
Richard Levitte [Mon, 15 Apr 2019 15:30:11 +0000 (17:30 +0200)]
doc/man3/X509_LOOKUP_meth_new.pod: clarify the requirements
The documentation of what a X509_LOOKUP implementation must do was
unclear and confusing. Most of all, clarification was needed that it
must store away the found objects in the X509_STORE.
Fixes #8707
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8755)
David Makepeace [Sun, 26 May 2019 22:21:50 +0000 (08:21 +1000)]
Added Conforming To section to EVP_KDF_TLS1_PRF documentation.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9008)
FdaSilvaYY [Sun, 19 May 2019 22:33:58 +0000 (00:33 +0200)]
OCSP: fix memory leak in OCSP_url_svcloc_new method.
Add a few coverage test case.
Fixes #8949
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8959)
Simo Sorce [Fri, 24 May 2019 21:35:04 +0000 (17:35 -0400)]
Fix input checks wrt legacy code
In all legacy code ctx->cipher is dereferenced without checks, so it
makes no sense to jump there is ctx->cipher is NULL as it will just lead
to a crash. Catch it separately and return an error.
This is simlar to the fix in
d2c2e49eab69c7446c1c2c7227f63f8618ca99a5
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9002)
Laszlo Ersek [Thu, 9 May 2019 19:29:48 +0000 (21:29 +0200)]
crypto/evp/evp_key.c: #define BUFSIZ if <stdio.h> doesn't #define it
CLA: trivial
Fixes #8904
Commit
48feaceb53fa ("Remove the possibility to disable the UI module
entirely", 2017-07-03) made the BUFSIZ references in "evp_key.c"
unconditional, by deleting the preprocessing directive "#ifndef
OPENSSL_NO_UI". This breaks the build when compiling OpenSSL for edk2
(OPENSSL_SYS_UEFI), because edk2's <stdio.h> doesn't #define BUFSIZ.
Provide a fallback definition, like we do in "crypto/ui/ui_util.c" (from
commit
984d6c605216, "Fix no-stdio build", 2015-09-29).
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8922)
Daniël van Eeden [Fri, 24 May 2019 12:06:38 +0000 (14:06 +0200)]
Use fixed length for formatting standard cipher names
Example with patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```
Example without patch:
```
$ openssl ciphers -stdname 'TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
```
CLA: Trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)
Daniël van Eeden [Fri, 24 May 2019 10:52:33 +0000 (12:52 +0200)]
Update format string for ciphers to account for newer ciphers
* Cipher name: from 23 to 30 (example: ECDHE-ECDSA-AES128-GCM-SHA256)
* Fixed length for TLS version (examples: TLSv1, TLSv1.3)
* Au length from 4 to 5 (example: ECDSA)
Example (without patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
```
Example (with patch):
```
$ openssl ciphers -v 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
```
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8999)
agnosticdev [Fri, 24 May 2019 01:33:19 +0000 (20:33 -0500)]
issue-8973: Added const to parameters for values that were not altered
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8995)
Sambit Kumar Dash [Fri, 24 May 2019 02:26:22 +0000 (12:26 +1000)]
Doc update: minor typo in CMS_verify.pod
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8952)
David Makepeace [Thu, 23 May 2019 04:36:24 +0000 (14:36 +1000)]
Cleaned up tls1_prf and added comments.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8987)
David Makepeace [Thu, 23 May 2019 07:29:36 +0000 (17:29 +1000)]
Added algorithm description comments to HKDF.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8994)
Bernd Edlinger [Sat, 13 Apr 2019 08:01:09 +0000 (10:01 +0200)]
Fix a crash in the speed command with wrap ciphers
e.g. openssl speed -evp id-aes256-wrap-pad
was crashing because the return code from EVP_CipherInit_ex
was ignored.
Not going to allow that cipher mode because wrap ciphers
produces more bytes output than the input length
and EVP_Update_loop is not really prepared for that.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8739)
Matt Caswell [Tue, 21 May 2019 15:25:24 +0000 (16:25 +0100)]
Add more commentary about recursive Provider intialisation in the FIPS module
In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
Matt Caswell [Fri, 19 Apr 2019 09:31:18 +0000 (10:31 +0100)]
Move where include path for providers/common/include gets specified
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
Matt Caswell [Mon, 13 May 2019 05:41:06 +0000 (06:41 +0100)]
Make some EVP code available from within the FIPS module
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
Matt Caswell [Wed, 10 Apr 2019 14:01:40 +0000 (15:01 +0100)]
Make core code available within the FIPS module
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
Matt Caswell [Wed, 22 May 2019 18:36:25 +0000 (19:36 +0100)]
Add the NIST CAVS test vectors for CCM
This imports all of the NIST CAVS test vectors for CCM (SP800-38C) and
coverts them for use within evp_test. This commit also adds a script to
convert the .rsp CAVS files into the evp_test format.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8981)
Pauli [Tue, 21 May 2019 01:30:16 +0000 (11:30 +1000)]
Avoid trailing space in "openssl version -o".
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)
Pauli [Tue, 21 May 2019 01:28:19 +0000 (11:28 +1000)]
Always show application and library versions in "openssl version".
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8963)
voev [Wed, 22 May 2019 12:46:18 +0000 (15:46 +0300)]
Fix GOST OID
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8979)
Patrick Steuer [Tue, 21 May 2019 16:50:39 +0000 (18:50 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for DSA
Fixes #7323
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)
Patrick Steuer [Tue, 21 May 2019 15:43:54 +0000 (17:43 +0200)]
EVP_Digest*: enable SHA3 pre-hashing for ECDSA
Fixes #8957
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8970)
Patrick Steuer [Tue, 21 May 2019 17:10:28 +0000 (19:10 +0200)]
s390x assembly pack: allow specifying the tag after aad in aes-ccm
67c81ec311 forgot about s390x
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8971)
Pauli [Thu, 16 May 2019 04:50:18 +0000 (14:50 +1000)]
Optional property query support.
Add the possibility of a property query clause to be optional by preceding
it with a question mark.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)
Kurt Roeckx [Sat, 13 Apr 2019 10:32:48 +0000 (12:32 +0200)]
Change default RSA, DSA and DH size to 2048 bit
Fixes: #8737
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8741
Matt Caswell [Tue, 21 May 2019 08:31:32 +0000 (09:31 +0100)]
Revert "EVP_*Update: ensure that input NULL with length 0 isn't passed"
This reverts commit
dcb982d792d6064ed3493e79749208d8c257ff04.
This change is causing extended tests to fail.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8964)
Richard Levitte [Tue, 21 May 2019 11:43:41 +0000 (13:43 +0200)]
Configure: for '-z defs', also check $config{cflags}
When sanitize options are added as 'enable-msan' or similar, the
-fsanitize C flags is set in $config{cflags} rather than
$config{CFLAGS}, so we need to check both.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8965)
Arne Schwabe [Fri, 17 May 2019 10:35:33 +0000 (12:35 +0200)]
Change SSL parameter SSL_session_reused const
This function only returns a status and does not modify the parameter.
Since similar function are already taking const parameters, also
change this function to have a const parameter.
Fixes #8934
CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8945)
Pauli [Mon, 20 May 2019 21:42:26 +0000 (07:42 +1000)]
Params conversion tests.
Add ranged checked OSSL_PARAM conversions between the native types. A
conversion is legal only if the given value can be exactly represented
by the target type.
Includes a test case that reads a stanza test case file and verified that param
conversions are processed properly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8733)
Richard Levitte [Wed, 8 May 2019 03:28:47 +0000 (05:28 +0200)]
Clear CRMF vs CMP confusion
In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP
rather than OPENSSL_NO_CRMF...
In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we
need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a
silent "option" that get affected by 'cmp' by way of %disable_cascades.
This allows options to be "aliases" for a set of other ones, silent or
not.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8897)
Pauli [Sun, 19 May 2019 21:58:26 +0000 (07:58 +1000)]
Revert "ppc assembly pack: always increment CTR IV as quadword"
The 32 bit counter behaviour is necessary and was intentional.
This reverts commit
e9f148c9356b18995298f37bafbf1836a3fce078.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8958)
Richard Levitte [Sat, 18 May 2019 23:24:21 +0000 (16:24 -0700)]
Configure: let platform->dsoext() default with platform->shlibextsimple()
We still use '.so' as a last resort...
Fixes #8950
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8951)
Daniel Axtens [Fri, 17 May 2019 00:59:40 +0000 (10:59 +1000)]
ppc assembly pack: always increment CTR IV as quadword
The kernel self-tests picked up an issue with CTR mode. The issue was
detected with a test vector with an IV of
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD: after 3 increments it should wrap
around to 0.
There are two paths that increment IVs: the bulk (8 at a time) path,
and the individual path which is used when there are fewer than 8 AES
blocks to process.
In the bulk path, the IV is incremented with vadduqm: "Vector Add
Unsigned Quadword Modulo", which does 128-bit addition.
In the individual path, however, the IV is incremented with vadduwm:
"Vector Add Unsigned Word Modulo", which instead does 4 32-bit
additions. Thus the IV would instead become
FFFFFFFFFFFFFFFFFFFFFFFF00000000, throwing off the result.
Use vadduqm.
This was probably a typo originally, what with q and w being
adjacent.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8942)
Valentin Robert [Thu, 9 May 2019 19:12:31 +0000 (12:12 -0700)]
Fix typo in NOTES.PERL
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8905)
Shane Lontis [Thu, 16 May 2019 01:43:41 +0000 (11:43 +1000)]
Added X963KDF API
X963 KDF is used for CMS ec keyagree Recipient Info.
The X963 KDF that is used by CMS EC Key Agreement has been moved
into a EVP_KDF object. This KDF is almost identical to the the SSKDF
hash variant, so it has been implemented inside the SSKDF code with
its own method table.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8902)
Richard Levitte [Wed, 8 May 2019 12:00:31 +0000 (14:00 +0200)]
EVP_FETCH: remove the need to transport the legacy NID through construction
Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported around unnecessarily.
This is removed, and the legacy NID is simply set by EVP_{API}_fetch()
after the construction process is done.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
Richard Levitte [Sun, 5 May 2019 09:30:38 +0000 (11:30 +0200)]
util/find-doc-nits: Fine tune detection of POD markup in NAME section
POD markup is only forbidden in the actual names, while permitted in
the description.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
Richard Levitte [Sun, 5 May 2019 06:42:21 +0000 (08:42 +0200)]
EVP_FETCH: deal with names without pre-defined NIDs
We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted in an
inaccessible method. By consequence, we need to refactor the method
construction callbacks to rely more on algorithm names.
We must, however, still store the legacy NID with the method, for the
sake of other code that depend on it (for example, CMS).
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
Richard Levitte [Sat, 4 May 2019 10:56:32 +0000 (12:56 +0200)]
Make the generic EVP fetching mechanism use the namenum map
This avoids using the ASN1_OBJECT database, which is bloated for the
purpose of a simple number <-> name database.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
Richard Levitte [Sat, 4 May 2019 10:55:32 +0000 (12:55 +0200)]
Create internal number<->name mapping API
This can be used as a general name to identity map.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
Dr. Matthias St. Pierre [Sun, 12 May 2019 07:01:55 +0000 (17:01 +1000)]
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode [fixup]
Small correction to RAND_DRBG(7) (amends
3a50a8a91ad1)
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8909)
Dr. Matthias St. Pierre [Wed, 10 Apr 2019 22:06:37 +0000 (00:06 +0200)]
Ignore entropy from RAND_add()/RAND_seed() in FIPS mode
The functions RAND_add() and RAND_seed() provide a legacy API which
enables the application to seed the CSPRNG.
But NIST SP-800-90A clearly mandates that entropy *shall not* be provided
by the consuming application, neither for instantiation, nor for reseeding.
The provided random data will be mixed into the DRBG state as additional
data only, and no entropy will accounted for it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8722)
Pauli [Sun, 14 Apr 2019 23:53:53 +0000 (09:53 +1000)]
Test skip option.
Provide C test cases with the option to skip tests and subtests.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
Pauli [Wed, 10 Apr 2019 22:55:50 +0000 (08:55 +1000)]
Skip the no derivation functions when in FIPS mode because they are not
applicable.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8695)
Shane Lontis [Thu, 9 May 2019 02:33:46 +0000 (12:33 +1000)]
Fixed 32bit issue for kdf_opts
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8901)
Richard Levitte [Tue, 7 May 2019 08:48:30 +0000 (10:48 +0200)]
Don't use '-z defs' if sanitizers are used
There are quite a number of sanitizers for clang that aren't
documented in the clang user documentation. This makes it impossible
to be selective about what sanitizers to look at to determine if
'-z defs' should be used of not.
Under these circumstances, the sane thing to do is to just look for
any sanitizer specification and not use '-z defs' if there's one
present.
Fixes #8735
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8892)
Rashmica Gupta [Tue, 7 May 2019 02:42:59 +0000 (12:42 +1000)]
crypto/ppccap.c: Fix which hwcap value used to check for HWCAP_ARCH_3_00
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8889)
Lorinczy Zsigmond [Wed, 8 May 2019 23:16:19 +0000 (09:16 +1000)]
Squashed commit of the following:
Add new option '-http_server_binmode' which allows the server to open and send
binary files as well as text.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8811)
Richard Levitte [Wed, 8 May 2019 08:40:20 +0000 (10:40 +0200)]
ossl_bsearch(): New generic internal binary search utility function
OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't
really belong with the OBJ API, but should rather be generic utility
functions. The ending underscore indicates that they are considered
internal, even though they are declared publicly.
Since crypto/stack/stack.c uses OBJ_bsearch_ex_, the stack API ends up
depending on the OBJ API, which is unnecessary, and carries along
other dependencies.
Therefor, a generic internal function is created, ossl_bsearch().
This removes the unecessary dependencies.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8899)
Tobias Nießen [Fri, 14 Sep 2018 19:49:34 +0000 (21:49 +0200)]
Allow specifying the tag after AAD in CCM mode
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.
GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.
This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
Guido Vranken [Fri, 3 May 2019 13:44:38 +0000 (15:44 +0200)]
EVP_EncryptUpdate, EVP_EncryptFinal_ex: don't branch on uninitialized memory
If ctx->cipher->cupdate/ctx->cipher->cfinal failed, 'soutl' is left
uninitialized.
This patch incorporates the same logic as present in EVP_DecryptUpdate and
EVP_DecryptFinal_ex: only branch on 'soutl' if the preceding call succeeded.
Bug found by OSS-Fuzz.
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8874)
Pauli [Tue, 7 May 2019 01:10:33 +0000 (11:10 +1000)]
Coverity CID
1444950: Control flow issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 01:07:41 +0000 (11:07 +1000)]
Coverity CID
1444951: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 01:06:33 +0000 (11:06 +1000)]
Coverity CID
1444952: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 01:04:37 +0000 (11:04 +1000)]
Coverity CID
1444953: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:59:14 +0000 (10:59 +1000)]
Coverity CID
1444954: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:57:34 +0000 (10:57 +1000)]
Coverity CID
1444955: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:55:39 +0000 (10:55 +1000)]
Coverity CID
1444956: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:52:52 +0000 (10:52 +1000)]
Coverity CID
1444957: Error handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:48:42 +0000 (10:48 +1000)]
Coverity CID
1444958: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:45:57 +0000 (10:45 +1000)]
Coverity CID
1444959: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:42:58 +0000 (10:42 +1000)]
Coverity CID
1444960: Error handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:26:32 +0000 (10:26 +1000)]
Coverity CID
1444961: Integer handling issues
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Pauli [Tue, 7 May 2019 00:18:29 +0000 (10:18 +1000)]
Coverity CID
1444963: Null pointer dereferences
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
Matt Caswell [Fri, 3 May 2019 14:56:08 +0000 (15:56 +0100)]
Reject obviously invalid DSA parameters during signing
Fixes #8875
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8876)
Boris Pismenny [Sat, 13 Apr 2019 14:20:35 +0000 (17:20 +0300)]
ssl: Add SSL_sendfile
This commit adds the SSL_sendfile call, which allows KTLS sockets to
transmit file using zero-copy semantics.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
Boris Pismenny [Thu, 11 Apr 2019 13:24:42 +0000 (16:24 +0300)]
Linux ktls sendfile
This commit introduces support for Linux KTLS sendfile.
Sendfile semantics require the use of a kernel TLS socket to construct the TLS
record headers, encrypt and authenticate the data.
KTLS sendfile improves performance by avoiding the copy of file data into user
space, which is required today.
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8727)
Dr. Matthias St. Pierre [Tue, 7 May 2019 09:59:11 +0000 (11:59 +0200)]
man: fix a typo and a grammar nit in EVP_PKEY_meth_new(3)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8893)
Simo Sorce [Thu, 18 Apr 2019 12:26:29 +0000 (08:26 -0400)]
Change the digest string from "md" to "digest"
Conform to other modules which were changed at the last minute and this
discrepancy was not noticed.
Retain "md" as an alias so not to break 3rd party backports/tests scripts.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8783)
Shane Lontis [Wed, 24 Apr 2019 00:06:54 +0000 (10:06 +1000)]
Added generated files for EVP_KDF changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
Shane Lontis [Mon, 22 Apr 2019 07:18:56 +0000 (17:18 +1000)]
Added EVP_KDF (similiar to the EVP_MAC)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
Todd Short [Thu, 2 May 2019 18:37:18 +0000 (14:37 -0400)]
Add documentation for running unit tests under Valgrind
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8867)
Matt Caswell [Thu, 2 May 2019 13:32:44 +0000 (14:32 +0100)]
Update internal documentation after global data move to OPENSSL_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
Matt Caswell [Thu, 2 May 2019 12:42:31 +0000 (13:42 +0100)]
Add some TODO notes into init.c
We should be seeking to move the OPENSSL_init_crypto and OPENSSL_cleanup
processing into OPENSSL_CTX instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
Matt Caswell [Wed, 1 May 2019 10:02:43 +0000 (11:02 +0100)]
Instead of global data store it in an OPENSSL_CTX
Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
Matt Caswell [Tue, 30 Apr 2019 14:15:48 +0000 (15:15 +0100)]
Add support for openssl_ctx_run_once and openssl_ctx_onfree
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
Klotz, Tobias [Tue, 19 Feb 2019 12:34:32 +0000 (13:34 +0100)]
Use vxRandLib for VxWorks7
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8023)
Dr. Matthias St. Pierre [Thu, 2 May 2019 12:49:34 +0000 (14:49 +0200)]
openssl cms: add error message if operation option is missing
If the `openssl cms` command is called without specifying an
operation option, it replies with the following laconic error message:
cms: Use -help for summary.
This commit adds a helpful error message:
No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8861)
Dr. Matthias St. Pierre [Thu, 2 May 2019 11:57:35 +0000 (13:57 +0200)]
Test: use keywords instead of magic numbers for 'rsa_pss_saltlen'
Since commit
137096a7ead it is possible to specify keywords instead
of negative magic numbers for the salt length. This commit replaces
the remaining occurrences of `rsa_pss_saltlen:-3` in the test recipes
by `rsa_pss_saltlen:max`.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8860)
Wojciech Kaluza [Sun, 21 Apr 2019 11:39:20 +0000 (12:39 +0100)]
Allow setting RCFLAGS as Configure option or environment variable
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)
Wojciech Kaluza [Sun, 21 Apr 2019 11:14:34 +0000 (12:14 +0100)]
Add RCFLAGS variable in Windows build file, and use it
- Allow user-defined RCFLAGS
- Pass RCFLAGS to RC
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)
Matt Caswell [Tue, 30 Apr 2019 12:49:25 +0000 (13:49 +0100)]
Fix no-srp
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8850)
Richard Levitte [Tue, 30 Apr 2019 13:24:06 +0000 (15:24 +0200)]
p_get_params() [test/p_test.c]: clear the OSSL_PARAM buffers for every test
Fixes #8796
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8851)
Philip Prindeville [Thu, 9 Aug 2018 21:19:19 +0000 (15:19 -0600)]
gendsa: dsaparam: introduce -verbose option to enable output
Other commands like 'req' support -verbose, so why not gendsa and dsaparam?
Part of a larger and more ambitious effort to add -verbose to all apps
that might be used in scripts and need to otherwise run silently (well,
without belching out anything that isn't a warning or error... which ties
into a later scrub of using STDOUT were appropriate for informative
messages instead of STDERR)... so that scripts also have the option of
doing >/dev/null without losing anything critical.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6908)
Philip Prindeville [Wed, 8 Aug 2018 17:51:23 +0000 (11:51 -0600)]
genrsa: introduce -verbose option to enable output
Other commands like 'req' support -verbose, so why not genrsa?
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6897)
Pauli [Tue, 30 Apr 2019 10:36:16 +0000 (20:36 +1000)]
Structure alignment macro.
Introduce a macro that allows all structure alignment tricks to be rolled up
into a single place.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8845)
Richard Levitte [Tue, 30 Apr 2019 11:41:51 +0000 (13:41 +0200)]
Replumbing: give the possibility for the provider to create a context
OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context. It's entirely up to the provider to
define the context and what it's being used for. This pointer is
passed back to other provider functions, typically the provider global
get_params and set_params functions, and also the diverse algorithm
context creators, and of course, the teardown function.
With this, a provider can be instantiated more than once, or be
re-loaded as the case may be, while maintaining instance state.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8848)
Richard Levitte [Tue, 30 Apr 2019 12:01:52 +0000 (14:01 +0200)]
Replumbing: make the oneshot proider cipher function like the others
The OP_cipher_final function takes a return output size and an output
buffer size argument. The oneshot OP_cipher_cipher function should do
the same.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8849)
Dr. Matthias St. Pierre [Mon, 29 Apr 2019 17:12:38 +0000 (19:12 +0200)]
FIPS: Fix compiler errors in rsa_chk.c when building with `-DFIPS_MODE`
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8843)
Richard Levitte [Tue, 30 Apr 2019 08:33:55 +0000 (10:33 +0200)]
Configure: process shared-info.pl later
The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8846)
Pauli [Tue, 30 Apr 2019 03:43:19 +0000 (13:43 +1000)]
Squashed commit of the following:
Digest stored entropy for CRNG test.
Via the FIPS lab, NIST confirmed:
The CMVP had a chance to discuss this inquiry and we agree that
hashing the NDRNG block does meet the spirit and letter of AS09.42.
However, the CMVP did have a few questions: what hash algorithm would
be used in this application? Is it approved? Is it CAVs tested?
SHA256 is being used here and it will be both approved and CAVs tested.
This means that no raw entropy needs to be kept between RNG seedings, preventing
a potential attack vector aganst the randomness source and the DRBG chains.
It also means the block of secure memory allocated for this purpose is no longer
required.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8790)
Todd Short [Wed, 12 Dec 2018 18:09:50 +0000 (13:09 -0500)]
Collapse ssl3_state_st (s3) into ssl_st
With the removal of SSLv2, the s3 structure is always allocated, so
there is little point in having it be an allocated pointer. Collapse
the ssl3_state_st structure into ssl_st and fixup any references.
This should be faster than going through an indirection and due to
fewer allocations, but I'm not seeing any significant performance
improvement; it seems to be within the margin of error in timing.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7888)
David Benjamin [Tue, 16 Apr 2019 03:36:40 +0000 (22:36 -0500)]
Copy RSA-PSS saltlen in EVP_PKEY_CTX_dup.
pkey_rsa_copy was missing a field. Test this by repeating the operation
through an EVP_PKEY_CTX_dup copy in evp_test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8759)
Patrick Steuer [Mon, 25 Mar 2019 17:23:59 +0000 (18:23 +0100)]
s390x assembly pack: remove poly1305 dependency on non-base memnonics
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)
Patrick Steuer [Mon, 25 Mar 2019 17:22:02 +0000 (18:22 +0100)]
s390x assembly pack: remove chacha20 dependency on non-base memnonics
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)
Patrick Steuer [Mon, 25 Mar 2019 17:20:27 +0000 (18:20 +0100)]
s390x assembly pack: update perlasm module
Add non-base instructions which are used by the chacha20 and
poly1305 modules.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)
Patrick Steuer [Thu, 7 Feb 2019 15:44:05 +0000 (16:44 +0100)]
s390x assembly pack: allow alignment hints for vector load/store
z14 introduced alignment hints to help vector load/store
performance. For its predecessors, alignment hint defaults
to 0 (no alignment indicated).
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8181)
Pauli [Wed, 24 Apr 2019 01:24:11 +0000 (11:24 +1000)]
Statistically test BN_rand_range().
Add a Chi^2 goodness of fit test to empirically provide a degree of confidence
in the uniformity of the output of the random range generation function.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8818)