oweals/openssl.git
5 years agoAdd CMAC speed measurements
Bernd Edlinger [Wed, 10 Apr 2019 20:44:41 +0000 (22:44 +0200)]
Add CMAC speed measurements

usage: openssl speed -cmac aes128

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8721)

5 years agoAdd prediction resistance capability to the DRBG reseeding process.
Pauli [Fri, 12 Apr 2019 08:16:20 +0000 (18:16 +1000)]
Add prediction resistance capability to the DRBG reseeding process.

Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l"

This requires the seed sources to be approved as entropy sources, after
which they should be considered live sources as per section 5.3.2 "Live
Entropy Source Availability."

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8647)

5 years agoec key validation checks updated
Shane Lontis [Sat, 23 Mar 2019 03:12:08 +0000 (13:12 +1000)]
ec key validation checks updated

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8564)

5 years agodoc fixups
Shane Lontis [Tue, 2 Apr 2019 00:55:00 +0000 (10:55 +1000)]
doc fixups

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoSeparate the lookup test
Nicola Tuveri [Sun, 31 Mar 2019 15:46:53 +0000 (18:46 +0300)]
Separate the lookup test

This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.

I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.

In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoEC_GROUP_set_curve() might fail for arbitrary params
Nicola Tuveri [Sun, 31 Mar 2019 13:26:33 +0000 (16:26 +0300)]
EC_GROUP_set_curve() might fail for arbitrary params

Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail
for some `EC_GROUP`s, depending on the internal `EC_METHOD`
implementation, hence the block of tests verifying that
`EC_GROUP_check_named_curve()` fails when any of the curve parameters is
changed is modified to run only if the previous `EC_GROUP_set_curve()`
call succeeds.

`ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the
thread error stack with unrelated errors happened during
`EC_GROUP_set_curve()`.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoadded code to validate EC named curve parameters
Shane Lontis [Thu, 21 Mar 2019 10:09:02 +0000 (20:09 +1000)]
added code to validate EC named curve parameters

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)

5 years agoAdded Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods.
Shane Lontis [Wed, 10 Apr 2019 23:47:12 +0000 (09:47 +1000)]
Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods.
Used to check that a test fails in fips mode i.e. ok_nofips(run(...))

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8661)

5 years agoReseeding without derivation function is not supported in FIPS mode.
Pauli [Wed, 10 Apr 2019 22:52:22 +0000 (08:52 +1000)]
Reseeding without derivation function is not supported in FIPS mode.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8648)

5 years agoFixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t
Shane Lontis [Mon, 8 Apr 2019 05:22:18 +0000 (15:22 +1000)]
Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8697)

5 years agoAvoid creating invalid rsa pss params
Bernd Edlinger [Sun, 31 Mar 2019 11:56:23 +0000 (13:56 +0200)]
Avoid creating invalid rsa pss params

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)

5 years agoFix typos
Jakub Wilk [Wed, 10 Apr 2019 10:00:20 +0000 (12:00 +0200)]
Fix typos

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8714)

5 years agoEVP_*Update: ensure that input NULL with length 0 isn't passed
Richard Levitte [Thu, 4 Apr 2019 23:22:14 +0000 (01:22 +0200)]
EVP_*Update: ensure that input NULL with length 0 isn't passed

Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function.  The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.

Fixes #8675

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8676)

5 years agoMake X509_set_sm2_id consistent with other setters
Paul Yang [Mon, 1 Apr 2019 01:21:53 +0000 (10:21 +0900)]
Make X509_set_sm2_id consistent with other setters

This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.

Document and test case are also updated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)

5 years agotest/params_test.c : Adjust tests to check utf8_ptr sizes
Richard Levitte [Tue, 9 Apr 2019 11:16:16 +0000 (13:16 +0200)]
test/params_test.c : Adjust tests to check utf8_ptr sizes

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)

5 years agoParams API: {utf8,octet}_ptr need to know the data size
Richard Levitte [Tue, 9 Apr 2019 06:31:09 +0000 (08:31 +0200)]
Params API: {utf8,octet}_ptr need to know the data size

When the purpose is to pass parameters to a setter function, that
setter function needs to know the size of the data passed.  This
remains true for the pointer data types as well.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)

5 years agoFix crash in X509_STORE_CTX_get_by_subject
Matt Caswell [Mon, 8 Apr 2019 10:22:37 +0000 (11:22 +0100)]
Fix crash in X509_STORE_CTX_get_by_subject

If using a custom X509_LOOKUP_METHOD then calls to
X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised
X509_OBJECT being passed to the callback get_by_subject function.

Fixes #8673

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8698)

5 years agoAdd a legacy provider and put MD2 in it
Matt Caswell [Fri, 5 Apr 2019 09:47:05 +0000 (10:47 +0100)]
Add a legacy provider and put MD2 in it

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

5 years agoUse the right NID when putting a method in the store
Matt Caswell [Wed, 20 Mar 2019 17:51:29 +0000 (17:51 +0000)]
Use the right NID when putting a method in the store

When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

5 years agoConfigurations/10-main.conf: Don't inherit assembler in Cygwin-common
Richard Levitte [Fri, 5 Apr 2019 13:38:09 +0000 (15:38 +0200)]
Configurations/10-main.conf: Don't inherit assembler in Cygwin-common

The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do
this.

Fixes #8684

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8685)

5 years agoParams: add OSSL_PARAM_construct_end()
Richard Levitte [Tue, 9 Apr 2019 07:49:58 +0000 (09:49 +0200)]
Params: add OSSL_PARAM_construct_end()

OSSL_PARAM_END is a macro that can only be used to initialize an
OSSL_PARAM array, not to assign an array element later on.  For
completion, we add an end constructor to facilitate that kind of
assignment.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8704)

5 years agoEC keygen updates + changed ecdsa_sign to use BN_secure_new
Shane Lontis [Fri, 22 Mar 2019 04:10:31 +0000 (14:10 +1000)]
EC keygen updates + changed ecdsa_sign to use BN_secure_new

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8557)

5 years agoCoverity: hkdf ENV_MD_size() is an int that can be negative
Shane Lontis [Sun, 7 Apr 2019 08:59:07 +0000 (18:59 +1000)]
Coverity: hkdf ENV_MD_size() is an int that can be negative

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8692)

5 years agoAvoid alignment problems in params API.
Pauli [Mon, 8 Apr 2019 04:28:59 +0000 (14:28 +1000)]
Avoid alignment problems in params API.

Using a byte buffer causes problems for device that don't handle unaligned
reads.  Instead use the properly aligned variable that was already pointed at.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8696)

5 years agos_client starttls: fix handling of multiline reply
Dan Campbell [Thu, 4 Apr 2019 21:15:33 +0000 (15:15 -0600)]
s_client starttls: fix handling of multiline reply

Fixes #8645

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8654)

5 years agocoverity resource leak fixes in apps/pkeyutl
Shane Lontis [Sun, 7 Apr 2019 01:45:36 +0000 (11:45 +1000)]
coverity resource leak fixes in apps/pkeyutl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8691)

5 years agofix --strict-warnings build
Patrick Steuer [Sun, 7 Apr 2019 11:48:15 +0000 (13:48 +0200)]
fix --strict-warnings build

ISO C90 forbids specifying subobject to initialize

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8693)

5 years agofix --strict-warnings build
Patrick Steuer [Sun, 7 Apr 2019 11:30:26 +0000 (13:30 +0200)]
fix --strict-warnings build

C++ style comments are not allowed in ISO C90

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8693)

5 years agoCoverity: fix two minor NPD issues.
FdaSilvaYY [Sat, 6 Apr 2019 09:16:59 +0000 (19:16 +1000)]
Coverity: fix two minor NPD issues.
Found by Coverity.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8274)

5 years agoFix big endian param API tests.
Pauli [Sat, 6 Apr 2019 09:15:44 +0000 (19:15 +1000)]
Fix big endian param API tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8629)

5 years agoFix the allocation size in EVP_OpenInit and PEM_SignFinal
Bernd Edlinger [Sun, 31 Mar 2019 10:00:16 +0000 (12:00 +0200)]
Fix the allocation size in EVP_OpenInit and PEM_SignFinal

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8620)

5 years agoEVP configuration section: add 'default_properties' command
Richard Levitte [Fri, 5 Apr 2019 08:53:11 +0000 (10:53 +0200)]
EVP configuration section: add 'default_properties' command

The value of the 'default_properties' command is simply passed to
EVP_set_default_properties().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)

5 years agoEVP_set_default_properties(): New function to set global properties
Richard Levitte [Fri, 5 Apr 2019 08:46:18 +0000 (10:46 +0200)]
EVP_set_default_properties(): New function to set global properties

EVP_MD_fetch() can be given a property query string.  However, there
are cases when it won't, for example in implicit fetches.  Therefore,
we also need a way to set a global property query string to be used in
all subsequent fetches.  This also applies to all future algorithm
fetching functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)

5 years agoConvert the ENGINE_CONF trace calls to use CONF instead
Richard Levitte [Fri, 5 Apr 2019 09:20:28 +0000 (11:20 +0200)]
Convert the ENGINE_CONF trace calls to use CONF instead

Additionally, merge ENGINE_CONF into CONF.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)

5 years agoAdd a bit of tracing in the core conf module runner
Richard Levitte [Fri, 5 Apr 2019 09:02:17 +0000 (11:02 +0200)]
Add a bit of tracing in the core conf module runner

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)

5 years agoRename the PROVIDER_CONF trace to CONF
Richard Levitte [Fri, 5 Apr 2019 08:58:16 +0000 (10:58 +0200)]
Rename the PROVIDER_CONF trace to CONF

Other configuration modules may have use for tracing, and having one
tracing category for each of them is a bit much.  Instead, we make one
category for them all.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)

5 years agoOPENSSL_init_crypto(): check config return code correctly
Richard Levitte [Fri, 5 Apr 2019 08:28:32 +0000 (10:28 +0200)]
OPENSSL_init_crypto(): check config return code correctly

It was assumed that the config functionality returned a boolean.
However, it may return a negative number on error, so we need to take
that into account.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8679)

5 years agoFix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE
Richard Levitte [Fri, 5 Apr 2019 09:15:23 +0000 (11:15 +0200)]
Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE

The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY
and EVP_F_AES_XTS_INIT_KEY are affected.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8682)

5 years agoMove the AES-XTS mode duplicated key check into the init_key function rather
Pauli [Mon, 1 Apr 2019 00:04:57 +0000 (10:04 +1000)]
Move the AES-XTS mode duplicated key check into the init_key function rather
than the update call.  The means an earlier error return at the cost of some
duplicated code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8625)

5 years agoComplain if there are missing symbols when creating a provider .so file
Matt Caswell [Thu, 21 Mar 2019 16:41:25 +0000 (16:41 +0000)]
Complain if there are missing symbols when creating a provider .so file

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)

5 years agoTest that we can use the FIPS provider
Matt Caswell [Thu, 21 Mar 2019 11:57:35 +0000 (11:57 +0000)]
Test that we can use the FIPS provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)

5 years agoAdd a no-fips Configure option
Matt Caswell [Wed, 20 Mar 2019 14:29:05 +0000 (14:29 +0000)]
Add a no-fips Configure option

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)

5 years agoCreate a FIPS provider and put SHA256 in it
Matt Caswell [Wed, 20 Mar 2019 14:27:52 +0000 (14:27 +0000)]
Create a FIPS provider and put SHA256 in it

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)

5 years agotrace: add PROVIDER_CONF trace category
Dr. Matthias St. Pierre [Thu, 4 Apr 2019 16:27:15 +0000 (18:27 +0200)]
trace: add PROVIDER_CONF trace category

Fixes #8667

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8672)

5 years agoCorrect the documentation about SSL_CIPHER_description()
Matt Caswell [Wed, 3 Apr 2019 22:13:59 +0000 (23:13 +0100)]
Correct the documentation about SSL_CIPHER_description()

There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but
are backwards compatible with SSLv3.

Fixes #8655

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8658)

5 years agoSkip the correct number of tests if SM2 is disabled
Matt Caswell [Wed, 3 Apr 2019 08:44:41 +0000 (09:44 +0100)]
Skip the correct number of tests if SM2 is disabled

Fixes no-sm2 (and also no-sm3 and no-ec)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8650)

5 years agoFor provider tests, don't define a OPENSSL_NO_ macro
Richard Levitte [Thu, 4 Apr 2019 10:35:47 +0000 (12:35 +0200)]
For provider tests, don't define a OPENSSL_NO_ macro

Since the macro to indicate if the test provider module is available
is local to the test programs, it's better to use a name that isn't
as easily confused with a library feature disabling macro that one
would expect to find in opensslconf.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8664)

5 years agoDocument the 'no-module' configuration option
Richard Levitte [Thu, 4 Apr 2019 10:56:57 +0000 (12:56 +0200)]
Document the 'no-module' configuration option

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8665)

5 years agoCorrect EVP_F_EVP_MD_BLOCK_SIZE number
Richard Levitte [Wed, 3 Apr 2019 20:54:00 +0000 (22:54 +0200)]
Correct EVP_F_EVP_MD_BLOCK_SIZE number

The number that was used was already taken

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8656)

5 years agoUse AI_ADDRCONFIG hint with getaddrinfo if available.
Tomas Mraz [Thu, 21 Mar 2019 12:17:29 +0000 (13:17 +0100)]
Use AI_ADDRCONFIG hint with getaddrinfo if available.

This prevents failure of openssl s_server socket binding to wildcard
address on hosts with disabled IPv6.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8550)

5 years agoModify OCSP to use alt MD for cert IDs in responses
Todd Short [Wed, 19 Apr 2017 19:35:16 +0000 (15:35 -0400)]
Modify OCSP to use alt MD for cert IDs in responses

Modify openssl OCSP utility to produce certIDs in responses using other
hash algorithms (e.g. SHA256).

Added option -rcid for this purpose.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5274)

5 years agoAdd a test for EVP_MD_block_size()
Matt Caswell [Fri, 29 Mar 2019 15:38:10 +0000 (15:38 +0000)]
Add a test for EVP_MD_block_size()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)

5 years agoSupport EVP_MD_block_size() with providers
Matt Caswell [Thu, 28 Mar 2019 17:22:20 +0000 (17:22 +0000)]
Support EVP_MD_block_size() with providers

Fixes #8565

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)

5 years agoAdd an EVP_MD_CTX_md() test
Matt Caswell [Fri, 29 Mar 2019 16:29:54 +0000 (16:29 +0000)]
Add an EVP_MD_CTX_md() test

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)

5 years agoEnsure EVP_MD_CTX_md returns the EVP_MD originally used
Matt Caswell [Fri, 29 Mar 2019 16:28:07 +0000 (16:28 +0000)]
Ensure EVP_MD_CTX_md returns the EVP_MD originally used

Fixes #8613

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)

5 years agoreplaced snprintf with BIO version (for windows builds)
Richard Levitte [Wed, 3 Apr 2019 13:44:17 +0000 (15:44 +0200)]
replaced snprintf with BIO version (for windows builds)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8651)

5 years agoReplumbing: add documentation for the provider configuration module
Richard Levitte [Sat, 30 Mar 2019 21:25:00 +0000 (22:25 +0100)]
Replumbing: add documentation for the provider configuration module

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)

5 years agoAdd test for the provider configuration module
Richard Levitte [Sat, 30 Mar 2019 21:10:39 +0000 (22:10 +0100)]
Add test for the provider configuration module

We reuse test/provider_internal_test.c and test/p_test.c,
and get it loaded one more time via the configuration file
test/provider_internal_test.conf

To support different platform standards regarding module
extensions, we generate test/provider_internal_test.conf

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)

5 years agoReplumbing: add a configuration module for providers
Richard Levitte [Wed, 20 Mar 2019 15:53:19 +0000 (16:53 +0100)]
Replumbing: add a configuration module for providers

This configuration module supports a configuration structure pretty
much like the engine configuration module, i.e. something like this:

    openssl_conf = openssl_init

    [openssl_init]
    providers = provider_section

    [provider_section]
    # Configure the provider named "foo"
    foo = foo_section
    # Configure the provider named "bar"
    bar = bar_section

    [foo_section]
    # Override name given in the provider section
    identity = myfoo
    # The exact path of the module.  This is platform specific
    module_path = /opt/openssl/modules/foo.so
    # Whether it should be automatically activated.  Value is unimportant
    activate = whatever

    # Anything else goes as well, and becomes parameters that the
    # provider can get
    what = 1
    # sub-sections will be followed as well
    ever = ever_section

    [ever_section]
    cookie = monster

All the configurations in a provider section and its sub-sections
become parameters for the provider to get, i.e. the "foo" provider
will be able to get values for the following keys (with associated
values shown):

    identity            => myfoo
    module_path         => /opt/openssl/modules/foo.so
    activate            => whatever
    what                => 1
    ever.cookie         => monster

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)

5 years agoReplumbing: add functionality to set provider parameters
Richard Levitte [Thu, 21 Mar 2019 07:44:06 +0000 (08:44 +0100)]
Replumbing: add functionality to set provider parameters

Provider parameters are parameters set by the core that the provider
can retrieve.  The primary use it to support making OpenSSL
configuration data available to the provider.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)

5 years agoAES-XTS block limit.
Pauli [Wed, 3 Apr 2019 06:03:46 +0000 (16:03 +1000)]
AES-XTS block limit.

Limit the number of AES blocks in a data unit to 2^20 or less.
This corresponds to the mandates in IEEE Std 1619-2018 and NIST SP 800-38E.

Note: that this is a change from IEEE Std 1619-2007 which only recommended
this limit.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8627)

5 years agoRevert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT"
Richard Levitte [Tue, 2 Apr 2019 12:40:11 +0000 (14:40 +0200)]
Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT"

I turns out that this made crypto/rand/rand_win.c to never build with
BCrypt support unless the user sets _WIN32_WINNT.  That wasn't the
intent.

This reverts commit cc8926ec8fcecae89ceab91ef753de93e49568f9.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8641)

5 years agorand_win.c: loosen version requirements for BCryptGenRandom
Dr. Matthias St. Pierre [Tue, 2 Apr 2019 10:35:46 +0000 (12:35 +0200)]
rand_win.c: loosen version requirements for BCryptGenRandom

BCryptGenRandom() is available for Windows Vista and newer versions, see
https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8639)

5 years agocrypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT
Richard Levitte [Tue, 2 Apr 2019 09:14:10 +0000 (11:14 +0200)]
crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT

This helps decide if the BCrypt API should be used or not.

Fixes #8635

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8638)

5 years agoCorrect the checks of module availability in provider test programs
Richard Levitte [Sun, 31 Mar 2019 13:26:26 +0000 (15:26 +0200)]
Correct the checks of module availability in provider test programs

Previously, the macro OPENSSL_NO_SHARED was defined of the test/p_test
module wasn't built, but the provider test programs didn't check that
macro.  We rename it to OPENSSL_NO_MODULE, since that name describes
the situation more than OPENSSL_NO_SHARED does, and use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)

5 years agoConfiguration / build: make it possible to disable building of modules
Richard Levitte [Sun, 31 Mar 2019 13:17:58 +0000 (15:17 +0200)]
Configuration / build: make it possible to disable building of modules

While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
  However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
  though we can't use them from apps linked with libraries that are
  built this way).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)

5 years agoBuild cleanup: don't use SHARED_SOURCE with modules
Richard Levitte [Sun, 31 Mar 2019 13:14:00 +0000 (15:14 +0200)]
Build cleanup: don't use SHARED_SOURCE with modules

SHARED_SOURCE is reserved for products that are expected to come in
dual shared / non-shared form, i.e. the routine libraries like
libcrypto and libssl, to distinguish source that should only appear in
their shared form.

Modules are always shared, so there's no need for them to have this
type of distinction.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)

5 years agoRestore the "heartbeats" configuration option among the deprecated
Richard Levitte [Mon, 1 Apr 2019 15:37:16 +0000 (17:37 +0200)]
Restore the "heartbeats" configuration option among the deprecated

Removing the option entirely would break builds unnecessarily, so
let's make it deprecated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8632)

5 years agoadd documentation
Boris Pismenny [Thu, 6 Dec 2018 19:36:08 +0000 (21:36 +0200)]
add documentation

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agoapps: print Kernel receive side TLS in s_client and s_server
Boris Pismenny [Thu, 6 Dec 2018 19:17:26 +0000 (21:17 +0200)]
apps: print Kernel receive side TLS in s_client and s_server

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agosslapitest: add test ktls Rx
Boris Pismenny [Sun, 11 Mar 2018 14:20:29 +0000 (16:20 +0200)]
sslapitest: add test ktls Rx

Add a unit-test for ktls receive side.

Change-Id: I890588681d05fba419f644f6d903be6dc83c9ed5
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agossl: Linux TLS Rx Offload
Boris Pismenny [Thu, 21 Feb 2019 14:39:36 +0000 (16:39 +0200)]
ssl: Linux TLS Rx Offload

This patch adds support for the Linux TLS Rx socket option.
It completes the previous patch for TLS Tx offload.
If the socket option is successful, then the receive data-path of the TCP
socket is implemented by the kernel.
We choose to set this option at the earliest - just after CCS is complete.

Change-Id: I59741e04d89dddca7fb138e88fffcc1259b30132
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agobio: Linux TLS Rx Offload
Boris Pismenny [Sun, 11 Mar 2018 14:17:51 +0000 (16:17 +0200)]
bio: Linux TLS Rx Offload

Add support for Linux TLS Rx offload in the BIO layer.

Change-Id: I79924b25dd290a873d69f6c8d429e1f5bb2c3365
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agoLinux ktls Rx infrastructure
Boris Pismenny [Sun, 11 Mar 2018 14:16:16 +0000 (16:16 +0200)]
Linux ktls Rx infrastructure

Introduce the infrastructure for supproting receive side Linux Kernel TLS
data-path.

Change-Id: I71864d8f9d74a701cc8b0ad5536005f3c1716c1c
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7848)

5 years agoRework DSO API conditions and configuration option
Richard Levitte [Sun, 31 Mar 2019 14:15:02 +0000 (16:15 +0200)]
Rework DSO API conditions and configuration option

'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO.  However, there may
be some odd platforms with no DSO scheme.  For those, we generate the
internal macro DSO_NONE aand use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/#8622)

5 years agoFixed typo in enc.c warning
x753 [Fri, 29 Mar 2019 01:31:36 +0000 (21:31 -0400)]
Fixed typo in enc.c warning

"warning: iv not use by this cipher" -> "warning: iv not used by this cipher"
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8608)

5 years agofixed public range check in ec_GF2m_simple_oct2point
Shane Lontis [Wed, 27 Mar 2019 07:38:28 +0000 (17:38 +1000)]
fixed public range check in ec_GF2m_simple_oct2point

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8607)

5 years agoImplement the param types that aren't explicitly lengthened (e.g. int) in terms
Pauli [Sat, 30 Mar 2019 02:49:05 +0000 (12:49 +1000)]
Implement the param types that aren't explicitly lengthened (e.g. int) in terms
of those that are (e.g. int32_t).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8616)

5 years agoissue-8493: Fix for filenames with newlines using openssl dgst
Pauli [Sat, 30 Mar 2019 01:22:51 +0000 (11:22 +1000)]
issue-8493: Fix for filenames with newlines using openssl dgst

The output format now matches coreutils *dgst tools.

[ edited to remove trailing white space ]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8578)

5 years agoFix a memleak in apps/verify
Paul Yang [Wed, 13 Mar 2019 10:04:05 +0000 (18:04 +0800)]
Fix a memleak in apps/verify

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)

5 years agoAdd documents for SM2 cert verification
Paul Yang [Wed, 13 Mar 2019 09:22:31 +0000 (17:22 +0800)]
Add documents for SM2 cert verification

This follows #8321 which added the SM2 certificate verification feature.
This commit adds the related docs - the newly added 2 APIs and options
in apps/verify.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)

5 years agoAdd test cases for SM2 cert verification
Paul Yang [Wed, 13 Mar 2019 08:54:11 +0000 (16:54 +0800)]
Add test cases for SM2 cert verification

This follows #8321 which added the SM2 certificate verification feature.
This commit adds some test cases for #8321.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8465)

5 years agotrace: rename the default trace category from 'ANY' to 'ALL'
Dr. Matthias St. Pierre [Thu, 21 Mar 2019 17:59:13 +0000 (18:59 +0100)]
trace: rename the default trace category from 'ANY' to 'ALL'

It seems more intuitive to set `OPENSSL_TRACE=all` instead of
`OPENSSL_TRACE=any` to obtain trace output for all categories.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)

5 years agotrace: apps/openssl: print the correct category name
Dr. Matthias St. Pierre [Thu, 21 Mar 2019 17:27:50 +0000 (18:27 +0100)]
trace: apps/openssl: print the correct category name

Previously, if the openssl application was run with OPENSSL_TRACE=any,
all trace output would just show 'ANY' as the category name, which was
not very useful. To get the correct category name printed in the trace
output, the openssl application now registers separate channels for
each category.

The trace API is unchanged, it is still possible for an application to
register a single channel for the 'ANY' category to see all outputt,
if it does not need this level of detail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)

5 years agotrace: fix out-of-bound memory access
Dr. Matthias St. Pierre [Wed, 20 Mar 2019 23:56:36 +0000 (00:56 +0100)]
trace: fix out-of-bound memory access

When OSSL_trace_get_category_num() is called with an unknown category
name, it returns -1. This case needs to be considered in order to
avoid out-of-bound memory access to the `trace_channels` array.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)

5 years agotrace: don't pretend success if it's not enabled
Dr. Matthias St. Pierre [Tue, 19 Mar 2019 07:53:35 +0000 (08:53 +0100)]
trace: don't pretend success if it's not enabled

Partially reverts d33d76168fb7 Don't fail when tracing is disabled

Commit d33d76168fb7 fixed the problem that the initialization of
libcrypto failed when tracing was disabled, because the unoperational
ossl_trace_init() function returned a failure code. The problem was
fixed by changing its return value from failure to success.

As part of the fix the return values of other unimplemented trace API
functions (like OSSL_trace_set_channel(),OSSL_trace_set_callback())
was changed from failure to success, too. This change was not necessary
and is a bit problematic IMHO, because nobody expects an unimplemented
function to pretend it succeeded.

It's the application's duty to handle the case correctly when the trace
API is not enabled (i.e., OPENSSL_NO_TRACE is defined), not the API's job
to pretend success just to prevent the application from failing.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8552)

5 years agos390x assembly pack: import poly from cryptogams repo
Patrick Steuer [Fri, 22 Mar 2019 23:03:24 +0000 (00:03 +0100)]
s390x assembly pack: import poly from cryptogams repo

>=20% faster than present code.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8560)

5 years agoRemove heartbeats completely
Richard Levitte [Tue, 15 Nov 2016 13:55:40 +0000 (14:55 +0100)]
Remove heartbeats completely

Fixes #4856

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1928)

5 years agoWindows, VMS: build fixes
Richard Levitte [Tue, 19 Mar 2019 13:43:31 +0000 (14:43 +0100)]
Windows, VMS: build fixes

The naming of generated assembler wasn't done quite right.  There are
assembler files that are generated from a perl script, and there are
those who are not.  Only the former must be renamed to the platform
specific asm extension.

Furthermore, we need to make sure that 'OSSL_provider_init' isn't case
sensitive on VMS, to allow for the least surprise for provider
builders.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8529)

5 years agoCorrectly initialise PACKET to zero in the tests to avoid possible problems
Pauli [Fri, 29 Mar 2019 08:42:37 +0000 (18:42 +1000)]
Correctly initialise PACKET to zero in the tests to avoid possible problems
with padding bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoPropery initialise struct sslapitest_log_counts to zero using memset.
Pauli [Fri, 29 Mar 2019 08:31:10 +0000 (18:31 +1000)]
Propery initialise struct sslapitest_log_counts to zero using memset.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoCorrectly zero the DISPLAY_COLUMNS structure.
Pauli [Fri, 29 Mar 2019 08:27:28 +0000 (18:27 +1000)]
Correctly zero the DISPLAY_COLUMNS structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoMake the array zeroing explicit using memset.
Pauli [Fri, 29 Mar 2019 08:26:53 +0000 (18:26 +1000)]
Make the array zeroing explicit using memset.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoIt isn't necessary to initialise a struct stat before a stat(2) system call.
Pauli [Fri, 29 Mar 2019 08:19:19 +0000 (18:19 +1000)]
It isn't necessary to initialise a struct stat before a stat(2) system call.
The initialisation was also flawed, failing to account for padding and
alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoEnsure that the struct msghdr is properly zeroed.
Pauli [Fri, 29 Mar 2019 08:17:38 +0000 (18:17 +1000)]
Ensure that the struct msghdr is properly zeroed.

This is probably harmless but best to properly initialise things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8611)

5 years agoopenssl dgst: show MD name at all times - CHANGES entry
Richard Levitte [Fri, 29 Mar 2019 10:26:55 +0000 (11:26 +0100)]
openssl dgst: show MD name at all times - CHANGES entry

Related to #8609

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8612)

5 years agoopenssl dgst: show MD name at all times
Richard Levitte [Fri, 29 Mar 2019 06:11:57 +0000 (07:11 +0100)]
openssl dgst: show MD name at all times

When 'openssl dgst' is called with a MD alias (such as sha256) and no
further arguments (i.e. input is taken from stdin), the MD name wasn't
shown.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8609)

5 years agoClear seed source structures.
Pauli [Fri, 29 Mar 2019 07:46:11 +0000 (17:46 +1000)]
Clear seed source structures.

If the structures have empty padding bytes, ensure they are zeroed.
These structures are added to seed pools as complete blocks including
any padding and alignment bytes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8610)

5 years agoFor the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Soujyu Tanaka [Wed, 27 Mar 2019 08:30:47 +0000 (17:30 +0900)]
For the lack of GetModuleHandleEx(), we use DSO route for WinCE.
Revert win32_pathbyaddr() which is used in DSO_dsobyaddr().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

5 years agoCircumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
Soujyu Tanaka [Wed, 27 Mar 2019 07:21:58 +0000 (16:21 +0900)]
Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)