Commit graph

24031 commits

Author SHA1 Message Date
Richard Levitte
3bbec1afed Enhance and update the docs of the internal ossl_provider API
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9200)
2019-06-24 07:57:03 +02:00
Pauli
4e7991b497 Change OSSL_PARAM return size to not be a pointer.
Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9135)
2019-06-24 14:43:55 +10:00
Pauli
0ccff7a7ea Add documentation for CRYPTO_memcmp.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9225)
2019-06-24 10:19:04 +10:00
Richard Levitte
1d12afc310 crypto/trace.c: Remove unexisting categories
Reverts an inadvertent change from commit
fe26f79852

Fixes #9220

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9218)
2019-06-22 21:11:52 +02:00
Richard Levitte
fe26f79852 OSSL_TRACE: ensure it's initialised
When OSSL_TRACE functionality is called before anything else, it finds
itself uninitialised, i.e. its global lock hasn't been created yet.

Fortunately, we have an internal general setup function for the trace
functionality, that makes for a perfect spot to trigger initialisation.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9212)
2019-06-22 09:02:22 +02:00
Bernd Edlinger
f8922b5107 Handle CTRL-C as non-redoable abort signal
This is a bit annoying, if for instance "openssl genrsa -aes128"
tries to read a 4+ character size password, but CTRL-C does no longer
work after a RETURN key, since the flag UI_FLAG_REDOABLE is set by
UI_set_result_ex, together with the error "You must type in 4 to 1023 characters".
Thus remove the REDOABLE flag to allow CTRL-C to work.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9170)
2019-06-21 12:20:10 +02:00
Pauli
32ee452496 Remove OPENSSL_memcmp.
After avoiding OPENSSL_memcmp for EC curve comparison, there are no remaining
uses in the source code.  The function is only defined in an internal header
and thus should be safe to remove for 3.0.0.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9207)
2019-06-21 10:03:55 +10:00
Pauli
2d905f6715 Print thread IDs nicely.
Remove the union that effectively cast thread IDs to long integers before
display and instead print a hex dump of the entire object.

Refer #9191

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9194)
2019-06-21 08:29:44 +10:00
Richard Levitte
ba4341316c test/testutil/init.c, apps/openssl.c: add trace cleanup handle earlier
It turned out that the internal trace cleanup handler was added too
late, so it would be executed before OPENSSL_cleanup().
This results in address errors, as the trace code that's executed in
OPENSSL_cleanup() itself tries to reach for data that's been freed at
that point.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9196)
2019-06-20 18:19:06 +02:00
Frederik Wedel-Heinen
7a5f5fd32a Update test/README
Changed a bad reference: test/Makefile -> test/build.info

Add ../apps/include as include path to include opt.h used by test/testutil.h.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9154)
2019-06-20 17:16:50 +10:00
Miquel Ruiz
df9fd168ce Add SSL_shutdown to SSL_get_error's documentation
SSL_shutdown can fail if called during initialization, and in such case, it'll
add an error to the error queue. This adds SSL_shutdown to the list of functions
that should preceed the call to SSL_get_error.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/7465)
2019-06-19 15:11:36 +02:00
Rebecca Cran
1fa90bb3a9 Fix UEFI build on FreeBSD by not including system headers
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9149)
2019-06-19 14:42:40 +02:00
Matt Caswell
1ff030c0a6 Fix a doc-nits failure
We need blank lines on each side of a section heading.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9192)
2019-06-19 13:31:08 +01:00
Tomas Mraz
8b7b32921e Fix and document BIO_FLAGS_NONCLEAR_RST behavior on memory BIO
The BIO_FLAGS_NONCLEAR_RST flag behavior was not properly documented
and it also caused the length to be incorrectly set after the reset
operation.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9179)
2019-06-19 14:29:27 +02:00
Matt Caswell
a1998897f6 Add some internal documentation for some thread related functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9186)
2019-06-19 11:54:34 +01:00
Matt Caswell
6913f5fe05 Provide an ability to deregister thread stop handlers
If a provider gets unloaded then any thread stop handlers that it had
registered will be left hanging. We should clean them up before tearing
down the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9186)
2019-06-19 11:54:34 +01:00
Richard Levitte
d73458d17a Add tracing capability in test utilities
If a test program goes wrong, it's sometimes helpful to be able to
trace what goes on in libcrypto and libssl.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9191)
2019-06-19 12:43:05 +02:00
Richard Levitte
4cdb302fef Add extra error text in the property parser
With properties being specified in all kinds of places, including hard
coded in providers, it's not always easy to figure out exactly what
string was incorrect when the parser would just say something like
'parse failed' with no more details.

Adding extra data to the error, showing exactly what string is
incorrect, helps a bit.  At the very least, this gives anyone
interested something to grep for.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9190)
2019-06-19 11:25:27 +02:00
Matt Caswell
03361afb3c Don't create an OPENSSL_CTX twice
The fips provider was creating the OPENSSL_CTX twice due to a previous
merge error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9184)
2019-06-19 09:59:10 +01:00
Pauli
b720949ec0 ARIA documentation titled itself AES
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9188)
2019-06-19 10:20:49 +10:00
Rich Salz
8908d18cb1 Change ERR_add_error_[v]data to append
The "add error data" functions now append to the current error.
Add a test for this.
Cleanup some of the ERR_put functions.
In the FIPS module, always append "(in the FIPS module)" to any errors.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9181)
2019-06-18 23:21:38 +02:00
Richard Levitte
7f02a0932c crypto/modes/build.conf: Fix MODES asm mistakes
The old rule in Configure was that if the asm source had a file name
with 'ghash-' as part of the name, GHASH_ASM should be defined.  Since
none of the aarch64 asm files has such a name, that macro shouldn't
have been defined.

Fixes #9173

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9178)
2019-06-18 16:29:54 +02:00
Richard Levitte
2ce15a95da crypto/aes/build.info: Fix AES assembler specs
Two mistakes were made:

1. AES_ASM for x86 was misplaced
2. sse2 isn't applicable for x86_64 code

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9177)
2019-06-18 16:04:12 +02:00
Matt Caswell
cd0fb43cbe Following the previous 2 commits also move ecpointformats out of session
The previous 2 commits moved supported groups and ciphers out of the
session object to avoid race conditions. We now also move ecpointformats
for consistency. There does not seem to be a race condition with access
to this data since it is only ever set in a non-resumption handshake.
However, there is no reason for it to be in the session.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
2019-06-18 13:36:25 +01:00
Matt Caswell
eee2a6a718 Fix a race condition in ciphers handling
Similarly to the previous commit we were storing the peer offered list
of ciphers in the session. In practice there is no need for this
information to be avilable from one resumption to the next since this
list is specific to a particular handshake. Since the session object is
supposed to be immutable we should not be updating it once we have decided
to resume. The solution is to remove the session list out of the session
object.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
2019-06-18 13:36:25 +01:00
Matt Caswell
45436e611b Fix a race condition in supported groups handling
In TLSv1.3 the supported groups can be negotiated each time a handshake
occurs, regardless of whether we are resuming or not. We should not store
the supported groups information in the session because session objects
can be shared between multiple threads and we can end up with race
conditions. For most users this won't be seen because, by default, we
use stateless tickets in TLSv1.3 which don't get shared. However if you
use SSL_OP_NO_TICKET (to get stateful tickets in TLSv1.3) then this can
happen.

The answer is to move the supported the supported group information into
the SSL object instead.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9162)
2019-06-18 13:36:25 +01:00
Bernd Edlinger
e7a4682d0b Fix error handling at openssl_strerror_r
When bufsize == 0, openssl_strerror_r should return 0 (if _GNU_SOURCE is defined),
to be consistent with non-_GNU_SOURCE variants, which exhibit the same behavior.
Fix a few cases, where the return value of openssl_strerror_r was ignored.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9163)
2019-06-18 13:56:27 +02:00
Rebecca Cran
e24bdcde5a Swap #if blocks in uid.c so target platform gets checked before host
This avoids the case where a UEFI build on FreeBSD tries to call the system
issetugid function instead of returning 0 as it should do.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from #9158)
2019-06-18 13:07:26 +10:00
Matt Caswell
2be8c56a39 Standardise the function naming conventions in initthread.c
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Matt Caswell
ff6da65e0d Document OPENSSL_thread_stop_ex()
This new function works in the same way as OPENSSL_thread_stop() but
for a specified OPENSSL_CTX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Matt Caswell
52b18ce104 Add the function OPENSSL_thread_stop_ex()
This adds the ability to clean up a thread on a per OPENSSL_CTX basis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Matt Caswell
da747958c5 Tell the FIPS provider about thread stop events
The RAND code needs to know about threads stopping in order to cleanup
local thread data. Therefore we add a callback for libcrypto to tell
providers about such events.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Matt Caswell
e41faf5784 Provide a version of ossl_init_thread_start that works in FIPS mode
This will need to be hooked up in a later commit with an event sent to
the FIPS provider informing it of thread stop events.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 15:32:54 +01:00
Matt Caswell
72592b8664 Split thread intialisation and handling out of init.c
We're going to need some of these functions in the FIPS module, but most
of the rest of the code in init.c is not needed. Therefore we split it out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 15:32:54 +01:00
Matt Caswell
242f84d06a Convert thread stop handling into a publish/subscribe model
In later commits this will allow providers to subscribe to thread stop
events. We will need this in the FIPS module. We also make thread stop
handling OPENSSL_CTX aware (different OPENSSL_CTXs may have different
thread local data that needs cleaning up).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 15:32:54 +01:00
Matt Caswell
d4c051cef3 Add the function openssl_ctx_get_concrete()
This adds the ability to take an OPENSSL_CTX parameter and either return it
as is (unchanged), or if it is NULL return a pointer to the default ctx.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 15:32:54 +01:00
Richard Levitte
30478c9783 Configure: final cleanup of asm related things
Remove the *_asm templates in Configurations/00-base-templates.conf,
all attempts to inherit them, and the asm() perl function.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
3a561b06d9 Move padlock_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
8c0098a8de Move keccak1600_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
246b50605f Move poly1305_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
bcb7afe18a Move chacha_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
a9bb7e9270 Move modes_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
94707b0b68 Move cmll_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:53 +02:00
Richard Levitte
681c7e905d Move wp_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
6fe56d8470 Move rc5_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
2ffea44322 Move rmd160_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
6b90902faf Move rc4_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
e698cfe445 Move cast_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
edc7851a2c Move sha1_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00
Richard Levitte
792ea008af Move md5_asm_src file information to build.info files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)
2019-06-17 16:08:52 +02:00