Commit graph

24302 commits

Author SHA1 Message Date
Richard Levitte
2e5db6ad84 Move CMAC to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
55a0a117e7 Move BLAKE2 MACs to the providers
This also moves the remaining parts of BLAKE2 digests to the default
provider, and removes the legacy EVP implementation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
e74bd29053 Prepare EVP_MAC infrastructure for moving all MACs to providers
Quite a few adaptations are needed, most prominently the added code
to allow provider based MACs.

As part of this, all the old information functions are gone, except
for EVP_MAC_name().  Some of them will reappear later, for example
EVP_MAC_do_all() in some form.

MACs by EVP_PKEY was particularly difficult to deal with, as they
need to allocate and deallocate EVP_MAC_CTXs "under the hood", and
thereby implicitly fetch the corresponding EVP_MAC.  This means that
EVP_MACs can't be constant in a EVP_MAC_CTX, as their reference count
may need to be incremented and decremented as part of the allocation
or deallocation of the EVP_MAC_CTX.  It may be that other provider
based EVP operation types may need to be handled in a similar manner.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Patrick Steuer
3ded2288a4 OPENSSL_s390xcap.pod: list msa9 facility bit (155)
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:39 +02:00
Patrick Steuer
58c35587ea s390x assembly pack: accelerate ECDSA
for NIST P-256, P-384 and P-521 using KDSA instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
9bf682f62b Enable curve-spefific ECDSA implementations via EC_METHOD
which are already enabled for ECDH.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
1461e66706 s390x assembly pack: accelerate scalar multiplication
for NIST P-256, P-384 and P-521 using PCC instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
9baa4d5f4c s390xcpuid.pl: fix comment
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
raja-ashok
5bf2eade55 Test SSL_set_ciphersuites
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9079)
2019-08-15 14:33:06 +01:00
raja-ashok
52b1fda302 Fix SSL_set_ciphersuites to set even if no call to SSL_set_cipher_list
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9079)
2019-08-15 14:32:47 +01:00
Dr. Matthias St. Pierre
bf9d6bb83d INSTALL: clarify documentation of the --api=x.y.z deprecation option
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9599)
2019-08-15 14:57:18 +02:00
Omid Najafi
2a17758940 Fix syntax error for the armv4 assembler
The error was from the alignment syntax of the code.
More details:
https://stackoverflow.com/questions/57316823/arm-assembly-syntax-in-vst-vld-commands?noredirect=1#comment101133590_57316823

CLA: trivial

Fixes: #9518

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9518)
2019-08-15 14:22:16 +02:00
Richard Levitte
dca97d0062 Rename provider and core get_param_types functions
It was argued that names like SOMETHING_set_param_types were confusing,
and a rename has been proposed to SOMETHING_settable_params, and by
consequence, SOMETHING_get_param_types is renamed
SOMETHING_gettable_params.

This changes implements this change for the dispatched provider and
core functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9591)
2019-08-15 11:58:25 +02:00
Richard Levitte
9f643f5423 crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally
When OpenSSL is configured with 'no-stdio', TEST_ENG_OPENSSL_RC4_P_INIT
shouldn't be defined, as that test uses stdio.

Fixes #9597

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9598)
2019-08-15 11:22:34 +02:00
Richard Levitte
ec02412b54 Add {get,set}table_params() functions for provider digests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
2019-08-15 10:51:40 +02:00
Richard Levitte
ad623ec0cb Modify 'openssl list' to give more verbose descriptions
With the diverse {get,set}table_params functions, it's possible to
give a more verbose description of the diverse algorithm
implementations.  Most notably, we add a description of the parameters
that each implementation is willing to share.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
2019-08-15 10:51:08 +02:00
Richard Levitte
ae3ff60e7b Add missing EVP param utility functions
These functions were missing for a completes API:

EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPHER_CTX_get_params

Additionally, we also add all the corresponding parameter descriptor
returning functions, along the correspoding provider dispatches:

EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(),
EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
2019-08-15 10:49:56 +02:00
Pauli
aee6e29f0e Access data after obtaining the lock not before.
It isn't completely clear that this constitutes a race condition, but it will
always be conservative to access the locked data after getting the lock.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9579)
2019-08-12 21:37:55 +10:00
Matt Caswell
d954227611 If we are multiblock capable make sure we use it
Recent changes to the assembler defines meant that they weren't being
set for libssl code. This resulted in the multiblock code never being
used.

Fixes #9571

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9574)
2019-08-14 11:04:09 +01:00
opensslonzos-github
48102247ff Add missing EBCDIC strings
Fix a few places where calling ossl_isdigit does the wrong thing on
EBCDIC based systems.
Replaced with ascii_isdigit.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9556)
2019-08-14 10:41:41 +01:00
Paul Yang
86333b6e0c Add description in X509_STORE manipulation
Add memory management description in X509_STORE_add_cert, otherwise
users will not be aware that they are leaking memory...

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9484)
2019-08-14 10:28:07 +08:00
Tomas Mraz
91cb81d40a BIO_lookup_ex: Do not retry on EAI_MEMORY
We should not retry on EAI_MEMORY as that error is most probably
fatal and not depending on AI_ADDRCONFIG hint.

Also report the error from the first call if the second call fails
as that one would be most probably the more interesting one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
2019-08-13 11:40:55 +02:00
Tomas Mraz
7f616a00e9 BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
Do not try to discern the error return value on
getaddrinfo() failure but when retrying set the AI_NUMERICHOST
to avoid DNS lookups.

Fixes: #9053

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
2019-08-13 11:40:55 +02:00
Richard Levitte
23ccf13dd6 30-test_evp.t: make the tested configs depend on what's been built
If the FIPS module hasn't been built, don't use test/fips.cnf, for example.

Fixes #9568

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9570)
2019-08-13 10:33:58 +02:00
Rich Salz
697b0c5185 Fix doc example code to follow coding style
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9577)
2019-08-12 13:23:17 +10:00
Richard Levitte
5acb2be58b HMAC: use EVP_MD_flags(), not EVP_MD_meth_get_flags()
The latter should only be ussed with legacy methods.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
f1d3df3e69 Adapt the provider digests for more use of OSSL_PARAM
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
3d214461bf Rework the provider digest constructor to provide implementation get_params
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
6a3b7c6887 Adapt diverse EVP_MD functions to use get_params and set_params interfaces
Also clean up EVP_MD_CTX_ctrl(), which did use these interfaces, but
development since allows for more elegant code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
2893111fc6 Make more use of OSSL_PARAM for digests
A lot of the different numbers associated with digests are really
algorithm parameters.  block size, digest length, that sort of
thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
246a1f3dfa Add OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()
These are utility functions that can be used to replace calls to
ctrl_str type functions with get_params / set_params types of calls.
They work by translating text values to something more suitable for
OSSL_PARAM, and by interpretting parameter keys in a compatible
fashion.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Richard Levitte
82bd7c2cbd Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()
They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(),
except they take a result buffer from the caller.

We take the opportunity to break out the documentation of the hex to /
from buffer conversion routines from the OPENSSL_malloc() file to its
own file.  These routines aren't memory allocation routines per se.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Vladimir Kotal
a42cb4ba8a enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9434)
2019-08-12 12:46:55 +02:00
Richard Levitte
853094dbe1 Configurations/unit-Makefile.tmpl: Don't clean away dotted files
A local 'make clean' did some sweeping removals of files execpt for
the .git directory.  This is a little too sweeping, as other dotted
files might be cleaned away if they happen to match the pattern that's
searched for.

An example is a symlink .dir-locals.el that would keep disappearing if
you build in the source tree and do a make clean...

So we change this to leave all dotted files alone.  Our builds do not
produce such files anyway, so this is a harmless (or rather, less
harmful) change.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9573)
2019-08-12 12:04:57 +02:00
Denis Ovsienko
3c74e77bd8 Remove some duplicate words from the documentation
Fixup INSTALL and a couple man pages to get rid of "the the" and "in the
in the".

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9563)
2019-08-12 16:00:01 +08:00
Shane Lontis
c04a9916d4 Fix windows compile errors in params.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9569)
2019-08-12 14:07:41 +10:00
Bernd Edlinger
3119c84976 Add a clang-7 build target with --strict-warnings
[extended tests]

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9450)
2019-08-11 21:18:01 +02:00
Matt Caswell
1a2a3a4206 Extend tests of SSL_check_chain()
Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
5235ef44b9 Fix SSL_check_chain()
The function SSL_check_chain() can be used by applications to check that
a cert and chain is compatible with the negotiated parameters. This could
be useful (for example) from the certificate callback. Unfortunately this
function was applying TLSv1.2 sig algs rules and did not work correctly if
TLSv1.3 was negotiated.

We refactor tls_choose_sigalg to split it up and create a new function
find_sig_alg which can (optionally) take a certificate and key as
parameters and find an appropriate sig alg if one exists. If the cert and
key are not supplied then we try to find a cert and key from the ones we
have available that matches the shared sig algs.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
db26ec8087 Fix test_key_exchange with no_tlsv1_2
Make sure we only test TLSv1.2 things if TLSv1.2 is actually available.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
53890ea27c Fix test_sslextension if TLSv1.2 has been disabled
A skip rule was skipping the wrong number of tests.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Matt Caswell
20946b9465 Add TLS tests for RSA-PSS Restricted certificates
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Matt Caswell
39d9ea5e50 Add Restricted PSS certificate and key
Create a PSS certificate with parameter restrictions

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Matt Caswell
9bcc9f973b Ensure RSA PSS correctly returns the right default digest
A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Vladimir Kotal
d6dda392c1 use native atomic increment function on Solaris
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9215)
2019-08-09 13:16:41 +01:00
Shane Lontis
ac5a61caf8 Add missing SIZE_MAX define for windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)
2019-08-09 21:38:42 +10:00
Bernd Edlinger
bba0d270a6 Add a CHANGES entry for BN_generate_prime_ex
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
03b9393e15 Update documentation of BN_generate_prime_ex
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
28b4880b8b Merge probable_prime_dh_safe with bn_probable_prime_dh
This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
3ce0566dab Add a parameter to probable_prime if we look for a safe prime
Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:07 +02:00