oweals/openssl.git
4 years agoDOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs
Richard Levitte [Mon, 6 Jan 2020 18:49:26 +0000 (19:49 +0100)]
DOCS: The interpretation of OPENSSL_API_COMPAT has changed, update docs

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/10765)

4 years agoadd missing load_pkimsg() in test/cmp_testlib.c
Dr. David von Oheimb [Tue, 17 Dec 2019 05:07:51 +0000 (06:07 +0100)]
add missing load_pkimsg() in test/cmp_testlib.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

4 years agofix obsolete error codes in test/cmp_msg_test.c
Dr. David von Oheimb [Tue, 17 Dec 2019 05:07:17 +0000 (06:07 +0100)]
fix obsolete error codes in test/cmp_msg_test.c

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

4 years agofix dependencies of cmp_{msg,protect}_test.c in test/build.info
Dr. David von Oheimb [Tue, 17 Dec 2019 04:47:50 +0000 (05:47 +0100)]
fix dependencies of cmp_{msg,protect}_test.c in test/build.info

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10633)

4 years agoAdd the DSA serializers to the default provider tools
Richard Levitte [Tue, 7 Jan 2020 15:00:19 +0000 (16:00 +0100)]
Add the DSA serializers to the default provider tools

The DSA serializers are implemented, but didn't get added to the
default provider's serializer algorithm table.

Fixes #10645

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10772)

4 years agoEVP: If a key can't be exported to provider, fallback to legacy
Richard Levitte [Tue, 7 Jan 2020 10:49:08 +0000 (11:49 +0100)]
EVP: If a key can't be exported to provider, fallback to legacy

Currently, the operations that do try to export a legacy key to
providers will fail if the export failed.  It makes more sense to
simply use the legacy method instead, as a fallback for things not
being implemented (yet) in a provider.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10771)

4 years agonmake: fix install_html_docs target
Dr. Matthias St. Pierre [Sat, 28 Dec 2019 22:03:29 +0000 (23:03 +0100)]
nmake: fix install_html_docs target

The nmake rule contains actually two errors:

1. The $< target[1] does not work for regular rules and is
expanded to an empty string after issuing the warning

    NMAKE : warning U4006: special macro undefined : '$<"'

Solution: replace $< by $?

2. The substitution regex is not quoted correctly, which leads
to the following error message by cmd.exe:

    'href' is not recognized as an internal or external command,
    operable program or batch file.

Solution: Quoting arguments for cmd.exe is really a nightmare,
but with the help of the excellent description [2] I was able to
properly quote the regex. Things were complicated by the fact that
a lot of levels of unquoting needed to be considered:

 * perl (windows-makefile.tmpl -> makefile)
 * make (reading the makefile)
 * cmd.exe (executed by make)
 * perl (scanning command line using CommandLineToArgvW())

The fix works, but the regex has become unmaintainable. It would actually
be better to wrap the entire command (including the regex) into a little
perl script which can be called by make directly.

[1] https://docs.microsoft.com/en-us/cpp/build/reference/filename-macros
[2] https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/

Fixes #10648
Fixes #10749

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10719)

4 years agoDeprecate Low Level Blowfish APIs
Matt Caswell [Thu, 2 Jan 2020 14:25:27 +0000 (14:25 +0000)]
Deprecate Low Level Blowfish APIs

Applications should instead use the higher level EVP APIs, e.g.
EVP_Encrypt*() and EVP_Decrypt*().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10740)

4 years agoMake generated copyright year be "now"
Rich Salz [Tue, 7 Jan 2020 20:50:20 +0000 (15:50 -0500)]
Make generated copyright year be "now"

Always use the current year in generating output files, rather than
trying to base is on the modtime of the script or input, as that can
vary depending on the ability of the local OS to keep those accurate.

Fixes #10744

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10776)

4 years agoRefactor -engine documentation
Rich Salz [Sat, 12 Oct 2019 21:45:56 +0000 (17:45 -0400)]
Refactor -engine documentation

Common wording courtesy Richard Levitte.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10128)

4 years agoModify the add_seeds_stringlist() macro to fix a preprocessor error
Dr. Matthias St. Pierre [Mon, 6 Jan 2020 01:38:14 +0000 (02:38 +0100)]
Modify the add_seeds_stringlist() macro to fix a preprocessor error

When OpenSSL is configured using `--with-rand-seed=devrandom`, the preprocessor
reports the following error

    crypto/info.c:104:66: error:
            macro "add_seeds_stringlist" passed 3 arguments, but takes just 2
            add_seeds_stringlist("random-device", { DEVRANDOM, NULL });

The reason why the preprocessor complains about three arguments being passed
is that according to [1], balanced braces in macro arguments don't prevent the
comma from acting as an argument separator:

    3.3 Macro Arguments
    ...
    Parentheses within each argument must balance;
    a comma within such parentheses does not end the argument.
    However, there is no requirement for square brackets or braces to balance,
    and they do not prevent a comma from separating arguments.

Also introduced an iteration pointer `p`, because `dev` is not an lvalue:

    crypto/info.c:78:41: error:
            lvalue required as increment operand
            for (; *dev != NULL; dev++) {

[1] https://gcc.gnu.org/onlinedocs/cpp/Macro-Arguments.html

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10762)

4 years agoMove random-related defines to "crypto/rand.h"
Dr. Matthias St. Pierre [Mon, 6 Jan 2020 00:50:43 +0000 (01:50 +0100)]
Move random-related defines to "crypto/rand.h"

This fixes commit 01036e2afbe116d608be048ed15930fc885ab2a8, which moved the
DEVRANDOM and DEVRANDOM_EGD defines into rand_unix.c. That change introduced
the regression that the compiler complains about missing declarations in
crypto/info.c when OpenSSL is configured using `--with-rand-seed=devrandom`
(resp. `--with-rand-seed=egd`)

Fixes #10759

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10762)

4 years agoConfiguration: synchronise the variables on the build file templates
Richard Levitte [Sat, 4 Jan 2020 05:39:50 +0000 (06:39 +0100)]
Configuration: synchronise the variables on the build file templates

For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a similar but much
smaller lack of use in the Windows makefile template as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10753)

4 years agoMake ECDSA_size() use consistent asn1 encoder.
Shane Lontis [Thu, 5 Dec 2019 00:41:43 +0000 (10:41 +1000)]
Make ECDSA_size() use consistent asn1 encoder.

ECDSA signature lengths are calculated using i2d_ECDSA_SIG().
i2d_ECDSA_SIG() was changed in a previous PR to use a custom ASN1 encoder (using WPACKET)
so that the normal ASN1 encoder does not need to be pulled into the provider boundary.
For consistency ECDSA_size() has been changed to also use i2d_ECDSA_SIG() - this can now
be used directly inside the FIPS provider.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10577)

4 years agocoverity 1201462: check error returns
Pauli [Mon, 6 Jan 2020 01:23:21 +0000 (11:23 +1000)]
coverity 1201462: check error returns

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10760)

4 years agocoverity 1201478: check BIO_indent returns
Pauli [Mon, 6 Jan 2020 01:21:14 +0000 (11:21 +1000)]
coverity 1201478: check BIO_indent returns

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10760)

4 years agoFix KMAC docs
Shane Lontis [Sat, 21 Sep 2019 23:19:05 +0000 (09:19 +1000)]
Fix KMAC docs

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9970)

4 years agoAdd missing inclusion of "internal/deprecated.h"
Richard Levitte [Mon, 6 Jan 2020 19:25:08 +0000 (20:25 +0100)]
Add missing inclusion of "internal/deprecated.h"

A few provider implementations need this to build correctly with a
'no-deprecated' configuration.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10766)

4 years agoAdd `-passin` arg to `ocsp`
kaysond [Thu, 26 Dec 2019 04:20:46 +0000 (20:20 -0800)]
Add `-passin` arg to `ocsp`
Fix #10682

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10718)

4 years agoDeprecate the low level AES functions
Matt Caswell [Thu, 5 Dec 2019 17:09:49 +0000 (17:09 +0000)]
Deprecate the low level AES functions

Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.

Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)

4 years agoDon't use the low level AES key wrap APIs in CMS
Matt Caswell [Thu, 5 Dec 2019 18:01:44 +0000 (18:01 +0000)]
Don't use the low level AES key wrap APIs in CMS

We should not be using the low level AES APIs in CMS. Instead we should
be using EVP. There was a small amount of use of the low level key
wrap APIs - so we convert that to EVP.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)

4 years agoDon't store an HMAC key for longer than we need
Matt Caswell [Fri, 3 Jan 2020 09:37:19 +0000 (09:37 +0000)]
Don't store an HMAC key for longer than we need

The HMAC_CTX structure stores the original key in case the ctx is reused
without changing the key.

However, HMAC_Init_ex() checks its parameters such that the only code path
where the stored key is ever used is in the case where HMAC_Init_ex is
called with a NULL key and an explicit md is provided which is the same as
the md that was provided previously. But in that case we can actually reuse
the pre-digested key that we calculated last time, so we can refactor the
code not to use the stored key at all.

With that refactor done it is no longer necessary to store the key in the
ctx at all. This means that long running ctx's will not keep the key in
memory for any longer than required. Note though that the digested key
*is* still kept in memory for the duration of the life of the ctx.

Fixes #10743

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10747)

4 years agoEVP: Fix method to determine if a PKEY is legacy or not
Richard Levitte [Sat, 4 Jan 2020 18:24:39 +0000 (19:24 +0100)]
EVP: Fix method to determine if a PKEY is legacy or not

For the implementation of EVP_PKEY_CTX_new(), we determined if an
EVP_PKEY wass legacy or not by looking at 'pkey->pkey.ptr'.  It turns
out that this code could get an unassigned EVP_PKEY, with that pointer
being NULL, and the determination proven incorrect.

The check now looks at 'pkey->ameth' instead.

Fixes #10704

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10758)

4 years agoMove -nameopt to openssl.pod
Rich Salz [Fri, 25 Oct 2019 03:02:09 +0000 (23:02 -0400)]
Move -nameopt to openssl.pod

Also clarify the description of the options.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10259)

4 years agoAdd AES_CBC_HMAC_SHA ciphers to providers.
Shane Lontis [Mon, 6 Jan 2020 03:02:16 +0000 (13:02 +1000)]
Add AES_CBC_HMAC_SHA ciphers to providers.

Also Add ability for providers to dynamically exclude cipher algorithms.
Cipher algorithms are only returned from providers if their capable() method is either NULL,
or the method returns 1.
This is mainly required for ciphers that only have hardware implementations.
If there is no hardware support, then the algorithm needs to be not available.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10146)

4 years agoFix incorrect return code on ECDSA key verification
Andrew Hoang [Tue, 24 Dec 2019 04:19:24 +0000 (20:19 -0800)]
Fix incorrect return code on ECDSA key verification

ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1.

Fixes #8766

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10693)

4 years agoFix disabled ecdsa in apps/speed
fangming.fang [Fri, 27 Dec 2019 03:36:36 +0000 (03:36 +0000)]
Fix disabled ecdsa in apps/speed

This came from f3fdfbf78c6b. run = 1 should be done in pkey_print_message
as well, otherwise other tests printed with pkey_print_message won't run.

Change-Id: I0ba0b05256ad6509ada4735b26d10f8a73fd89ec

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10710)

4 years agoFix side channel in ecp_nistz256-armv8.pl
Fangming.Fang [Mon, 30 Dec 2019 12:15:37 +0000 (12:15 +0000)]
Fix side channel in ecp_nistz256-armv8.pl

This change addresses a potential side-channel vulnerability in
the internals of nistz256 low level operations for armv8.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoFix side channel in the ecp_nistz256.c reference implementation
Bernd Edlinger [Thu, 29 Aug 2019 20:45:18 +0000 (22:45 +0200)]
Fix side channel in the ecp_nistz256.c reference implementation

This is only used if configured with
./config -DECP_NISTZ256_REFERENCE_IMPLEMENTATION

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoImprove side channel fix in ecp_nistz256-x86_64.pl
Bernd Edlinger [Sun, 25 Aug 2019 01:47:01 +0000 (03:47 +0200)]
Improve side channel fix in ecp_nistz256-x86_64.pl

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoFix side channel in ecp_nistz256-armv4.pl
Bernd Edlinger [Sun, 25 Aug 2019 01:45:31 +0000 (03:45 +0200)]
Fix side channel in ecp_nistz256-armv4.pl

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoFix side channel in ecp_nistz256-x86.pl
Bernd Edlinger [Sun, 25 Aug 2019 01:03:55 +0000 (03:03 +0200)]
Fix side channel in ecp_nistz256-x86.pl

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoAvoid leaking intermediate states in point doubling special case.
David Benjamin [Fri, 14 Jun 2019 21:06:52 +0000 (17:06 -0400)]
Avoid leaking intermediate states in point doubling special case.

Cherry picked from
https://github.com/google/boringssl/commit/12d9ed670da3edd64ce8175cfe0e091982989c18

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agoFix potential SCA vulnerability in some EC_METHODs
Nicola Tuveri [Sat, 8 Jun 2019 09:48:47 +0000 (12:48 +0300)]
Fix potential SCA vulnerability in some EC_METHODs

This commit addresses a potential side-channel vulnerability in the
internals of some elliptic curve low level operations.
The side-channel leakage appears to be tiny, so the severity of this
issue is rather low.

The issue was reported by David Schrammel and Samuel Weiser.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9239)

4 years agocoverity 1456638: fix null check
Pauli [Fri, 3 Jan 2020 09:28:37 +0000 (19:28 +1000)]
coverity 1456638: fix null check

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10748)

4 years agocoverity 1456639: fix NULL dereference
Pauli [Fri, 3 Jan 2020 09:27:06 +0000 (19:27 +1000)]
coverity 1456639: fix NULL dereference

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10748)

4 years agocoverity 1456640: fix null check
Pauli [Fri, 3 Jan 2020 09:22:50 +0000 (19:22 +1000)]
coverity 1456640: fix null check

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10748)

4 years agocoverity 1456642: fix null check
Pauli [Fri, 3 Jan 2020 09:19:47 +0000 (19:19 +1000)]
coverity 1456642: fix null check

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10748)

4 years agoAdd -iter option to pkcs12 command
Ibrahim M. Ghazal [Tue, 24 Dec 2019 18:39:55 +0000 (21:39 +0300)]
Add -iter option to pkcs12 command

Fixes #8194

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10130)

4 years agoRun make update
Matt Caswell [Thu, 2 Jan 2020 13:43:50 +0000 (13:43 +0000)]
Run make update

The New Year has caused various files to appear out of date to "make
update". This causes Travis to fail. Therefore we update those file.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10738)

4 years agoUpdate tls13_enc.c
dcruette [Tue, 24 Dec 2019 21:48:19 +0000 (22:48 +0100)]
Update tls13_enc.c

Fix double + in hkdflabel declaration (FIXES #10675)
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10700)

4 years agoTemporarily disable the explicit enable-asan build
Matt Caswell [Mon, 23 Dec 2019 17:14:58 +0000 (17:14 +0000)]
Temporarily disable the explicit enable-asan build

The explicit enable-asan build fails in the memleak test for unknown
reasons. Therefore we disable it temporarily to get a green Travis.

Other builds that use -fsanitize=address in Travis seem to pass.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)

4 years agoTemporarily disable some Travis external tests
Matt Caswell [Mon, 23 Dec 2019 14:52:03 +0000 (14:52 +0000)]
Temporarily disable some Travis external tests

The pyca-cryptography external test has been failing for a long time.
It looks like upstream needs to make some changes to adapt to 3.0.

[extended tests]

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)

4 years agoDon't run test_conf in cross compiled builds
Matt Caswell [Mon, 23 Dec 2019 14:39:57 +0000 (14:39 +0000)]
Don't run test_conf in cross compiled builds

test_conf was failing in travis for mingw builds. We run these on linux
via wine. However due to line break differences the tests were failing.
We just skip these in a cross compiled build.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10689)

4 years agoFix a race condition in the speed command
Bernd Edlinger [Sun, 22 Dec 2019 18:40:03 +0000 (19:40 +0100)]
Fix a race condition in the speed command

The timer alarm sets run = 0, while the benchmark
does run = 1 in the initialization code.  That is
a race condition, if the timer goes off too early
the benchmark runs forever.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10680)

4 years agoConfigurations/windows-makefile.tmpl: HTMLDOCS are files, not directories
Richard Levitte [Mon, 2 Dec 2019 08:48:44 +0000 (09:48 +0100)]
Configurations/windows-makefile.tmpl: HTMLDOCS are files, not directories

Remove them using "del", not "rmdir"

Fixes #10553

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10555)

4 years agoRemoved now documented stuff from util/missing*.txt
Richard Levitte [Mon, 23 Dec 2019 17:43:26 +0000 (18:43 +0100)]
Removed now documented stuff from util/missing*.txt

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10683)

4 years agoutil/find-doc-nits: when loading "missing" files, check if documented
Richard Levitte [Sun, 22 Dec 2019 22:52:30 +0000 (23:52 +0100)]
util/find-doc-nits: when loading "missing" files, check if documented

It may be that some "missing" manuals have been written since their
insertion in the "missing" files.  Make sure to alert when such manual
references are found.

This works, because we collect all existing manual references into
%name_map first.

Fixes #10681

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10683)

4 years agoUpdate the krb5 submodule
Benjamin Kaduk [Mon, 23 Dec 2019 18:35:48 +0000 (10:35 -0800)]
Update the krb5 submodule

Bring us up to date with upstream's 1.17.1 release.  Among other
things, it includes commit c2497d46b4bad473e164943d67b58cd1ae261c3a
which fixes several issues that affect running the test suite under
Travis CI.  Hopefully those will work transitively for us as well.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10690)

4 years agoAdd some missing cfi frame info in rc4-md5-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 17:50:51 +0000 (18:50 +0100)]
Add some missing cfi frame info in rc4-md5-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10679)

4 years agoAdd some missing cfi frame info in poly1305-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 15:29:17 +0000 (16:29 +0100)]
Add some missing cfi frame info in poly1305-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10678)

4 years agoAdd some missing cfi frame info in aesni-gcm-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 14:39:58 +0000 (15:39 +0100)]
Add some missing cfi frame info in aesni-gcm-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10677)

4 years agoAdd some missing cfi frame info in x25519-x86_64.pl
Bernd Edlinger [Sun, 22 Dec 2019 10:48:54 +0000 (11:48 +0100)]
Add some missing cfi frame info in x25519-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10676)

4 years agoFix aesni_cbc_sha256_enc_avx2 backtrace info
Bernd Edlinger [Sat, 21 Dec 2019 21:09:45 +0000 (22:09 +0100)]
Fix aesni_cbc_sha256_enc_avx2 backtrace info

We store a secondary frame pointer info for the debugger
in the red zone.  This fixes a crash in the unwinder when
this function is interrupted.

Additionally the missing cfi function annotation is added
to aesni_cbc_sha256_enc_shaext.

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10674)

4 years agoAdd some missing cfi frame info in ecp_nistz256-x86_64.pl
Bernd Edlinger [Fri, 20 Dec 2019 23:20:31 +0000 (00:20 +0100)]
Add some missing cfi frame info in ecp_nistz256-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10672)

4 years agoFix no-dsa builds
Matt Caswell [Wed, 18 Dec 2019 11:22:17 +0000 (11:22 +0000)]
Fix no-dsa builds

Add a guard in a build.info file for no-dsa builds

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoFix no-dh
Matt Caswell [Wed, 18 Dec 2019 11:14:29 +0000 (11:14 +0000)]
Fix no-dh

The new serializer code broke no-dh builds so we add some more guards to fix it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoFix evp_extra_test with no-dh
Matt Caswell [Wed, 18 Dec 2019 11:00:42 +0000 (11:00 +0000)]
Fix evp_extra_test with no-dh

The new DH test in evp_extra_test.c broke the no-dh build so we add some
guards to fix it.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10644)

4 years agoAdd fips self test DEP for solaris and hpux
Shane Lontis [Sat, 21 Dec 2019 23:44:38 +0000 (09:44 +1000)]
Add fips self test DEP for solaris and hpux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10640)

4 years agoRemove asn1 module dependency from RSASSA-PKCS1-v1_5 implementation.
Shane Lontis [Sat, 21 Dec 2019 23:37:17 +0000 (09:37 +1000)]
Remove asn1 module dependency from RSASSA-PKCS1-v1_5 implementation.

Replace use of the asn1 module (X509_SIG, X509_ALGOR, ASN1_TYPE,
ASN1_OCTET_STRING, i2d_X509_SIG(), etc.) as well as OID lookups using
OBJ_nid2obj() with pre-generated DigestInfo encodings for MD2, MD5, MDC-2,
SHA-1, SHA-2 and SHA-3; the encoding is selected based on the NID. This is
similar to the approach used by the old FOM.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9138)

4 years agoRename doc/man7/provider-asymcipher.pod
Richard Levitte [Fri, 13 Dec 2019 10:57:57 +0000 (11:57 +0100)]
Rename doc/man7/provider-asymcipher.pod

The correct name is doc/man7/provider-asym_cipher.pod, to match the
name in the NAME section.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agodoc/man1/openssl-cmds.pod: Add invisble name 'openssl-cmds'
Richard Levitte [Fri, 13 Dec 2019 10:57:04 +0000 (11:57 +0100)]
doc/man1/openssl-cmds.pod: Add invisble name 'openssl-cmds'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoOpenSSL::Util::extract_pod_info(): Allow invisible names
Richard Levitte [Fri, 13 Dec 2019 10:54:55 +0000 (11:54 +0100)]
OpenSSL::Util::extract_pod_info(): Allow invisible names

This should be very unusual, but we do have a case of a name we don't
want to display.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoOpenSSL::Util::extract_pod_info(): Read the POD one paragraph at a time
Richard Levitte [Fri, 13 Dec 2019 10:53:31 +0000 (11:53 +0100)]
OpenSSL::Util::extract_pod_info(): Read the POD one paragraph at a time

POD files should always be treated this way

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoAdjust all util/missing*.txt to include the section number
Richard Levitte [Thu, 12 Dec 2019 18:55:16 +0000 (19:55 +0100)]
Adjust all util/missing*.txt to include the section number

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoutil/find-doc-nits: Better checking of missing documentation
Richard Levitte [Thu, 12 Dec 2019 18:50:41 +0000 (19:50 +0100)]
util/find-doc-nits: Better checking of missing documentation

The names collected in util/missing*.txt are not file names, but
symbol names, and to compare properly with script data, the section
name must be included.

All symbols found in util/lib*.num are library functions, so we know
that they are in manual section 3 and can simply add that info.  The
same goes for all macros found in C headers.

Finally, we get rid of getdocced() and its associated hash table
%docced.  We already have the appropriate information in %name_map.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoperl: OpenSSL::Util::Pod::extract_pod_info() now saves the file contents
Richard Levitte [Thu, 12 Dec 2019 18:49:49 +0000 (19:49 +0100)]
perl: OpenSSL::Util::Pod::extract_pod_info() now saves the file contents

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10621)

4 years agoAdd some missing cfi frame info in aesni-sha and sha-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 22:15:03 +0000 (23:15 +0100)]
Add some missing cfi frame info in aesni-sha and sha-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10655)

4 years agoAdd some missing cfi frame info in keccak1600-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 21:31:00 +0000 (22:31 +0100)]
Add some missing cfi frame info in keccak1600-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10654)

4 years agoAdd some missing cfi frame info in aesni-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 19:20:53 +0000 (20:20 +0100)]
Add some missing cfi frame info in aesni-x86_64.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10653)

4 years agoAdd some missing cfi frame info in rsaz-x86_64
Bernd Edlinger [Wed, 18 Dec 2019 18:27:55 +0000 (19:27 +0100)]
Add some missing cfi frame info in rsaz-x86_64

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10652)

4 years agoAdd some missing cfi frame info in x86_64-mont5.pl
Bernd Edlinger [Wed, 18 Dec 2019 17:35:12 +0000 (18:35 +0100)]
Add some missing cfi frame info in x86_64-mont5.pl

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10651)

4 years agoAdd some missing cfi frame info in aes-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 16:33:03 +0000 (17:33 +0100)]
Add some missing cfi frame info in aes-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10650)

4 years agoAdd some missing cfi frame info in camellia-x86_64.pl
Bernd Edlinger [Wed, 18 Dec 2019 09:12:26 +0000 (10:12 +0100)]
Add some missing cfi frame info in camellia-x86_64.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10642)

4 years agoFix no-des build
Bernd Edlinger [Wed, 18 Dec 2019 10:14:45 +0000 (11:14 +0100)]
Fix no-des build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10643)

4 years agoEVP & PROV: Fix all platform inclusions
Richard Levitte [Thu, 19 Dec 2019 12:33:35 +0000 (13:33 +0100)]
EVP & PROV: Fix all platform inclusions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)

4 years agoCRYPTO: split cipher_platform.h into algorithm specific headers
Richard Levitte [Thu, 19 Dec 2019 12:31:29 +0000 (13:31 +0100)]
CRYPTO: split cipher_platform.h into algorithm specific headers

aes_platform.h
cmll_platform.h
des_platform.h

To make this possible, we must also define DES_ASM and CMLL_ASM to
indicate that we have the necessary internal support.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10662)

4 years agoFix regression on x509 keyform argument
Jussi Keranen [Wed, 11 Dec 2019 13:08:04 +0000 (15:08 +0200)]
Fix regression on x509 keyform argument

In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
which doesn't support engine. This changes type of keyform argument
to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
including keyform and CAkeyform.

This restores the pre 1.1.0 behavior.

This issue is very similar than https://github.com/openssl/openssl/issues/4366

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10609)

4 years agoUse a function to generate do-not-edit comment
Rich Salz [Thu, 31 Oct 2019 03:35:08 +0000 (23:35 -0400)]
Use a function to generate do-not-edit comment

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10316)

4 years agoMake Windows build more robust
Haohui Mai [Sat, 7 Dec 2019 08:44:16 +0000 (00:44 -0800)]
Make Windows build more robust

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10586)

4 years agoFix travis timeout by excluding arm64 gcc -fsanitize=address build
Shane Lontis [Thu, 19 Dec 2019 07:50:50 +0000 (17:50 +1000)]
Fix travis timeout by excluding arm64 gcc -fsanitize=address build

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10639)

4 years agoOptimize AES-GCM implementation on aarch64
Fangming.Fang [Fri, 31 May 2019 10:15:10 +0000 (10:15 +0000)]
Optimize AES-GCM implementation on aarch64

Comparing to current implementation, this change can get more
performance improved by tunning the loop-unrolling factor in
interleave implementation as well as by enabling high level parallelism.

Performance(A72)

new
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     113065.51k   375743.00k   848359.51k  1517865.98k  1964040.19k  1986663.77k
aes-192-gcm     110679.32k   364470.63k   799322.88k  1428084.05k  1826917.03k  1848967.17k
aes-256-gcm     104919.86k   352939.29k   759477.76k  1330683.56k  1663175.34k  1670430.72k

old
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes   16384 bytes
aes-128-gcm     115595.32k   382348.65k   855891.29k  1236452.35k  1425670.14k  1429793.45k
aes-192-gcm     112227.02k   369543.47k   810046.55k  1147948.37k  1286288.73k  1296941.06k
aes-256-gcm     111543.90k   361902.36k   769543.59k  1070693.03k  1208576.68k  1207511.72k

Change-Id: I28a2dca85c001a63a2a942e80c7c64f7a4fdfcf7

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9818)

4 years agoTEST: Add test recipe and help program to test BIO_f_prefix()
Richard Levitte [Thu, 12 Dec 2019 13:51:59 +0000 (14:51 +0100)]
TEST: Add test recipe and help program to test BIO_f_prefix()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoEVP: Adapt EVP_PKEY_print_ routines to use BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 17:35:48 +0000 (18:35 +0100)]
EVP: Adapt EVP_PKEY_print_ routines to use BIO_f_prefix()

We take the opportunity to refactor EVP_PKEY_print_public,
EVP_PKEY_print_private, EVP_PKEY_print_params to lessen the amount of
code copying.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoASN1: Adapt ASN.1 output routines to use BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 16:58:01 +0000 (17:58 +0100)]
ASN1: Adapt ASN.1 output routines to use BIO_f_prefix()

We modify asn1_print_info() to print the full line.  It pushes a
BIO_f_prefix() BIO to the given |bp| if it can't detect that it's
already present, then uses both the prefix and indent settings to get
formatting right.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoAPPS & TEST: Adapt to use the new BIO_f_prefix()
Richard Levitte [Wed, 27 Nov 2019 15:13:12 +0000 (16:13 +0100)]
APPS & TEST: Adapt to use the new BIO_f_prefix()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoBIO: Add BIO_f_prefix(), a text line prefixing filter
Richard Levitte [Wed, 27 Nov 2019 15:02:33 +0000 (16:02 +0100)]
BIO: Add BIO_f_prefix(), a text line prefixing filter

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agocrypto/bio/build.info: split the source files in categories
Richard Levitte [Wed, 27 Nov 2019 15:01:32 +0000 (16:01 +0100)]
crypto/bio/build.info: split the source files in categories

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10531)

4 years agoFix unwind info for some trivial functions
Bernd Edlinger [Tue, 17 Dec 2019 08:05:32 +0000 (09:05 +0100)]
Fix unwind info for some trivial functions

While stack unwinding works with gdb here, the
function _Unwind_Backtrace gives up when something outside
.cfi_startproc/.cfi_endproc is found in the call stack, like
OPENSSL_cleanse, OPENSSL_atomic_add, OPENSSL_rdtsc, CRYPTO_memcmp
and other trivial functions which don't save anything in the stack.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/10635)

4 years agoFix build when enabling mdebug options.
Rich Salz [Sat, 14 Dec 2019 23:54:14 +0000 (18:54 -0500)]
Fix build when enabling mdebug options.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10629)

4 years agoCleanup legacy digest methods.
Shane Lontis [Wed, 18 Dec 2019 04:46:01 +0000 (14:46 +1000)]
Cleanup legacy digest methods.

Macros have been added to generate the simple legacy methods.
Engines and EVP_MD_METH_get methods still require access to the old legacy methods,
so they needed to be added back in.
They may only be removed after engines are deprecated and removed.
Removed some unnecessary #includes and #ifndef guards (which are done in build.info instead).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10602)

4 years agoapps/speed.c: Fix eddsa sign and verify output with -multi option
Saritha [Tue, 29 Oct 2019 06:40:55 +0000 (12:10 +0530)]
apps/speed.c: Fix eddsa sign and verify output with -multi option

Fixes #10261
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10285)

4 years agoEVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY
Richard Levitte [Mon, 2 Dec 2019 11:00:58 +0000 (12:00 +0100)]
EVP: make it possible to init EVP_PKEY_CTX with provided EVP_PKEY

The case when EVP_PKEY_CTX_new() is called with a provided EVP_PKEY
(no legacy data) wasn't handled properly.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10618)

4 years agoUpdate the HISTORY entry for RSA_get0_pss_params()
Matt Caswell [Wed, 4 Dec 2019 10:21:52 +0000 (10:21 +0000)]
Update the HISTORY entry for RSA_get0_pss_params()

Make a note of when this function was first introduced

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10568)

(cherry picked from commit e2af84bd45c017c0c6a0fa06ee5d7fcf11d7366d)

4 years agoTest that EVP_PKEY_set1_DH() correctly identifies the DH type
Matt Caswell [Mon, 9 Dec 2019 12:03:02 +0000 (12:03 +0000)]
Test that EVP_PKEY_set1_DH() correctly identifies the DH type

Provide a test to check tat when we assign a DH object we know whether
we are dealing with PKCS#3 or X9.42 DH keys.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)

4 years agoEnsure EVP_PKEY_set1_DH detects X9.42 keys
Matt Caswell [Mon, 9 Dec 2019 11:51:48 +0000 (11:51 +0000)]
Ensure EVP_PKEY_set1_DH detects X9.42 keys

OpenSSL supports both PKCS#3 and X9.42 DH keys. By default we use PKCS#3
keys. The function `EVP_PKEY_set1_DH` was assuming that the supplied DH
key was a PKCS#3 key. It should detect what type of key it is and assign
the correct type as appropriate.

Fixes #10592

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10593)

4 years agoReturn 1 when openssl req -addext kv is duplicated
kinichiro [Thu, 5 Dec 2019 11:00:50 +0000 (20:00 +0900)]
Return 1 when openssl req -addext kv is duplicated

CLA: trivial

Fixes #10273

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10578)

4 years agoDeprecated crypto-mdebug-backtrace
Rich Salz [Wed, 11 Dec 2019 15:56:12 +0000 (10:56 -0500)]
Deprecated crypto-mdebug-backtrace

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)

4 years agoDeprecate most of debug-memory
Rich Salz [Wed, 4 Dec 2019 18:15:08 +0000 (13:15 -0500)]
Deprecate most of debug-memory

Fixes #8322

The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains.  OpenSSL recommends using
the compiler's leak-detection instead.

The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed.  All of the
above are now deprecated.

Merge (now really small) mem_dbg.c into mem.c

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)

4 years agoParse large GOST ClientKeyExchange messages
Dmitry Belyavskiy [Thu, 7 Nov 2019 14:35:13 +0000 (17:35 +0300)]
Parse large GOST ClientKeyExchange messages

Large GOST ClientKeyExchange messages are sent by VipNet CSP, one of
Russian certified products implementing GOST TLS, when a server
certificate contains 512-bit keys.

This behaviour was present in 1.0.2 branch and needs to be restored.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10376)