Commit graph

10786 commits

Author SHA1 Message Date
Richard Levitte
2e5db6ad84 Move CMAC to providers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
55a0a117e7 Move BLAKE2 MACs to the providers
This also moves the remaining parts of BLAKE2 digests to the default
provider, and removes the legacy EVP implementation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Richard Levitte
e74bd29053 Prepare EVP_MAC infrastructure for moving all MACs to providers
Quite a few adaptations are needed, most prominently the added code
to allow provider based MACs.

As part of this, all the old information functions are gone, except
for EVP_MAC_name().  Some of them will reappear later, for example
EVP_MAC_do_all() in some form.

MACs by EVP_PKEY was particularly difficult to deal with, as they
need to allocate and deallocate EVP_MAC_CTXs "under the hood", and
thereby implicitly fetch the corresponding EVP_MAC.  This means that
EVP_MACs can't be constant in a EVP_MAC_CTX, as their reference count
may need to be incremented and decremented as part of the allocation
or deallocation of the EVP_MAC_CTX.  It may be that other provider
based EVP operation types may need to be handled in a similar manner.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
2019-08-15 22:12:25 +02:00
Patrick Steuer
58c35587ea s390x assembly pack: accelerate ECDSA
for NIST P-256, P-384 and P-521 using KDSA instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
9bf682f62b Enable curve-spefific ECDSA implementations via EC_METHOD
which are already enabled for ECDH.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
1461e66706 s390x assembly pack: accelerate scalar multiplication
for NIST P-256, P-384 and P-521 using PCC instruction.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Patrick Steuer
9baa4d5f4c s390xcpuid.pl: fix comment
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9348)
2019-08-15 16:27:38 +02:00
Omid Najafi
2a17758940 Fix syntax error for the armv4 assembler
The error was from the alignment syntax of the code.
More details:
https://stackoverflow.com/questions/57316823/arm-assembly-syntax-in-vst-vld-commands?noredirect=1#comment101133590_57316823

CLA: trivial

Fixes: #9518

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9518)
2019-08-15 14:22:16 +02:00
Richard Levitte
dca97d0062 Rename provider and core get_param_types functions
It was argued that names like SOMETHING_set_param_types were confusing,
and a rename has been proposed to SOMETHING_settable_params, and by
consequence, SOMETHING_get_param_types is renamed
SOMETHING_gettable_params.

This changes implements this change for the dispatched provider and
core functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9591)
2019-08-15 11:58:25 +02:00
Richard Levitte
9f643f5423 crypto/engine/eng_openssl.c: define TEST_ENG_OPENSSL_RC4_P_INIT conditionally
When OpenSSL is configured with 'no-stdio', TEST_ENG_OPENSSL_RC4_P_INIT
shouldn't be defined, as that test uses stdio.

Fixes #9597

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9598)
2019-08-15 11:22:34 +02:00
Richard Levitte
ae3ff60e7b Add missing EVP param utility functions
These functions were missing for a completes API:

EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPHER_CTX_get_params

Additionally, we also add all the corresponding parameter descriptor
returning functions, along the correspoding provider dispatches:

EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(),
EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
2019-08-15 10:49:56 +02:00
Pauli
aee6e29f0e Access data after obtaining the lock not before.
It isn't completely clear that this constitutes a race condition, but it will
always be conservative to access the locked data after getting the lock.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9579)
2019-08-12 21:37:55 +10:00
opensslonzos-github
48102247ff Add missing EBCDIC strings
Fix a few places where calling ossl_isdigit does the wrong thing on
EBCDIC based systems.
Replaced with ascii_isdigit.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9556)
2019-08-14 10:41:41 +01:00
Tomas Mraz
91cb81d40a BIO_lookup_ex: Do not retry on EAI_MEMORY
We should not retry on EAI_MEMORY as that error is most probably
fatal and not depending on AI_ADDRCONFIG hint.

Also report the error from the first call if the second call fails
as that one would be most probably the more interesting one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
2019-08-13 11:40:55 +02:00
Tomas Mraz
7f616a00e9 BIO_lookup_ex: Always retry the lookup on failure with AI_NUMERICHOST set
Do not try to discern the error return value on
getaddrinfo() failure but when retrying set the AI_NUMERICHOST
to avoid DNS lookups.

Fixes: #9053

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9535)
2019-08-13 11:40:55 +02:00
Richard Levitte
5acb2be58b HMAC: use EVP_MD_flags(), not EVP_MD_meth_get_flags()
The latter should only be ussed with legacy methods.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
6a3b7c6887 Adapt diverse EVP_MD functions to use get_params and set_params interfaces
Also clean up EVP_MD_CTX_ctrl(), which did use these interfaces, but
development since allows for more elegant code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
2893111fc6 Make more use of OSSL_PARAM for digests
A lot of the different numbers associated with digests are really
algorithm parameters.  block size, digest length, that sort of
thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)
2019-08-12 13:35:18 +02:00
Richard Levitte
246a1f3dfa Add OSSL_PARAM_construct_from_text() and OSSL_PARAM_allocate_from_text()
These are utility functions that can be used to replace calls to
ctrl_str type functions with get_params / set_params types of calls.
They work by translating text values to something more suitable for
OSSL_PARAM, and by interpretting parameter keys in a compatible
fashion.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Richard Levitte
82bd7c2cbd Add OPENSSL_hexstr2buf_ex() and OPENSSL_buf2hexstr_ex()
They do the same thing as OPENSSL_hexstr2buf() and OPENSSL_buf2hexstr(),
except they take a result buffer from the caller.

We take the opportunity to break out the documentation of the hex to /
from buffer conversion routines from the OPENSSL_malloc() file to its
own file.  These routines aren't memory allocation routines per se.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9303)
2019-08-12 12:50:41 +02:00
Shane Lontis
c04a9916d4 Fix windows compile errors in params.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9569)
2019-08-12 14:07:41 +10:00
Matt Caswell
9bcc9f973b Ensure RSA PSS correctly returns the right default digest
A default digest of SHA256 was being returned for RSA PSS even if the
PSS parameters indicated a different digest must be used. We change this
so that the correct default digest is returned and additionally mark this
as mandatory for PSS.

This bug had an impact on sig alg selection in libssl. Due to this issue
an incorrect sig alg might be selected in the event that a server is
configured with an RSA-PSS cert with parameter restrictions.

Fixes #9545

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9553)
2019-08-09 13:19:16 +01:00
Vladimir Kotal
d6dda392c1 use native atomic increment function on Solaris
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9215)
2019-08-09 13:16:41 +01:00
Shane Lontis
ac5a61caf8 Add missing SIZE_MAX define for windows
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9559)
2019-08-09 21:38:42 +10:00
Bernd Edlinger
28b4880b8b Merge probable_prime_dh_safe with bn_probable_prime_dh
This should avoid half of the trial divisions in probable_prime_dh_safe
and avoid bn_probable_prime_dh generating primes with special properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:08 +02:00
Bernd Edlinger
3ce0566dab Add a parameter to probable_prime if we look for a safe prime
Currently probable_prime makes sure that p-1 does not have
any prime factors from 3..17863, which is useful for safe primes,
but not necessarily for the general case.

Issue was initially reported here:
MIRONOV, I. Factoring RSA Moduli II.
https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
2019-08-09 11:41:07 +02:00
raja-ashok
c8edb04fac Restrict usage of bio_dgram_sctp_data only to DGRAM SCTP methods
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9216)
2019-08-09 09:36:54 +01:00
Vladimir Kotal
861335001b make ecp_nistz256_point_add_vis3() local
fixes #8936

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9132)
2019-08-09 09:11:07 +01:00
Matt Caswell
5c5cdcd815 Avoid holding a lock when calling OPENSSL_init_crypto
We move an OPENSSL_init_crypto call slightly earlier in the process to
avoid calling it while holding the store lock. This can lead to deadlocks.

Fixes the no-engine build.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9547)
2019-08-08 10:11:16 +01:00
Shane Lontis
7dddf2fcc5 Change EVP_CIPHER_CTX_iv_length() to return current ivlen for some modes
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9542)
2019-08-08 13:14:05 +10:00
Matt Caswell
a6482df03a Fix enable-ec_nistp_64_gcc_128
When creating a BN_CTX, make sure we store it in the right variable!

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9546)
2019-08-07 15:50:55 +01:00
Matt Caswell
7f612b1f04 Don't set ctx->cipher until after a successful fetch
If an implict EVP_CIPHER_fetch fails then ctx->cipher should not be set
otherwise strange things will happen when trying to free the ctx.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9531)
2019-08-07 11:40:32 +01:00
Matt Caswell
a9612d6c03 Make the EC code available from inside the FIPS provider
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9380)
2019-08-06 11:19:07 +01:00
David von Oheimb
decdb980de Fix deprecation inconsisteny w.r.t. CRYPTO_mem_debug_{push,pop}()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9483)
2019-08-04 13:15:30 +02:00
Rich Salz
ff988500c2 Replace FUNCerr with ERR_raise_data
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9496)
2019-08-02 11:41:54 +02:00
Pauli
823ee00a39 Use NULL as parameter when pointer can only be NULL.
Code clarification.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9514)
2019-08-02 11:56:46 +10:00
Dr. Matthias St. Pierre
afdec13dd9 Add missing accessors for X509 AuthorityKeyIdentifier
Complements commit b383aa2081, which added X509_get0_authority_key_id().

 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);      [NEW]
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);       [NEW]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9493)
2019-08-01 11:32:12 +02:00
Matt Caswell
29dc6e00f2 Load the config file by default
Previously we only loaded the config file by default for libssl. Now we do
it for libcrypto too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
2019-08-01 09:59:20 +01:00
Pauli
e2e5abe47a Prevent an infinite recursion when the query cache is flushed.
The problem being that the "requires flush" flag was being cleared after the
the flush.  The fix is to clear it before.  This is a problem because the
cache flushing called RAND_bytes and if the DRBG hadn't been created yet, it
would be queried and added to the cache causing the flush code to repeat.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
2019-08-01 15:41:30 +10:00
Pauli
f06cf3c414 The query cache has been updated to not depend on RAND_bytes being available.
The alternative is to use a fast and small xorshift
random number generator.  The stochastic flushing doesn't require good
random numbers, just enough variety to avoid causing problems.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
2019-08-01 15:41:30 +10:00
joe2018Outlookcom
0c789f59f1 Fix warning C4164 in MSVC.
Fix: crypto\whrlpool\wp_block.c(90) : warning C4164: '_rotl64' : intrinsic function not declared.
Fixes #9487

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9488)
2019-07-31 17:25:33 +01:00
David von Oheimb
7408f6759f make RSA and DSA operations throw MISSING_PRIVATE_KEY if needed, adapt ECDSA
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9466)
2019-07-31 16:56:22 +03:00
Shane Lontis
a672a02a64 Add gcm ciphers (aes and aria) to providers.
The code has been modularized so that it can be shared by algorithms.

A fixed size IV is now used instead of being allocated.
The IV is not set into the low level struct now until the update (it uses an
iv_state for this purpose).

Hardware specific methods have been added to a PROV_GCM_HW object.

The S390 code has been changed to just contain methods that can be accessed in
a modular way. There are equivalent generic methods also for the other
platforms.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/9231)
2019-07-31 21:55:16 +10:00
Richard Levitte
189dbdd994 ERR: fix err_data_size inconsistencies
In ERR_add_error_vdata(), the size of err_data had 1 added to it in
some spots, which could lead to buffer overflow.

In ERR_vset_error(), ERR_MAX_DATA_SIZE was used instead of buf_size in
the BIO_vsnprintf() call, which would lead to a buffer overflow if
such a large buffer couldn't be allocated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9491)
2019-07-31 13:22:13 +02:00
Shane Lontis
faa9dcd4d4 Rename X509_STORE ptr stored in opaque struct X509_STORE_CTX
Change name from 'ctx' to 'store' to remove ctx->ctx from code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9405)
2019-07-31 20:56:34 +10:00
Shane Lontis
e870791a4d Add evp_util macros
Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9464)
2019-07-31 20:34:26 +10:00
FdaSilvaYY
8c00f267b8 CAdES : lowercase name for now internal methods.
CAdES : rework CAdES signing API.
Make it private, as it is unused outside library bounds.
Fix varous doc-nits.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
2019-07-31 19:14:12 +10:00
Richard Levitte
49c6434673 Refactor provider support for reporting errors
The core now supplies its own versions of ERR_new(), ERR_set_debug()
and ERR_vset_error().  This should suffice for a provider to have any
OpenSSL compatible functionlity it desires.

The main difference between the ERR functions and the core
counterparts is that the core counterparts take an OSSL_PROVIDER
parameter instead of the library number.  That way, providers do not
need to know what number they have been assigned, that information
stays in the core.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
2019-07-31 06:45:04 +02:00
Richard Levitte
add8c8e964 ERR: Remove ERR_put_func_error() and reimplement ERR_put_error() as a macro
Also, deprecate ERR_put_error()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
2019-07-31 06:44:45 +02:00
Richard Levitte
7c0e20dc6f ERR: Add new building blocks for reporting errors
The new building block are ERR_new(), ERR_set_debug(),
ERR_set_error(), ERR_vset_error(), which allocate a new error record
and set the diverse data in them.  They are designed in such a way
that it's reasonably easy to create macros that use all of them but
then rely completely on the function signature of ERR_set_error() or
ERR_vset_error().

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
2019-07-31 06:42:45 +02:00