Richard Levitte [Wed, 17 Apr 2019 20:30:03 +0000 (22:30 +0200)]
Recognise clang -fsanitize options and translate them
Because we depend on knowing if clang's address, memory or undefinedbehavior
sanitizers are enabled, we make an extra effort to detect them among the
C flags, and adjust the %disabled values accordingly.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8778)
Richard Levitte [Tue, 9 Apr 2019 12:39:54 +0000 (14:39 +0200)]
Add a way for the application to get OpenSSL configuration data
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for
display, but if all you really want is the directory itself, you were
forced to parsed the string.
This introduces a new function to get diverse configuration data from
the library, OPENSSL_info(). This works the same way as
OpenSSL_version(), but has its own series of types, currently
including:
OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR
OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR
OPENSSL_INFO_MODULES_DIR returns MODULESDIR
OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION
OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator
OPENSSL_INFO_LIST_SEPARATOR returns list separator
For scripting purposes, this also adds the command 'openssl info'.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)
Richard Levitte [Tue, 9 Apr 2019 12:33:29 +0000 (14:33 +0200)]
Add the possibility to display and use MODULESDIR
This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the
flag '-m' for 'openssl version'.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)
Richard Levitte [Tue, 23 Apr 2019 07:41:19 +0000 (09:41 +0200)]
Configure: make disabling stuff easier and safer
Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.
Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
Richard Levitte [Tue, 23 Apr 2019 07:29:45 +0000 (09:29 +0200)]
Configure: recognise -static even if given through variables
Fixes #8787
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
Richard Levitte [Tue, 23 Apr 2019 07:24:38 +0000 (09:24 +0200)]
Configure: merge all of %user and %useradd into %config earlier
This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)
Matt Caswell [Fri, 19 Apr 2019 15:48:09 +0000 (16:48 +0100)]
If key or iv is NULL set the respective length to 0
[extended tests]
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8794)
Matt Caswell [Fri, 19 Apr 2019 15:21:10 +0000 (16:21 +0100)]
Fix EVP_CIPHER_CTX_rand_key()
Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key().
Now that ciphers may come from providers we need to make sure we ask the
provider for the value if appropriate.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8794)
Matt Caswell [Fri, 19 Apr 2019 10:17:44 +0000 (11:17 +0100)]
Fix no-ec2m
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/8792)
Pauli [Fri, 19 Apr 2019 06:23:23 +0000 (16:23 +1000)]
Fix bug in entropy gathering.
This only impacts FIPS mode or someone who has enabled the FIPS 140.2
4.9.2 Conditional Tests. i.e. nobody currently.
Fix a significant issue in the entropy gathering for the continuous RNG
testing. The impact is using an uninitialised buffer instead of the gathered
entropy.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8789)
dyrock [Mon, 15 Apr 2019 16:01:58 +0000 (11:01 -0500)]
Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)
Matt Caswell [Thu, 18 Apr 2019 09:55:11 +0000 (10:55 +0100)]
Add some more test vectors for ChaCha20
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)
Matt Caswell [Thu, 18 Apr 2019 09:54:58 +0000 (10:54 +0100)]
Clarify the documentation on the use of ChaCha20
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8780)
Matt Caswell [Thu, 18 Apr 2019 16:43:05 +0000 (17:43 +0100)]
Create provider errors and use them
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Tue, 16 Apr 2019 14:37:23 +0000 (15:37 +0100)]
Fix the S390X support for the basic AES ciphers
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Mon, 15 Apr 2019 14:33:58 +0000 (15:33 +0100)]
Add forward declarations of the AES dispatch table functions
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 10 Apr 2019 12:54:38 +0000 (13:54 +0100)]
Make implementation of blocksize, iv_length and key_length mandatory
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 10 Apr 2019 12:43:45 +0000 (13:43 +0100)]
Add a maximum output length to update and final calls
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 10 Apr 2019 12:23:58 +0000 (13:23 +0100)]
Add iv length and key length params to the cipher init calls
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Mon, 8 Apr 2019 16:19:59 +0000 (17:19 +0100)]
Implement AES CTR ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Mon, 8 Apr 2019 16:13:01 +0000 (17:13 +0100)]
Implement AES CFB ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Mon, 8 Apr 2019 15:55:34 +0000 (16:55 +0100)]
Implement AES OFB ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 3 Apr 2019 17:01:21 +0000 (18:01 +0100)]
Implement AES CBC ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 3 Apr 2019 15:53:22 +0000 (16:53 +0100)]
Add support in the default provider for 192/128 bit AES ECB
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 3 Apr 2019 15:39:34 +0000 (16:39 +0100)]
Add the provider_algs.h internal header file
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 3 Apr 2019 14:34:08 +0000 (15:34 +0100)]
Implement support for AES-256-ECB in the default provider
We also lay the ground work for various of other the basic AES ciphers.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Matt Caswell [Wed, 3 Apr 2019 14:38:07 +0000 (15:38 +0100)]
Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Richard Levitte [Thu, 18 Apr 2019 15:46:32 +0000 (17:46 +0200)]
ossl_method_store_cache_get(): ensure non-NULL property query
The comparator further down the call stack doesn't tolerate NULL, so
if we got that as input, use the empty string.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)
Richard Levitte [Thu, 18 Apr 2019 14:33:21 +0000 (16:33 +0200)]
OPENSSL_LH_flush(): assign NULL after freeing
OPENSSL_LH_flush() frees the linked lists for each slot, but didn't
set the list head to NULL after doing so, with the result that an
operation that affects these lists is likely to cause a crash.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)
Richard Levitte [Thu, 18 Apr 2019 10:23:21 +0000 (12:23 +0200)]
Fix the generic EVP algorithm fetch to actually cache them
ossl_method_store_cache_get() and ossl_method_store_cache_set() were
called with a NULL argument for store, which means no caching is
done. Give them a real store instead.
Also, increment the refcount when we do get a method out of the cache.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)
Richard Levitte [Mon, 15 Apr 2019 11:15:55 +0000 (13:15 +0200)]
asn1parse: avoid double free
|str| was used for multiple conflicting purposes. When using
'-strictpem', it's used to uniquely hold a reference to the loaded
payload. However, when using '-strparse', |str| was re-used to hold
the position from where to start parsing.
So when '-strparse' and '-strictpem' are were together, |str| ended up
pointing into data pointed at by |at|, and was yet being freed, with
the result that the payload it held a reference to became a memory
leak, and there was a double free conflict when both |str| and |at|
were being freed.
The situation is resolved by always having |buf| hold the pointer to
the file data, and always and only use |str| to hold the position to
start parsing from. Now, we only need to free |buf| properly and not
|str|.
Fixes #8752
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8753)
Simo Sorce [Wed, 17 Apr 2019 14:48:49 +0000 (10:48 -0400)]
Add SSHKDF in evp_kdf_test
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8774)
Andy Polyakov [Wed, 17 Apr 2019 19:31:01 +0000 (21:31 +0200)]
chacha/asm/chacha-armv8.pl: replace 3+1 code paths with 4+1.
The change is triggered by ThunderX2 where 3+1 was slower than scalar
code path, but it helps all processors [to handle <512 inputs].
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)
Andy Polyakov [Wed, 17 Apr 2019 19:30:39 +0000 (21:30 +0200)]
aes/asm/aesv8-armx.pl: ~20% improvement on ThunderX2.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)
Andy Polyakov [Wed, 17 Apr 2019 19:08:13 +0000 (21:08 +0200)]
ARM64 assembly pack: add ThunderX2 results.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8776)
Pauli [Wed, 17 Apr 2019 04:24:26 +0000 (14:24 +1000)]
SP 800-56B steps enumerated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8770)
Tomas Mraz [Thu, 4 Apr 2019 07:49:36 +0000 (09:49 +0200)]
Add test for the BIO_s_mem rdwr->rdonly->rdwr use-case
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
Tomas Mraz [Thu, 4 Apr 2019 07:48:47 +0000 (09:48 +0200)]
Add documentation for the BIO_s_mem pecularities
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
Tomas Mraz [Wed, 3 Apr 2019 17:07:00 +0000 (19:07 +0200)]
Add testing of RDONLY memory BIOs
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
Bernd Edlinger [Fri, 1 Mar 2019 00:55:38 +0000 (01:55 +0100)]
Add test for the BIO_get_mem_ptr() regression
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
Tomas Mraz [Wed, 3 Apr 2019 10:31:32 +0000 (12:31 +0200)]
Fix for BIO_get_mem_ptr and related regressions
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8649)
Kurt Roeckx [Sat, 13 Apr 2019 12:04:35 +0000 (14:04 +0200)]
Call RSA generation callback at the correct time.
The callback should be called with 1 when a Miller-Rabin round marked
the candidate as probably prime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
GH: #8742
Richard Levitte [Mon, 15 Apr 2019 08:40:18 +0000 (10:40 +0200)]
Don't use '-z defs' with Clang's sanitizers
The clang documentation in all sanitizers we currently use says this:
When linking shared libraries, the {flavor}Sanitizer run-time is
not linked, so -Wl,-z,defs may cause link errors (don’t use it
with {flavor}Sanitizer)
(in our case, {flavor} is one of Address, Memory, or UndefinedBehavior)
Therefore, we turn off that particular flag specifically when using
the sanitizers.
Fixes #8735
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8749)
Richard Levitte [Mon, 15 Apr 2019 07:40:22 +0000 (09:40 +0200)]
providers/common/digests/sha2.c: forward declare all dispatched functions
Forward declare the dispatched functions using typedefs from
core_numbers.h. This will ensure that they have correct signatures.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8747)
Richard Levitte [Mon, 15 Apr 2019 07:37:51 +0000 (09:37 +0200)]
Providers: for the digest_final operation, pass a output buffer size
This allows the provider digest_final operation to check that it
doesn't over-run the output buffer.
The EVP_DigestFinal_ex function doesn't take that same parameter, so
it will have to assume that the user provided a properly sized buffer,
but this leaves better room for future enhancements of the public API.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8747)
David Benjamin [Tue, 29 Jan 2019 04:39:17 +0000 (04:39 +0000)]
Fix calling convention bug in ecp_nistz256_ord_sqr_mont
The rep parameter takes an int in C, but the assembly implementation
looks at the upper bits. While it's unlikely to happen here, where all
calls pass a constant, in other scenarios x86_64 compilers will leave
arbitrary values in the upper half.
Fix this by making the C prototype match the assembly. (This aspect of
the calling convention implies smaller-than-word arguments in assembly
functions should be avoided. There are far fewer things to test if
everything consistently takes word-sized arguments.)
This was found as part of ABI testing work in BoringSSL.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8108)
Bernd Edlinger [Fri, 12 Apr 2019 12:28:00 +0000 (14:28 +0200)]
Don't use coordinate blinding when scalar is group order
This happens in ec_key_simple_check_key and EC_GROUP_check.
Since the the group order is not a secret scalar, it is
unnecessary to use coordinate blinding.
Fixes: #8731
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8734)
Joshua Lock [Thu, 11 Apr 2019 14:38:56 +0000 (15:38 +0100)]
Further harmonisation of manual page HISTORY sections
A couple of minor tweaks to match the style introduced in #7854:
- BIO_connect: remove line break to make more grep friendly
- SSL_CTX_new: harmoise the format of the HISTORY section
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)
Joshua Lock [Tue, 9 Apr 2019 14:13:55 +0000 (15:13 +0100)]
Update various man pages to place HISTORY section after SEE ALSO
SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.
Fixes #8631
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)
Joshua Lock [Tue, 9 Apr 2019 14:10:08 +0000 (15:10 +0100)]
Add a check for history section location to find-doc-nits
Check that the HISTORY section is located after the SEE ALSO section,
this is a much more frequent order in OpenSSL manual pages (and UNIX
manual pages in general).
Also check that SEE ALSO comes after EXAMPLES, so that the tool can
ensure the correct manual section sequence.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)
Joshua Lock [Tue, 9 Apr 2019 13:53:58 +0000 (14:53 +0100)]
Make check_example_location() in find-doc-nits generic
Change to check_section_location(), a generic function to ensure that
section SECTION appears before section BEFORE in the man pages.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)
Matt Caswell [Tue, 9 Apr 2019 14:32:33 +0000 (15:32 +0100)]
Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
Bernd Edlinger [Wed, 10 Apr 2019 20:44:41 +0000 (22:44 +0200)]
Add CMAC speed measurements
usage: openssl speed -cmac aes128
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8721)
Pauli [Fri, 12 Apr 2019 08:16:20 +0000 (18:16 +1000)]
Add prediction resistance capability to the DRBG reseeding process.
Refer to NIST SP 800-90C section 5.4 "Prediction Resistance.l"
This requires the seed sources to be approved as entropy sources, after
which they should be considered live sources as per section 5.3.2 "Live
Entropy Source Availability."
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8647)
Shane Lontis [Sat, 23 Mar 2019 03:12:08 +0000 (13:12 +1000)]
ec key validation checks updated
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8564)
Shane Lontis [Tue, 2 Apr 2019 00:55:00 +0000 (10:55 +1000)]
doc fixups
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
Nicola Tuveri [Sun, 31 Mar 2019 15:46:53 +0000 (18:46 +0300)]
Separate the lookup test
This fixes the "verifying the alias" case.
Actually, while working on it, I realized that conceptually we were
testing the 2 different behaviours of `EC_GROUP_check_named_curve()` at
the same time, and actually not in the proper way.
I think it's fair to assume that overwriting the curve name for an
existing group with `NID_undef` could lead to the unexpected behaviour
we were observing and working around.
Thus I decided to separate the lookup test in a dedicated simpler test
that does what the documentation of `EC_GROUP_check_named_curve()`
suggests: the lookup functionality is meant to find a name for a group
generated with explicit parameters.
In case an alternative alias is returned by the lookup instead of the
expected nid, to avoid doing comparisons between `EC_GROUP`s with
different `EC_METHOD`s, the workaround is to retrieve the `ECPARAMETERS`
of the "alias group" and create a new explicit parameters group to use
in `EC_GROUP_cmp()`.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
Nicola Tuveri [Sun, 31 Mar 2019 13:26:33 +0000 (16:26 +0300)]
EC_GROUP_set_curve() might fail for arbitrary params
Setting arbitrary `p`, `a` or `b` with `EC_GROUP_set_curve()` might fail
for some `EC_GROUP`s, depending on the internal `EC_METHOD`
implementation, hence the block of tests verifying that
`EC_GROUP_check_named_curve()` fails when any of the curve parameters is
changed is modified to run only if the previous `EC_GROUP_set_curve()`
call succeeds.
`ERR_set_mark()` and `ERR_pop_to_mark()` are used to avoid littering the
thread error stack with unrelated errors happened during
`EC_GROUP_set_curve()`.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
Shane Lontis [Thu, 21 Mar 2019 10:09:02 +0000 (20:09 +1000)]
added code to validate EC named curve parameters
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
Shane Lontis [Wed, 10 Apr 2019 23:47:12 +0000 (09:47 +1000)]
Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods.
Used to check that a test fails in fips mode i.e. ok_nofips(run(...))
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8661)
Pauli [Wed, 10 Apr 2019 22:52:22 +0000 (08:52 +1000)]
Reseeding without derivation function is not supported in FIPS mode.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8648)
Shane Lontis [Mon, 8 Apr 2019 05:22:18 +0000 (15:22 +1000)]
Fixed linux_x86_icc compiler errors in EC code related to __uint128_t/__int128_t
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8697)
Bernd Edlinger [Sun, 31 Mar 2019 11:56:23 +0000 (13:56 +0200)]
Avoid creating invalid rsa pss params
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8621)
Jakub Wilk [Wed, 10 Apr 2019 10:00:20 +0000 (12:00 +0200)]
Fix typos
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8714)
Richard Levitte [Thu, 4 Apr 2019 23:22:14 +0000 (01:22 +0200)]
EVP_*Update: ensure that input NULL with length 0 isn't passed
Even with custome ciphers, the combination in == NULL && inl == 0
should not be passed down to the backend cipher function. The reason
is that these are the values passed by EVP_*Final, and some of the
backend cipher functions do check for these to see if a "final" call
is made.
Fixes #8675
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8676)
Paul Yang [Mon, 1 Apr 2019 01:21:53 +0000 (10:21 +0900)]
Make X509_set_sm2_id consistent with other setters
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.
Document and test case are also updated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)
Richard Levitte [Tue, 9 Apr 2019 11:16:16 +0000 (13:16 +0200)]
test/params_test.c : Adjust tests to check utf8_ptr sizes
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)
Richard Levitte [Tue, 9 Apr 2019 06:31:09 +0000 (08:31 +0200)]
Params API: {utf8,octet}_ptr need to know the data size
When the purpose is to pass parameters to a setter function, that
setter function needs to know the size of the data passed. This
remains true for the pointer data types as well.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8703)
Matt Caswell [Mon, 8 Apr 2019 10:22:37 +0000 (11:22 +0100)]
Fix crash in X509_STORE_CTX_get_by_subject
If using a custom X509_LOOKUP_METHOD then calls to
X509_STORE_CTX_get_by_subject may crash due to an incorrectly initialised
X509_OBJECT being passed to the callback get_by_subject function.
Fixes #8673
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8698)
Matt Caswell [Fri, 5 Apr 2019 09:47:05 +0000 (10:47 +0100)]
Add a legacy provider and put MD2 in it
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
Matt Caswell [Wed, 20 Mar 2019 17:51:29 +0000 (17:51 +0000)]
Use the right NID when putting a method in the store
When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
Richard Levitte [Fri, 5 Apr 2019 13:38:09 +0000 (15:38 +0200)]
Configurations/10-main.conf: Don't inherit assembler in Cygwin-common
The targets Cygwin-x86 and Cygwin-x86_64 are the ones that should do
this.
Fixes #8684
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8685)
Richard Levitte [Tue, 9 Apr 2019 07:49:58 +0000 (09:49 +0200)]
Params: add OSSL_PARAM_construct_end()
OSSL_PARAM_END is a macro that can only be used to initialize an
OSSL_PARAM array, not to assign an array element later on. For
completion, we add an end constructor to facilitate that kind of
assignment.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8704)
Shane Lontis [Fri, 22 Mar 2019 04:10:31 +0000 (14:10 +1000)]
EC keygen updates + changed ecdsa_sign to use BN_secure_new
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8557)
Shane Lontis [Sun, 7 Apr 2019 08:59:07 +0000 (18:59 +1000)]
Coverity: hkdf ENV_MD_size() is an int that can be negative
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8692)
Pauli [Mon, 8 Apr 2019 04:28:59 +0000 (14:28 +1000)]
Avoid alignment problems in params API.
Using a byte buffer causes problems for device that don't handle unaligned
reads. Instead use the properly aligned variable that was already pointed at.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8696)
Dan Campbell [Thu, 4 Apr 2019 21:15:33 +0000 (15:15 -0600)]
s_client starttls: fix handling of multiline reply
Fixes #8645
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8654)
Shane Lontis [Sun, 7 Apr 2019 01:45:36 +0000 (11:45 +1000)]
coverity resource leak fixes in apps/pkeyutl
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8691)
Patrick Steuer [Sun, 7 Apr 2019 11:48:15 +0000 (13:48 +0200)]
fix --strict-warnings build
ISO C90 forbids specifying subobject to initialize
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8693)
Patrick Steuer [Sun, 7 Apr 2019 11:30:26 +0000 (13:30 +0200)]
fix --strict-warnings build
C++ style comments are not allowed in ISO C90
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8693)
FdaSilvaYY [Sat, 6 Apr 2019 09:16:59 +0000 (19:16 +1000)]
Coverity: fix two minor NPD issues.
Found by Coverity.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8274)
Pauli [Sat, 6 Apr 2019 09:15:44 +0000 (19:15 +1000)]
Fix big endian param API tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8629)
Bernd Edlinger [Sun, 31 Mar 2019 10:00:16 +0000 (12:00 +0200)]
Fix the allocation size in EVP_OpenInit and PEM_SignFinal
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8620)
Richard Levitte [Fri, 5 Apr 2019 08:53:11 +0000 (10:53 +0200)]
EVP configuration section: add 'default_properties' command
The value of the 'default_properties' command is simply passed to
EVP_set_default_properties().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)
Richard Levitte [Fri, 5 Apr 2019 08:46:18 +0000 (10:46 +0200)]
EVP_set_default_properties(): New function to set global properties
EVP_MD_fetch() can be given a property query string. However, there
are cases when it won't, for example in implicit fetches. Therefore,
we also need a way to set a global property query string to be used in
all subsequent fetches. This also applies to all future algorithm
fetching functions.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)
Richard Levitte [Fri, 5 Apr 2019 09:20:28 +0000 (11:20 +0200)]
Convert the ENGINE_CONF trace calls to use CONF instead
Additionally, merge ENGINE_CONF into CONF.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)
Richard Levitte [Fri, 5 Apr 2019 09:02:17 +0000 (11:02 +0200)]
Add a bit of tracing in the core conf module runner
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)
Richard Levitte [Fri, 5 Apr 2019 08:58:16 +0000 (10:58 +0200)]
Rename the PROVIDER_CONF trace to CONF
Other configuration modules may have use for tracing, and having one
tracing category for each of them is a bit much. Instead, we make one
category for them all.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8680)
Richard Levitte [Fri, 5 Apr 2019 08:28:32 +0000 (10:28 +0200)]
OPENSSL_init_crypto(): check config return code correctly
It was assumed that the config functionality returned a boolean.
However, it may return a negative number on error, so we need to take
that into account.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8679)
Richard Levitte [Fri, 5 Apr 2019 09:15:23 +0000 (11:15 +0200)]
Fix number clash: EVP_F_AESNI_XTS_INIT_KEY vs EVP_F_EVP_MD_BLOCK_SIZE
The three macros EVP_F_AESNI_XTS_INIT_KEY, EVP_F_AES_T4_XTS_INIT_KEY
and EVP_F_AES_XTS_INIT_KEY are affected.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8682)
Pauli [Mon, 1 Apr 2019 00:04:57 +0000 (10:04 +1000)]
Move the AES-XTS mode duplicated key check into the init_key function rather
than the update call. The means an earlier error return at the cost of some
duplicated code.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8625)
Matt Caswell [Thu, 21 Mar 2019 16:41:25 +0000 (16:41 +0000)]
Complain if there are missing symbols when creating a provider .so file
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
Matt Caswell [Thu, 21 Mar 2019 11:57:35 +0000 (11:57 +0000)]
Test that we can use the FIPS provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
Matt Caswell [Wed, 20 Mar 2019 14:29:05 +0000 (14:29 +0000)]
Add a no-fips Configure option
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
Matt Caswell [Wed, 20 Mar 2019 14:27:52 +0000 (14:27 +0000)]
Create a FIPS provider and put SHA256 in it
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
Dr. Matthias St. Pierre [Thu, 4 Apr 2019 16:27:15 +0000 (18:27 +0200)]
trace: add PROVIDER_CONF trace category
Fixes #8667
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8672)
Matt Caswell [Wed, 3 Apr 2019 22:13:59 +0000 (23:13 +0100)]
Correct the documentation about SSL_CIPHER_description()
There are some ciphersuites that were introduced in TLSv1.0/TLSv1.1 but
are backwards compatible with SSLv3.
Fixes #8655
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8658)
Matt Caswell [Wed, 3 Apr 2019 08:44:41 +0000 (09:44 +0100)]
Skip the correct number of tests if SM2 is disabled
Fixes no-sm2 (and also no-sm3 and no-ec)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8650)
Richard Levitte [Thu, 4 Apr 2019 10:35:47 +0000 (12:35 +0200)]
For provider tests, don't define a OPENSSL_NO_ macro
Since the macro to indicate if the test provider module is available
is local to the test programs, it's better to use a name that isn't
as easily confused with a library feature disabling macro that one
would expect to find in opensslconf.h.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8664)
Richard Levitte [Thu, 4 Apr 2019 10:56:57 +0000 (12:56 +0200)]
Document the 'no-module' configuration option
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8665)