Richard Levitte [Thu, 4 Apr 2019 10:56:57 +0000 (12:56 +0200)]
Document the 'no-module' configuration option
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8665)
Richard Levitte [Wed, 3 Apr 2019 20:54:00 +0000 (22:54 +0200)]
Correct EVP_F_EVP_MD_BLOCK_SIZE number
The number that was used was already taken
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8656)
Tomas Mraz [Thu, 21 Mar 2019 12:17:29 +0000 (13:17 +0100)]
Use AI_ADDRCONFIG hint with getaddrinfo if available.
This prevents failure of openssl s_server socket binding to wildcard
address on hosts with disabled IPv6.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8550)
Todd Short [Wed, 19 Apr 2017 19:35:16 +0000 (15:35 -0400)]
Modify OCSP to use alt MD for cert IDs in responses
Modify openssl OCSP utility to produce certIDs in responses using other
hash algorithms (e.g. SHA256).
Added option -rcid for this purpose.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5274)
Matt Caswell [Fri, 29 Mar 2019 15:38:10 +0000 (15:38 +0000)]
Add a test for EVP_MD_block_size()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)
Matt Caswell [Thu, 28 Mar 2019 17:22:20 +0000 (17:22 +0000)]
Support EVP_MD_block_size() with providers
Fixes #8565
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)
Matt Caswell [Fri, 29 Mar 2019 16:29:54 +0000 (16:29 +0000)]
Add an EVP_MD_CTX_md() test
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)
Matt Caswell [Fri, 29 Mar 2019 16:28:07 +0000 (16:28 +0000)]
Ensure EVP_MD_CTX_md returns the EVP_MD originally used
Fixes #8613
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)
Richard Levitte [Wed, 3 Apr 2019 13:44:17 +0000 (15:44 +0200)]
replaced snprintf with BIO version (for windows builds)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8651)
Richard Levitte [Sat, 30 Mar 2019 21:25:00 +0000 (22:25 +0100)]
Replumbing: add documentation for the provider configuration module
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Richard Levitte [Sat, 30 Mar 2019 21:10:39 +0000 (22:10 +0100)]
Add test for the provider configuration module
We reuse test/provider_internal_test.c and test/p_test.c,
and get it loaded one more time via the configuration file
test/provider_internal_test.conf
To support different platform standards regarding module
extensions, we generate test/provider_internal_test.conf
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Richard Levitte [Wed, 20 Mar 2019 15:53:19 +0000 (16:53 +0100)]
Replumbing: add a configuration module for providers
This configuration module supports a configuration structure pretty
much like the engine configuration module, i.e. something like this:
openssl_conf = openssl_init
[openssl_init]
providers = provider_section
[provider_section]
# Configure the provider named "foo"
foo = foo_section
# Configure the provider named "bar"
bar = bar_section
[foo_section]
# Override name given in the provider section
identity = myfoo
# The exact path of the module. This is platform specific
module_path = /opt/openssl/modules/foo.so
# Whether it should be automatically activated. Value is unimportant
activate = whatever
# Anything else goes as well, and becomes parameters that the
# provider can get
what = 1
# sub-sections will be followed as well
ever = ever_section
[ever_section]
cookie = monster
All the configurations in a provider section and its sub-sections
become parameters for the provider to get, i.e. the "foo" provider
will be able to get values for the following keys (with associated
values shown):
identity => myfoo
module_path => /opt/openssl/modules/foo.so
activate => whatever
what => 1
ever.cookie => monster
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Richard Levitte [Thu, 21 Mar 2019 07:44:06 +0000 (08:44 +0100)]
Replumbing: add functionality to set provider parameters
Provider parameters are parameters set by the core that the provider
can retrieve. The primary use it to support making OpenSSL
configuration data available to the provider.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
Pauli [Wed, 3 Apr 2019 06:03:46 +0000 (16:03 +1000)]
AES-XTS block limit.
Limit the number of AES blocks in a data unit to 2^20 or less.
This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E.
Note: that this is a change from IEEE Std 1619-2007 which only recommended
this limit.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8627)
Richard Levitte [Tue, 2 Apr 2019 12:40:11 +0000 (14:40 +0200)]
Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT"
I turns out that this made crypto/rand/rand_win.c to never build with
BCrypt support unless the user sets _WIN32_WINNT. That wasn't the
intent.
This reverts commit
cc8926ec8fcecae89ceab91ef753de93e49568f9.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8641)
Dr. Matthias St. Pierre [Tue, 2 Apr 2019 10:35:46 +0000 (12:35 +0200)]
rand_win.c: loosen version requirements for BCryptGenRandom
BCryptGenRandom() is available for Windows Vista and newer versions, see
https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8639)
Richard Levitte [Tue, 2 Apr 2019 09:14:10 +0000 (11:14 +0200)]
crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT
This helps decide if the BCrypt API should be used or not.
Fixes #8635
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8638)
Richard Levitte [Sun, 31 Mar 2019 13:26:26 +0000 (15:26 +0200)]
Correct the checks of module availability in provider test programs
Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test
module wasn't built, but the provider test programs didn't check that
macro. We rename it to OPENSSL_NO_MODULE, since that name describes
the situation more than OPENSSL_NO_SHARED does, and use it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
Richard Levitte [Sun, 31 Mar 2019 13:17:58 +0000 (15:17 +0200)]
Configuration / build: make it possible to disable building of modules
While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
though we can't use them from apps linked with libraries that are
built this way).
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
Richard Levitte [Sun, 31 Mar 2019 13:14:00 +0000 (15:14 +0200)]
Build cleanup: don't use SHARED_SOURCE with modules
SHARED_SOURCE is reserved for products that are expected to come in
dual shared / non-shared form, i.e. the routine libraries like
libcrypto and libssl, to distinguish source that should only appear in
their shared form.
Modules are always shared, so there's no need for them to have this
type of distinction.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)
Richard Levitte [Mon, 1 Apr 2019 15:37:16 +0000 (17:37 +0200)]
Restore the "heartbeats" configuration option among the deprecated
Removing the option entirely would break builds unnecessarily, so
let's make it deprecated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8632)
Boris Pismenny [Thu, 6 Dec 2018 19:36:08 +0000 (21:36 +0200)]
add documentation
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Boris Pismenny [Thu, 6 Dec 2018 19:17:26 +0000 (21:17 +0200)]
apps: print Kernel receive side TLS in s_client and s_server
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Boris Pismenny [Sun, 11 Mar 2018 14:20:29 +0000 (16:20 +0200)]
sslapitest: add test ktls Rx
Add a unit-test for ktls receive side.
Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Boris Pismenny [Thu, 21 Feb 2019 14:39:36 +0000 (16:39 +0200)]
ssl: Linux TLS Rx Offload
This patch adds support for the Linux TLS Rx socket option.
It completes the previous patch for TLS Tx offload.
If the socket option is successful, then the receive data-path of the TCP
socket is implemented by the kernel.
We choose to set this option at the earliest - just after CCS is complete.
Change-Id: I59741e04d89dddca7fb138e88fffcc1259b30132
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Boris Pismenny [Sun, 11 Mar 2018 14:17:51 +0000 (16:17 +0200)]
bio: Linux TLS Rx Offload
Add support for Linux TLS Rx offload in the BIO layer.
Change-Id: I79924b25dd290a873d69f6c8d429e1f5bb2c3365
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Boris Pismenny [Sun, 11 Mar 2018 14:16:16 +0000 (16:16 +0200)]
Linux ktls Rx infrastructure
Introduce the infrastructure for supproting receive side Linux Kernel TLS
data-path.
Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)
Richard Levitte [Sun, 31 Mar 2019 14:15:02 +0000 (16:15 +0200)]
Rework DSO API conditions and configuration option
'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may
be some odd platforms with no DSO scheme. For those, we generate the
internal macro DSO_NONE aand use it.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/#8622)
x753 [Fri, 29 Mar 2019 01:31:36 +0000 (21:31 -0400)]
Fixed typo in enc.c warning
"warning: iv not use by this cipher" -> "warning: iv not used by this cipher"
CLA: trivial
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8608)
Shane Lontis [Wed, 27 Mar 2019 07:38:28 +0000 (17:38 +1000)]
fixed public range check in ec_GF2m_simple_oct2point
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8607)
Pauli [Sat, 30 Mar 2019 02:49:05 +0000 (12:49 +1000)]
Implement the param types that aren't explicitly lengthened (e.g. int) in terms
of those that are (e.g. int32_t).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8616)
Pauli [Sat, 30 Mar 2019 01:22:51 +0000 (11:22 +1000)]
issue-8493: Fix for filenames with newlines using openssl dgst
The output format now matches coreutils *dgst tools.
[ edited to remove trailing white space ]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)
Paul Yang [Wed, 13 Mar 2019 10:04:05 +0000 (18:04 +0800)]
Fix a memleak in apps/verify
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
Paul Yang [Wed, 13 Mar 2019 09:22:31 +0000 (17:22 +0800)]
Add documents for SM2 cert verification
This follows #8321 which added the SM2 certificate verification feature.
This commit adds the related docs - the newly added 2 APIs and options
in apps/verify.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
Paul Yang [Wed, 13 Mar 2019 08:54:11 +0000 (16:54 +0800)]
Add test cases for SM2 cert verification
This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)
Dr. Matthias St. Pierre [Thu, 21 Mar 2019 17:59:13 +0000 (18:59 +0100)]
trace: rename the default trace category from 'ANY' to 'ALL'
It seems more intuitive to set `OPENSSL_TRACE=all` instead of
`OPENSSL_TRACE=any` to obtain trace output for all categories.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Dr. Matthias St. Pierre [Thu, 21 Mar 2019 17:27:50 +0000 (18:27 +0100)]
trace: apps/openssl: print the correct category name
Previously, if the openssl application was run with OPENSSL_TRACE=any,
all trace output would just show 'ANY' as the category name, which was
not very useful. To get the correct category name printed in the trace
output, the openssl application now registers separate channels for
each category.
The trace API is unchanged, it is still possible for an application to
register a single channel for the 'ANY' category to see all outputt,
if it does not need this level of detail.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Dr. Matthias St. Pierre [Wed, 20 Mar 2019 23:56:36 +0000 (00:56 +0100)]
trace: fix out-of-bound memory access
When OSSL_trace_get_category_num() is called with an unknown category
name, it returns -1. This case needs to be considered in order to
avoid out-of-bound memory access to the `trace_channels` array.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Dr. Matthias St. Pierre [Tue, 19 Mar 2019 07:53:35 +0000 (08:53 +0100)]
trace: don't pretend success if it's not enabled
Partially reverts
d33d76168fb7 Don't fail when tracing is disabled
Commit
d33d76168fb7 fixed the problem that the initialization of
libcrypto failed when tracing was disabled, because the unoperational
ossl_trace_init() function returned a failure code. The problem was
fixed by changing its return value from failure to success.
As part of the fix the return values of other unimplemented trace API
functions (like OSSL_trace_set_channel(),OSSL_trace_set_callback())
was changed from failure to success, too. This change was not necessary
and is a bit problematic IMHO, because nobody expects an unimplemented
function to pretend it succeeded.
It's the application's duty to handle the case correctly when the trace
API is not enabled (i.e., OPENSSL_NO_TRACE is defined), not the API's job
to pretend success just to prevent the application from failing.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)
Patrick Steuer [Fri, 22 Mar 2019 23:03:24 +0000 (00:03 +0100)]
s390x assembly pack: import poly from cryptogams repo
>=20% faster than present code.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8560)
Richard Levitte [Tue, 15 Nov 2016 13:55:40 +0000 (14:55 +0100)]
Remove heartbeats completely
Fixes #4856
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1928)
Richard Levitte [Tue, 19 Mar 2019 13:43:31 +0000 (14:43 +0100)]
Windows, VMS: build fixes
The naming of generated assembler wasn't done quite right. There are
assembler files that are generated from a perl script, and there are
those who are not. Only the former must be renamed to the platform
specific asm extension.
Furthermore, we need to make sure that 'OSSL_provider_init' isn't case
sensitive on VMS, to allow for the least surprise for provider
builders.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8529)
Pauli [Fri, 29 Mar 2019 08:42:37 +0000 (18:42 +1000)]
Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Pauli [Fri, 29 Mar 2019 08:31:10 +0000 (18:31 +1000)]
Propery initialise struct sslapitest_log_counts to zero using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Pauli [Fri, 29 Mar 2019 08:27:28 +0000 (18:27 +1000)]
Correctly zero the DISPLAY_COLUMNS structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Pauli [Fri, 29 Mar 2019 08:26:53 +0000 (18:26 +1000)]
Make the array zeroing explicit using memset.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Pauli [Fri, 29 Mar 2019 08:19:19 +0000 (18:19 +1000)]
It isn't necessary to initialise a struct stat before a stat(2) system call.
The initialisation was also flawed, failing to account for padding and
alignment bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Pauli [Fri, 29 Mar 2019 08:17:38 +0000 (18:17 +1000)]
Ensure that the struct msghdr is properly zeroed.
This is probably harmless but best to properly initialise things.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)
Richard Levitte [Fri, 29 Mar 2019 10:26:55 +0000 (11:26 +0100)]
openssl dgst: show MD name at all times - CHANGES entry
Related to #8609
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8612)
Richard Levitte [Fri, 29 Mar 2019 06:11:57 +0000 (07:11 +0100)]
openssl dgst: show MD name at all times
When 'openssl dgst' is called with a MD alias (such as sha256) and no
further arguments (i.e. input is taken from stdin), the MD name wasn't
shown.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8609)
Pauli [Fri, 29 Mar 2019 07:46:11 +0000 (17:46 +1000)]
Clear seed source structures.
If the structures have empty padding bytes, ensure they are zeroed.
These structures are added to seed pools as complete blocks including
any padding and alignment bytes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8610)
Soujyu Tanaka [Wed, 27 Mar 2019 08:30:47 +0000 (17:30 +0900)]
For the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Soujyu Tanaka [Wed, 27 Mar 2019 07:21:58 +0000 (16:21 +0900)]
Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Soujyu Tanaka [Wed, 27 Mar 2019 07:15:31 +0000 (16:15 +0900)]
Avoid linking error for InitializeCriticalSectionAndSpinCount().
Replace it with InitializeCriticalSection()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Soujyu Tanaka [Wed, 27 Mar 2019 06:55:32 +0000 (15:55 +0900)]
Avoid linking error on WCE700 for _InterlockedExchangeAdd().
This implementation is referenced to https://www.boost.org/doc/libs/1_69_0/boost/detail/interlocked.hpp
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)
Pauli [Fri, 29 Mar 2019 07:50:48 +0000 (17:50 +1000)]
Add the FIPS related continuous random number generator (CRNG) testing.
Refer to FIPS 140-2 section 4.9.2 Conditional Tests for details.
The check is fairly simplistic, being for the entropy sources to not feed
the DRBG the same block of seed material twice in a row. Only the first
DRBG in a chain is subject to this check, latter DRBGs are assumed to be
safely seeded via the earlier DRBGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8599)
Andy Polyakov [Sat, 16 Mar 2019 20:21:02 +0000 (21:21 +0100)]
Configurations/00-base-templates.conf: engage {chacha|poly1305}-ia64.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)
Andy Polyakov [Sat, 16 Mar 2019 20:19:32 +0000 (21:19 +0100)]
IA64 assembly pack: add {chacha|poly1305}-ia64 modules.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8540)
Shane Lontis [Sun, 24 Mar 2019 23:52:28 +0000 (09:52 +1000)]
Fixed unmatched BN_CTX_start/end if an invalid exponent is used.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8569)
Pauli [Thu, 28 Mar 2019 23:24:07 +0000 (09:24 +1000)]
Fix broken change from
b3d113e.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)
Paul Monson [Tue, 26 Mar 2019 22:25:19 +0000 (15:25 -0700)]
conn_is_closed should return 1 if get_last_sys_error is WSAECONNRESET
CLA: trivial
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8590)
Shane Lontis [Sun, 24 Mar 2019 09:11:42 +0000 (19:11 +1000)]
coverity fixes for SSKDF + mac_app + kdf test cleanup
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8566)
Dmitry Belyavskiy [Fri, 22 Feb 2019 13:58:55 +0000 (16:58 +0300)]
Add some checks of OCSP functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8308)
Matt Caswell [Wed, 27 Mar 2019 11:16:44 +0000 (11:16 +0000)]
Make OCSP_id_cmp and OCSP_id_issuer_cmp accept const params
Fixes #8589
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8597)
Pauli [Thu, 28 Mar 2019 05:02:19 +0000 (15:02 +1000)]
Fix test builds.
/usr/include/bits/waitstatus.h includes endian.h under some libc's.
This clashes with the new test header file, so rename the latter.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8600)
Pauli [Mon, 25 Mar 2019 01:52:58 +0000 (11:52 +1000)]
Detect endian without relying on defined symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8572)
Jake Massimo [Wed, 27 Mar 2019 04:13:08 +0000 (04:13 +0000)]
Increase rounds of Miller-Rabin testing DH_check
DH_check is used to test the validity of Diffie-Hellman parameter sets (p, q, g). Among the tests performed are primality tests on p and q, for this BN_is_prime_ex is called with the rounds of Miller-Rabin set as default. This will therefore use the average case error estimates derived from the function BN_prime_checks_for_size based on the bit size of the number tested.
However, these bounds are only accurate on testing random input. Within this testing scenario, where we are checking the validity of a DH parameter set, we can not assert that these parameters are randomly generated. Thus we must treat them as if they are adversarial in nature and increase the rounds of Miller-Rabin performed.
Generally, each round of Miller-Rabin can declare a composite number prime with probability at most (1/4), thus 64 rounds is sufficient in thwarting known generation techniques (even in safe prime settings - see https://eprint.iacr.org/2019/032 for full analysis). The choice of 64 rounds is also consistent with SRP_NUMBER_ITERATIONS_FOR_PRIME 64 as used in srp_Verify_N_and_g in openssl/apps/s_client.c.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8593)
Matt Caswell [Tue, 26 Mar 2019 13:32:39 +0000 (13:32 +0000)]
Don't allow SHAKE128/SHAKE256 with HMAC
See discussion in github issue #8563
Fixes #8563
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
Matt Caswell [Tue, 26 Mar 2019 12:11:12 +0000 (12:11 +0000)]
Correctly check the return code of EVP_MAC_ctrl everwhere it is used
EVP_MAC_ctrl is documented to return 0 or -1 on failure. Numerous places
were not getting this check correct.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8584)
Matt Caswell [Tue, 26 Mar 2019 14:42:14 +0000 (14:42 +0000)]
Fix a memory leak in ARIA GCM
Fixes #8567
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8586)
Matt Caswell [Tue, 26 Mar 2019 15:25:15 +0000 (15:25 +0000)]
Tolerate 0 byte input length for Update functions
We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is
a bit of an anomoly. That treats 0 byte input length as an error.
Fixes #8576
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8587)
Matt Caswell [Tue, 26 Mar 2019 16:07:02 +0000 (16:07 +0000)]
Fix no-ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)
Dr. Matthias St. Pierre [Tue, 26 Mar 2019 23:55:55 +0000 (00:55 +0100)]
Fix three identical grammatical errors
Reported by Mak Kolybabi
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8591)
Shane Lontis [Tue, 26 Mar 2019 05:20:22 +0000 (15:20 +1000)]
style nit fix
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8580)
Hubert Kario [Wed, 6 Mar 2019 15:51:49 +0000 (16:51 +0100)]
ts(1): digest option is mandatory
not specifying the digest both on command line and in the config file
will lead to response generation aborting with
140617514493760:error:
2F098088:time stamp routines:ts_CONF_lookup_fail: \
cannot find config variable:crypto/ts/ts_conf.c:106:tsr_test::signer_digest
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8421)
Shane Lontis [Mon, 25 Mar 2019 01:37:24 +0000 (11:37 +1000)]
replaced snprintf with BIO version (for windows builds)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8571)
Bernd Edlinger [Wed, 20 Mar 2019 21:02:58 +0000 (22:02 +0100)]
Modify the RSA_private_decrypt functions to check the padding in
constant time with a memory access pattern that does not depend
on secret information.
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8543)
Bernd Edlinger [Wed, 20 Mar 2019 19:01:12 +0000 (20:01 +0100)]
Make err_clear_constant_time really constant time
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8542)
Pauli [Fri, 22 Mar 2019 00:49:57 +0000 (10:49 +1000)]
Cosmetic rand/drbg changes.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8554)
Matt Caswell [Mon, 18 Mar 2019 16:15:58 +0000 (16:15 +0000)]
Document the functions EVP_MD_fetch() and EVP_MD_upref()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Matt Caswell [Mon, 18 Mar 2019 14:36:41 +0000 (14:36 +0000)]
Add a test for EVP_MD_fetch
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Matt Caswell [Wed, 13 Mar 2019 17:26:17 +0000 (17:26 +0000)]
Implement SHA256 in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Matt Caswell [Wed, 13 Mar 2019 16:17:17 +0000 (16:17 +0000)]
Make EVP_Digest* functions provider aware
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Matt Caswell [Wed, 13 Mar 2019 14:49:40 +0000 (14:49 +0000)]
Implement EVP_MD_fetch()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Matt Caswell [Wed, 13 Mar 2019 12:02:55 +0000 (12:02 +0000)]
Add a skeleton default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
Shane Lontis [Thu, 21 Mar 2019 00:22:07 +0000 (10:22 +1000)]
fixed mismatching #ifdef cpp
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8544)
Lorinczy Zsigmond [Fri, 8 Mar 2019 19:22:05 +0000 (20:22 +0100)]
Reorganized signature-scheme detection in 'apps/s_cb.c:security_callback_debug' callback-function.
So far, it only handled hash-and-algorithm pairs from TLS1.2,
now it also handles 'schemes' defined in TLS1.3 like 0x0807=
ed25519 or
0x0809=rsa_pss_pss_sha256
Now it prints information in one of these formats:
... Algorithm scheme=ecdsa_secp256r1_sha256, security bits=128 ... TLS1.3
... Algorithm digest=SHA384, algorithm=DSA, security bits=192 ... TLS1.2
... Algorithm scheme=unknown(0x0e01), security bits=128 ... unhandled case
To implement this added three new lookup-tables: signature_tls13_scheme_list,
signature_tls12_alg_list, signature_tls12_hash_list.
Also minor changes in 'security_callback_debug', eg adding variable 'show_nm'
to indicate if we should show 'nm'.
Also coding-styles fixes from matcaswell
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8445)
Richard Levitte [Wed, 20 Mar 2019 09:18:13 +0000 (10:18 +0100)]
OPENSSL_config(): restore error agnosticism
Great effort has been made to make initialization more configurable.
However, the behavior of OPENSSL_config() was lost in the process,
having it suddenly generate errors it didn't previously, which is not
how it's documented to behave.
A simple setting of default flags fixes this problem.
Fixes #8528
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8533)
Shane Lontis [Tue, 19 Mar 2019 22:13:55 +0000 (08:13 +1000)]
Updated doc for BN_clear, BN_CTX_end when param is NULL
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8532)
David von Oheimb [Sun, 23 Dec 2018 08:58:36 +0000 (09:58 +0100)]
replace 'OpenSSL license' by 'Apache License 2.0'
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8527)
Shane Lontis [Tue, 19 Mar 2019 00:22:03 +0000 (10:22 +1000)]
removed BN_clear NULL checks
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8507)
Richard Levitte [Sun, 17 Mar 2019 17:06:59 +0000 (18:06 +0100)]
Replumbing: Add a mechanism to pre-populate the provider store
OpenSSL will come with a set of well known providers, some of which
need to be accessible from the start. These are typically built in
providers, or providers that will work as fallbacks.
We do this when creating a new provider store, which means that this
will happen in every library context, regardless of if it's the global
default one, or an explicitely created one.
We keep the data about the known providers we want to make accessible
this way in crypto/provider_predefined.h, which may become generated.
For now, though, we make it simple and edited manually.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)
Richard Levitte [Thu, 14 Mar 2019 09:53:27 +0000 (10:53 +0100)]
Replumbing: add fallback provider capability
To ensure that old applications aren't left without any provider, and
at the same time not forcing any default provider on applications that
know how to deal with them, we device the concept of fallback
providers, which are automatically activated if no other provider is
already activated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)
Matt Caswell [Thu, 7 Mar 2019 14:02:56 +0000 (14:02 +0000)]
Update pkeyutl documentation about the digest option
DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.
Fixes #8425
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8432)
Shane Lontis [Fri, 4 Jan 2019 08:41:21 +0000 (18:41 +1000)]
Single step kdf implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8230)
Rich Salz [Thu, 21 Feb 2019 18:23:06 +0000 (13:23 -0500)]
Move ASN1_BROKEN macros
They're only used in one place, and only for a legacy datatype.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8302)
Dmitry Belyavskiy [Mon, 25 Feb 2019 15:24:46 +0000 (18:24 +0300)]
EVP_PKEY_get0_engine documentation
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8329)
Dmitry Belyavskiy [Mon, 25 Feb 2019 15:02:33 +0000 (18:02 +0300)]
Providing missing accessor to EVP_PKEY.engine
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8329)
Vitezslav Cizek [Tue, 5 Mar 2019 21:52:33 +0000 (22:52 +0100)]
apps/speed.c: properly address NO_EC2M on systems without SIGALRM
The ecdh_c array is allocated of the same size as ecdh_choices,
whose size depends on whether the support for binary curves is enabled
or not. (The same goes for ecdsa_c).
On systems without SIGALRM, ecdh_c is indexed by predefined constants
intended for representing the index of the ciphers in the ecdh_choices
array.
However, in case of NO_EC2M some of the #defined constants won't match
and would actually access the ecdh_c out-of-bounds.
Use enum instead of a macro to define the curve indexes so they're
within the bounds of the ecdh_c array.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8422)
Vitezslav Cizek [Tue, 5 Mar 2019 16:14:33 +0000 (17:14 +0100)]
apps/speed.c: skip binary curves when compiling with OPENSSL_NO_EC2M
openssl speed doesn't take into account that the library could be
compiled without the support for the binary curves and happily uses
them, which results in EC_GROUP_new_by_curve_name() errors.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8422)