Richard Levitte [Mon, 4 Nov 2019 09:29:53 +0000 (10:29 +0100)]
OpenSSL::Ordinals: add a renumber() function, to assign unassigned symbols
This should be used when it's time to assign constant numbers to the
unassigned symbols.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 09:28:00 +0000 (10:28 +0100)]
OpenSSL::Ordinals: Handle symbols with unassigned ordinal numbers
We preserve the number or '?' or '?+', but assign numbers internally
on the latter, to ensure we keep the order of the input.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Mon, 4 Nov 2019 08:02:28 +0000 (09:02 +0100)]
util/*.num: deassign ordinal numbers from new symbols
Symbols that have appeared since 1.1.1 was released are considered
unassigned in the development branch. This is marked by having a
question mark as its ordinal number.
This introduces two new markers to be used instead of ordinal numbers:
? signifying it gets the previous symbol's number plus one
?+ signifying it gets the same number as the previous symbol
'?+' should remain rare, but is useful to create aliases when needed
(for example when two different symbols clash because they only differ
in character case, see include/openssl/symhacks.h)
The intention is that a development branch won't have set numbers for
new symbols, and that the final numbers will only get allocated when
making beta or final releases.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10348)
Richard Levitte [Wed, 30 Oct 2019 16:06:48 +0000 (17:06 +0100)]
Minimal adaptation of tests back to how it was before
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 15:59:34 +0000 (16:59 +0100)]
EVP: Make the SIGNATURE implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new
signature algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
Richard Levitte [Wed, 30 Oct 2019 17:03:07 +0000 (18:03 +0100)]
EVP: Make the KEYEXCH implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.
This means fewer changes for applications that want to use new key
exchange algorithms / implementations.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)
Patrick Steuer [Sat, 2 Nov 2019 23:32:04 +0000 (00:32 +0100)]
s390x assembly pack: process x25519 and x448 non-canonical values
...in constant time.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 23:01:20 +0000 (00:01 +0100)]
Add self-generated test vector for x448 non-canonical values
x25519 has such a test vector obtained from wycheproof but wycheproof
does not have a corresponding x448 test vector.
So add a self-generated test vector for that case.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sat, 2 Nov 2019 22:50:26 +0000 (23:50 +0100)]
s390x assembly pack: fix x448 handling of non-canonical values
The s390x x448 implementation does not correctly reduce non-canonical
values i.e., u-coordinates >= p = 2^448 - 2^224 - 1.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10339)
Patrick Steuer [Sun, 3 Nov 2019 21:44:28 +0000 (22:44 +0100)]
s390x assembly pack: perlasm module update
- add instructions: clfi, stck, stckf, kdsa
- clfi and clgfi belong to extended-immediate (not long-displacement)
- some cleanup
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10346)
Matt Caswell [Wed, 30 Oct 2019 13:23:18 +0000 (13:23 +0000)]
Don't assume the type we read was the type we expected
i2v_GENERAL_NAME and GENERAL_NAME_print were assuming that the type of
of a GENERAL_NAME (OTHERNAME) that we read in was the type we expected
it to be. If its something else then this can cause unexpected
behaviour. In the added fuzz test case an OOB read was occurring.
This issue was recently added by commit
4baee2d.
Credit to OSSFuzz for finding this issue.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Matt Caswell [Wed, 30 Oct 2019 13:20:33 +0000 (13:20 +0000)]
Don't leak memory in the event of a failure in i2v_GENERAL_NAMES
i2v_GENERAL_NAMES call i2v_GENERAL_NAME repeatedly as required. Each
time i2v_GENERAL_NAME gets called it allocates adds data to the passed in
stack and then returns a pointer to the stack, or NULL on failure. If
the passed in stack is itself NULL then it allocates one.
i2v_GENERAL_NAMES was not correctly handling the case where a NULL gets
returned from i2v_GENERAL_NAME. If a stack had already been allocated then
it just leaked it.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10300)
Paul Yang [Mon, 4 Nov 2019 03:49:35 +0000 (11:49 +0800)]
Fix no-sm2 issue
Some code is not covered by the macros.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10319)
Richard Levitte [Mon, 2 Sep 2019 05:59:17 +0000 (07:59 +0200)]
Document added SSL functions related to X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:43:19 +0000 (23:43 +0100)]
X509_LOOKUP_store: Add CHANGES note
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 22:41:27 +0000 (23:41 +0100)]
Document X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 8 Mar 2019 00:09:44 +0000 (01:09 +0100)]
Adapt two test programs that were using now deprecated functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:28:05 +0000 (15:28 +0100)]
Add a basic test of -CAstore
This code is mainly copied from test_ssl_old
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:27:15 +0000 (15:27 +0100)]
OSSL_STORE: add tracing
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Thu, 7 Mar 2019 14:26:34 +0000 (15:26 +0100)]
Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:34:19 +0000 (23:34 +0100)]
X509_LOOKUP_store: new X509_LOOKUP_METHOD that works by OSSL_STORE URI
This is a wrapper around OSSL_STORE.
This also adds necessary support functions:
- X509_STORE_load_file
- X509_STORE_load_path
- X509_STORE_load_store
- SSL_add_store_cert_subjects_to_stack
- SSL_CTX_set_default_verify_store
- SSL_CTX_load_verify_file
- SSL_CTX_load_verify_dir
- SSL_CTX_load_verify_store
and deprecates X509_STORE_load_locations and SSL_CTX_load_verify_locations,
as they aren't extensible.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Wed, 6 Mar 2019 22:32:07 +0000 (23:32 +0100)]
OSSL_STORE: constify the criterion parameter a bit more
For some reason, OSSL_STORE_SEARCH_get0_name() and OSSL_STORE_find()
accepted a non-const OSSL_STORE_SEARCH criterion, which isn't at all
necessary.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
Richard Levitte [Fri, 1 Nov 2019 15:56:31 +0000 (16:56 +0100)]
Change EVP_PKEY_CTX_new_provided() to take a library context too.
With provided algorithms, the library context is ever present, so of
course it should be specified alongside the algorithm name and
property query string.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Richard Levitte [Thu, 31 Oct 2019 10:43:31 +0000 (11:43 +0100)]
Make EVP_PKEY_CTX initialization more precise
There is a vagueness around how the provider data (algorithm name and
property query string) is initialized in the presence of an engine.
This change modifies this slightly so that the algorithm name for use
with providers is never set if the initilization was given an engine.
This makes it easier for other functions to simply check ctx->algorithm
to see if the context is meant to be used for strictly legacy stuff or
not.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
Patrick Steuer [Sat, 2 Nov 2019 13:50:28 +0000 (14:50 +0100)]
Fix --strict-warnings build
The %zd format corresponds to ssize_t which is used for
function to either return a valid size or a negative value
to indicate an error. Since size_t is in [-1,SSIZE_MAX] it
is not a portable way to represent a pointer diff. For
the %td format which corresponds to ptrdiff_t is C11,
we chose to cast to long instead as it is already done
in other places.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10335)
Patrick Steuer [Fri, 1 Nov 2019 22:29:04 +0000 (23:29 +0100)]
s390x assembly pack: enable clang build
clang imposes some restrictions on the assembler code that
gcc does not.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10330)
Richard Levitte [Fri, 1 Nov 2019 21:58:27 +0000 (22:58 +0100)]
doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 21:18:38 +0000 (22:18 +0100)]
test/params_api_test.c: Correct the checks of OSSL_PARAM_set_BN()
Now, the returned size check matches the check made for all other
integer types.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Fri, 1 Nov 2019 19:44:14 +0000 (20:44 +0100)]
Fix OSSL_PARAM_set_BN() to fill the given buffer correctly.
OSSL_PARAM_set_BN() filled the buffer from the left with as many bytes
as that the BIGNUM takes, regardless of buffer size or native
endianness. This was due to BN_bn2nativepad() being given the size of
the BIGNUM rather than the size of the buffer (which meant it never
had to pad anything).
The fix is to given BN_bn2nativepad() the size of the buffer instead.
This aligns well with the corresponding _set_ functions for native
integer types work.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
Richard Levitte [Sat, 2 Nov 2019 10:18:31 +0000 (11:18 +0100)]
test/build.info: add missing inclusion for ssl_ctx_test
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10334)
Richard Levitte [Tue, 14 May 2019 00:15:14 +0000 (17:15 -0700)]
VMS: Added new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
This system services is based on FreeBSD 12's getentropy(), and is
therefore treated the same way as getentropy() with regards to amount
of entropy bits per data bit.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8926)
Christian Heimes [Sun, 21 Jan 2018 12:19:05 +0000 (13:19 +0100)]
Add test cases for min/max protocol API
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6553)
Richard Levitte [Tue, 29 Oct 2019 12:37:54 +0000 (13:37 +0100)]
Configure: Make --strict-warnings meaningful with MSVC cl
We also add this to our x86_64 builds on appveyor
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10287)
Richard Levitte [Tue, 13 Nov 2018 14:17:21 +0000 (15:17 +0100)]
BIO_s_connect: add an error state and use it
If no connection could be made, addr_iter will eventually end up being
NULL, and if the user didn't check the returned error value, the
BIO_CONN_S_CONNECT code will be performed again and will crash.
So instead, we add a state BIO_CONN_S_CONNECT_ERROR that we enter into
when we run out of addresses to try. That state will just simply say
"error" back, until the user does something better with the BIO, such
as free it or reset it.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7630)
Pauli [Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)]
DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Pauli [Fri, 1 Nov 2019 02:47:06 +0000 (12:47 +1000)]
DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).
In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
Patrick Steuer [Thu, 31 Oct 2019 20:41:30 +0000 (21:41 +0100)]
s390x: fix build errors
ecp_s390x_nistp.c and ecx_meth.c need to include s390x_arch.h.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10317)
jayaram [Wed, 30 Oct 2019 07:26:18 +0000 (12:56 +0530)]
fix for Missing null check after OPENSSL_zalloc
Fixes #10283
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10296)
Patrick Steuer [Thu, 31 Oct 2019 13:17:31 +0000 (14:17 +0100)]
md4/md5: macros should not include the line following them
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10311)
Scott Wilson [Thu, 31 Oct 2019 11:37:51 +0000 (22:37 +1100)]
Fix potential memory leak in dh_ameth.c
Free dukm in error handling of dh_cms_encrypt()
Fixes #10294
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10310)
Rich Salz [Fri, 4 Oct 2019 21:09:19 +0000 (17:09 -0400)]
Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226
Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit
a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
Richard Levitte [Tue, 29 Oct 2019 21:17:19 +0000 (22:17 +0100)]
evp_pkey_ctx_free_old_ops(): Make sure to assign NULL to freed pointers
Otherwise, should this function be called more than once on the same
EVP_PKEY_CTX, we get double free issues.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10292)
Jakub Zelenka [Sun, 8 Sep 2019 16:38:35 +0000 (17:38 +0100)]
Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
Billy Brumley [Thu, 17 Oct 2019 20:30:18 +0000 (23:30 +0300)]
[crypto/bn] fix a few small timing leaks in BN_lshift1 and BN_rshift1
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10209)
Kelvin Lee [Sun, 27 Oct 2019 12:04:39 +0000 (23:04 +1100)]
Fix typo in cipher_chacha20_poly1305_hw.c.
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10275)
Tanzinul Islam [Fri, 25 Oct 2019 16:47:25 +0000 (17:47 +0100)]
Fix find/rm command in Unix clean recipe
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).
>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)
Exclude directories from being matched by the `find` commands.
CLA: trivial
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
John Baldwin [Wed, 9 Oct 2019 18:33:00 +0000 (11:33 -0700)]
Don't generate a MAC when using KTLS.
The kernel will generate the MAC when transmitting the frame. Doing
so here causes the MAC to be included as part of the plain text that
the kernel MACs and encrypts. Note that this path is not taken when
using stitched cipher suites.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 23:42:48 +0000 (16:42 -0700)]
Fix BIO_get_ktls_send() and BIO_get_ktls_recv() to work again.
This partially reverts
3119ab3c9e6d211c461a245f3744893e17b6c193. In the
case of a simple openssl s_server instance, the bio in s->wbio is a
BIO_TYPE_BUFFER BIO, not BIO_TYPE_SOCKET. This caused all of the checks
to fail breaking KTLS.
The default return value of control methods I have looked it is zero
for unknown control requests, so invoking the control requests should
be returning 0 for non-socket BIOs already.
This does still map the requests to 0 at compile time for the non-KTLS
case so that the compiler can optimize the checks away entirely.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
John Baldwin [Fri, 23 Aug 2019 20:56:09 +0000 (13:56 -0700)]
Simplify NO_KTLS path in SSL_sendfile.
Avoid tripping over errno values from previous system calls in the
thread and just hardcode the specific error. BIO_get_ktls_send()
should never be true in the NO_KTLS path, so the #ifdef could be
moved even higher up to assume that error path in the NO_KTLS case
instead.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Wed, 31 Oct 2018 19:01:47 +0000 (15:01 -0400)]
Bypass multiblock and send individual records when using KTLS.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Andrew Gallatin [Mon, 22 Oct 2018 15:02:19 +0000 (11:02 -0400)]
Add support for in-kernel TLS (KTLS) on FreeBSD.
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
Richard Levitte [Thu, 24 Oct 2019 15:04:01 +0000 (17:04 +0200)]
crypto/evp/evp_fetch.c: Make it more prominent that these functions are EVP
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10257)
Pauli [Wed, 30 Oct 2019 01:00:19 +0000 (11:00 +1000)]
KDF: use string names not macros to align with other algorithms.
Only the KDF and PRF algorithms used the macros for their names, all other
algorithms used a string name directly. This brings the KDFs and PRFs into
line with the rest.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10293)
Dr. Matthias St. Pierre [Sun, 27 Oct 2019 23:55:29 +0000 (00:55 +0100)]
Add a GitHub issue template for documentation issues
This template automatically adds the [issue: documentation] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Dr. Matthias St. Pierre [Sat, 3 Aug 2019 11:30:47 +0000 (13:30 +0200)]
Add a GitHub issue template for questions
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.
This template automatically adds the [issue: question] label.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
Kelvin Lee [Sun, 27 Oct 2019 07:22:34 +0000 (18:22 +1100)]
Fix undefined array OPENSSL_ia32cap_P.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10274)
Pavel Karagodin [Mon, 28 Oct 2019 02:12:06 +0000 (09:12 +0700)]
apps/dgst.c: allocate a new signature buffer
... if the fixed-size buffer is too small.
Fixes #9732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10276)
Dr. David von Oheimb [Fri, 27 Sep 2019 08:22:23 +0000 (10:22 +0200)]
chunk 5 of CMP contribution to OpenSSL
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)
Matt Caswell [Fri, 18 Oct 2019 15:40:44 +0000 (16:40 +0100)]
Fix an s_server arbitrary file read issue on Windows
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check for this for Unix paths but it is not sufficient
for Windows.
Since s_server is a test tool no CVE is assigned.
Thanks to Jobert Abma for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
Matt Caswell [Wed, 23 Oct 2019 18:32:05 +0000 (19:32 +0100)]
Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
Pauli [Mon, 28 Oct 2019 12:16:50 +0000 (22:16 +1000)]
Clarify the description of the NULL argument in SSL_set1_host().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)
Tobias Nießen [Fri, 18 Oct 2019 18:44:49 +0000 (20:44 +0200)]
Allow EVP_PKEY_get0_RSA for RSA-PSS keys
RSA-PSS keys use the same internal structure as RSA keys but do not
allow accessing it through EVP_PKEY_get0_RSA. This commit changes that
behavior.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10217)
Johannes Bauer [Wed, 23 Oct 2019 12:03:32 +0000 (14:03 +0200)]
Cleanup hardcoded cipher suite codepoints in s_server
The hardcoded code points for TLSv1.3 cipher suites are used in the TLS
PSK server callback. However, they seem to have been refactored a while
ago to use tls13_aes128gcmsha256_id, so these defines are not necessary
within the s_server code anymore.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10243)
Dr. Matthias St. Pierre [Fri, 25 Oct 2019 22:12:23 +0000 (00:12 +0200)]
github: switch issue templates to new labels
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10266)
Dmitry Belyavskiy [Sun, 6 Oct 2019 19:25:10 +0000 (22:25 +0300)]
Strip BOM on loading PEM files
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
Rich Salz [Sat, 5 Oct 2019 18:03:57 +0000 (14:03 -0400)]
Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
Tomas Mraz [Wed, 23 Oct 2019 10:48:18 +0000 (12:48 +0200)]
20-test_enc_more.t: Replace deprecated -ciphers option with -list
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10242)
Rich Salz [Fri, 18 Oct 2019 16:24:39 +0000 (12:24 -0400)]
Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:53:51 +0000 (14:53 +0300)]
Enable runtime testing of no-deprecated builds in Travis
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Cesar Pereida Garcia [Mon, 21 Oct 2019 11:41:01 +0000 (14:41 +0300)]
Update control logic for BN_gcd
PR https://github.com/openssl/openssl/pull/10122 introduced changes to
the BN_gcd function and the control logic inside it accessed `g->d[0]`
irrespective of `g->top`.
When BN_add is called, in case the result is zero, `BN_zero` is called.
The latter behaves differently depending on the API compatibility level
flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only
`g->top` is set to zero.
This commit uses bitwise logic to ensure that `g` is treated as zero if
`g->top` is zero, irrespective of `g->d[0]`.
Co-authored-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10232)
Rich Salz [Thu, 10 Oct 2019 01:48:33 +0000 (21:48 -0400)]
Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
Rich Salz [Fri, 18 Oct 2019 13:52:17 +0000 (09:52 -0400)]
Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
Simo Sorce [Tue, 17 Sep 2019 20:35:23 +0000 (16:35 -0400)]
Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
Nicola Tuveri [Mon, 21 Oct 2019 13:07:22 +0000 (16:07 +0300)]
Fix doc for EC_GROUP_set_curve()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Fri, 18 Oct 2019 13:24:08 +0000 (16:24 +0300)]
Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Fri, 18 Oct 2019 12:54:20 +0000 (15:54 +0300)]
Deprecate EC_GROUP_clear_free()
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.
See https://github.com/openssl/openssl/issues/9822
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
Nicola Tuveri [Wed, 11 Sep 2019 23:25:45 +0000 (02:25 +0300)]
Avoid using EC_GROUP_clear_free() internally
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.
See https://github.com/openssl/openssl/issues/9822
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
jayaram [Thu, 22 Aug 2019 05:21:25 +0000 (10:51 +0530)]
fixed the RETURN VALUES section in the EC_GROUP documentation
for the following functions.
EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)
Rich Salz [Sat, 19 Oct 2019 17:35:16 +0000 (13:35 -0400)]
Add/remove things from .gitignore
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10220)
Richard Levitte [Fri, 13 Sep 2019 09:43:18 +0000 (11:43 +0200)]
crypto/s390xcap.c: Add guards around the GETAUXVAL checks
HWCAP_S390_VX is missing on SUSE Linux Enterprise Server 12 SP1, so we
add a guard that checks the present of that macro. While we're at it,
we do the same with HWCAP_S390_STFLE, for consistency.
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9892)
Richard Levitte [Sun, 20 Oct 2019 18:49:32 +0000 (20:49 +0200)]
crypto/evp/pmeth_lib.c: Fix copy'n'paste error
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10227)
raja-ashok [Wed, 16 Oct 2019 11:45:03 +0000 (17:15 +0530)]
Fix leak with no-ec config
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10194)
Dr. Matthias St. Pierre [Sun, 20 Oct 2019 11:10:38 +0000 (13:10 +0200)]
ciphers/chacha20,poly1303: Fix two coverity errors
CID
1454872,
1454873: Incorrect expression (SIZEOF_MISMATCH)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10223)
Richard Levitte [Sun, 20 Oct 2019 07:09:56 +0000 (09:09 +0200)]
windows-makefile.tmpl: Convert all /I and /D to -I and -D
We were not consistently using one or the other, and the perlasm
code assumes dashes, which MSVC tolerates.
Fixes #10075
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10222)
Dr. Matthias St. Pierre [Sun, 29 Sep 2019 23:00:59 +0000 (01:00 +0200)]
Move random-related defines from e_os.h to rand_unix.c
Fixes #10049
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10050)
Dr. Matthias St. Pierre [Mon, 30 Sep 2019 07:05:44 +0000 (09:05 +0200)]
rand_unix.c: correct include guard comments
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10050)
agnosticdev [Mon, 16 Sep 2019 12:09:01 +0000 (07:09 -0500)]
Update dgst.c to show a list of message digests
Fixes #9893
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9912)
Richard Levitte [Thu, 17 Oct 2019 16:40:47 +0000 (18:40 +0200)]
Doc for the added internal RSA functions
It was forgotten in the previous commit.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10206)
Richard Levitte [Thu, 17 Oct 2019 16:15:13 +0000 (18:15 +0200)]
Move the version function declarations to include/openssl/crypto.h
include/openssl/crypto.h is where older similar functions already
live, and since opensslv.h became a template, it's no longer useful
for parsing by util/mknum.pl.
Affected declarations:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Thu, 17 Oct 2019 14:12:37 +0000 (16:12 +0200)]
Remove the version number in README
It's cumbersome to have to edit it at release time, it can't be made a
README.in for display reasons (Github won't show it), and having the
version number here gives no special benefit.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Thu, 17 Oct 2019 14:05:38 +0000 (16:05 +0200)]
Generate include/openssl/opensslv.h
The added benefit is that the result becomes much simple, and easier to
digest for those that still rely on the pre-3.0 opensslv.h contents.
Fixes #10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Richard Levitte [Thu, 17 Oct 2019 14:03:06 +0000 (16:03 +0200)]
Configure: get version from the file 'VERSION' instead of 'opensslv.h'
'VERSION' is a very easy file to parse, as opposed to a header file.
We also have the benefit of holding the version information in one
very well known place and can then generate all other version texts
as we see fit, for example opensslv.h.
Fixes #10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Rich Salz [Thu, 17 Oct 2019 19:45:34 +0000 (15:45 -0400)]
Replace BUF_ string function calls with OPENSSL_ ones
Deprecate the BUF_ string macros
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10207)
Richard Levitte [Tue, 4 Jun 2019 11:43:31 +0000 (13:43 +0200)]
Move BLAKE2 digests completely to the default provider
This leaves minimal implementations of EVP_blake2b512 and EVP_blake2s256,
that are now only there to provide a name for implicit fetches.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9075)
Richard Levitte [Wed, 16 Oct 2019 22:32:20 +0000 (00:32 +0200)]
evp_keymgmt_export_to_provider(): adjust OSSL_PARAM array for transfer
It may be that the OSSL_PARAM array we used for getting parameter
values for a key had a few too many entries. These are detected by
their return_size == 0. Before making second export call, we prune
away these items so we only ask for parameters that exist.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Richard Levitte [Wed, 16 Oct 2019 22:26:44 +0000 (00:26 +0200)]
test/keymgmt_internal_test.c: New test of keymgmt internals
This tests diverse internal KEYMGMT features. The current existing
test checks that evp_keymgmt_export_to_provider() passes the key data
correctly through two instances of the default provider, and that the
resulting numbers at the end match the initial numbers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Richard Levitte [Tue, 15 Oct 2019 19:31:45 +0000 (21:31 +0200)]
New RSA keymgmt implementation to handle import / export of RSA keys
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Richard Levitte [Tue, 15 Oct 2019 18:28:02 +0000 (20:28 +0200)]
Added internal functions for easy getting and setting all RSA parameters.
rsa_set0_all_params() is used to set all the primes, exponents and
coefficients. rsa_get0_all_params() is used to get all the primes,
exponents and coefficients.
"All" includes p, q, dP, dQ and qInv without making them separate.
All arrays of numbers are implemented as stacks to make dynamic use
easier.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Cesar Pereida Garcia [Fri, 20 Sep 2019 11:11:19 +0000 (14:11 +0300)]
Add GCD testing infrastructure.
This commit adds testing and Known Answer Tests (KATs) to OpenSSL for
the `BN_gcd` function.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10122)